Last Updated: February 6, 2026
PeekPak ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our AI-powered YouTube thumbnail generation platform (the "Service").
This Privacy Policy should be read in conjunction with our Terms of Service. By accessing or using the Service, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal information as described in this Privacy Policy.
We are currently registered as an auto-entreprise in France and comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. Our servers and infrastructure are hosted in the United States. This means that your personal data will be transferred to and processed in the United States, which may have different data protection standards than the European Economic Area. We have implemented appropriate safeguards to protect your data during such transfers, as described in detail in Section 6 of this Privacy Policy.
If we transition to a different legal structure or jurisdiction in the future, we will update this Privacy Policy accordingly and notify you of any material changes.
Account Information: When you create an account, we collect:
Payment Information: When you subscribe to our Service or purchase credit top-ups, payment information is collected and processed by our third-party payment processor, Stripe. We do not store complete credit card numbers on our servers. We may receive limited payment information from Stripe, such as the last four digits of your card, card type, expiration date, and billing address.
Communications: If you contact us for support, feedback, or inquiries, we collect the information you provide in your communications, including your email address, name, and the content of your messages.
Profile Information: Any optional information you choose to add to your profile, such as a profile picture, bio, or social media links.
User Content: We collect and process the images you upload, modify, or generate using our Service, including:
Usage Data: We automatically collect information about how you interact with the Service:
Technical Data: We collect technical information about your device and connection:
We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities and to improve your experience. The types of cookies we use include:
Essential Cookies: Necessary for the operation of the Service, including authentication and security features.
Analytics Cookies: Help us understand how users interact with the Service, which features are most popular, and where improvements are needed.
Preference Cookies: Remember your settings and preferences to provide a personalized experience.
Marketing Cookies: May be used to track your activity across websites to deliver relevant advertising (only with your consent where required by law).
You can control cookie settings through your browser preferences, but disabling certain cookies may limit your ability to use some features of the Service.
We use the information we collect for the following purposes:
We use User Content (images you upload and generate) in aggregated and anonymized form to train and improve our proprietary AI models. This helps us enhance the quality, accuracy, and capabilities of our image generation technology.
We take steps to ensure that any data used for model training is processed in a way that protects your privacy:
You grant us the right to use your User Content for these purposes as described in our Terms of Service. If you do not wish your content to be used for model training, please do not use the Service.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:
Contract Performance: Processing is necessary to perform our contract with you (i.e., to provide the Service you have subscribed to).
Legitimate Interests: We process data based on our legitimate interests in operating, improving, and securing the Service, provided these interests are not overridden by your data protection rights.
Consent: Where required by law, we obtain your explicit consent before processing certain types of data, such as for marketing communications or non-essential cookies. You may withdraw consent at any time.
Legal Obligation: We may process data to comply with legal requirements, such as tax obligations or responding to legal requests.
We do not sell, rent, or trade your personal information to third parties. However, we may share your information in the following circumstances:
We share information with trusted third-party service providers who perform services on our behalf:
Stripe: Our payment processor receives your payment information to process subscription payments and credit purchases. Stripe's use of your information is governed by their Privacy Policy.
Kie.ai: We use Kie.ai's infrastructure to host certain AI models (image modification and face swap). Images you process using these features are transmitted to Kie.ai's servers for processing. Kie.ai's use of your data is subject to their terms and privacy policy.
Modal: We use Modal to host our proprietary AI image generation models. Images and prompts are processed on Modal's infrastructure.
Cloud Hosting Providers: We use cloud infrastructure providers to host our application, databases, and backups.
Email Service Providers: We use third-party services to send transactional and promotional emails.
Analytics Services: We may use analytics tools (such as Google Analytics) to understand how users interact with the Service.
These service providers are contractually obligated to protect your information and use it only for the purposes for which it was shared. However, we do not control these third parties and are not responsible for their data handling practices.
If PeekPak is involved in a merger, acquisition, asset sale, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your personal information.
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government agency), or to:
We may share your information for any other purpose with your explicit consent.
PeekPak is registered as an auto-entreprise in France and is subject to the General Data Protection Regulation (GDPR) and French data protection laws. However, our servers and primary infrastructure are hosted in the United States.
This means that your personal data, including account information, usage data, and User Content (images you upload or generate), will be transferred to and stored on servers located in the United States. Additionally, some of our third-party service providers (such as Kie.ai and Modal for AI model hosting, and Stripe for payment processing) may also process your data in the United States or other jurisdictions outside the European Economic Area (EEA).
By using the Service, you acknowledge and expressly consent to the transfer of your personal data to the United States and other countries that may have different data protection standards than your country of residence. If you do not consent to such transfers, you should not use the Service.
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Account Information: Retained for the duration of your account's existence and for a reasonable period afterward (typically 30 days) to handle account reactivation requests, unless you request deletion.
User Content: Images you upload or generate are retained as long as your account is active. You may delete individual images at any time through the Service. Upon account termination, we may retain images for up to 30 days before permanent deletion, unless they have been anonymized for model training purposes.
Payment Information: Transaction records are retained for accounting, tax, and legal compliance purposes for a period of up to 10 years as required by applicable law.
Usage and Technical Data: Typically retained for up to 24 months for analytics and service improvement purposes, after which it may be aggregated and anonymized.
Anonymized Data: Data that has been fully anonymized and cannot be linked back to you may be retained indefinitely for research, analytics, and model training.
Depending on your location, you may have certain rights regarding your personal information:
If you are located in the EEA, UK, or Switzerland, you have the following rights:
Right to Access: You can request a copy of the personal information we hold about you.
Right to Rectification: You can request that we correct inaccurate or incomplete personal information.
Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
Right to Restriction of Processing: You can request that we limit the processing of your personal information in certain situations.
Right to Data Portability: You can request to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
Right to Object: You can object to our processing of your personal information based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time.
Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection authority in your country of residence, place of work, or where an alleged infringement occurred.
To exercise any of these rights, please contact us at the email address provided in the Contact Information section below. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.
You can access, update, or delete certain account information directly through your account settings on the Service.
You can opt out of promotional emails by clicking the "unsubscribe" link in any marketing email we send you. Please note that even if you opt out of marketing communications, we will still send you service-related emails (such as payment confirmations or security alerts).
You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, disabling cookies may affect the functionality of the Service.
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
Encryption: Sensitive data (including passwords and payment information) is encrypted both in transit (using SSL/TLS) and at rest.
Access Controls: Access to personal information is restricted to employees, contractors, and service providers who need it to perform their duties. All such individuals are subject to confidentiality obligations.
Regular Security Audits: We regularly review and update our security practices to address emerging threats.
Monitoring: We monitor our systems for suspicious activity and potential security breaches.
Incident Response: We have procedures in place to respond to and notify relevant authorities and affected individuals of data breaches as required by law. Under GDPR, we will notify the relevant supervisory authority within 72 hours of becoming aware of a breach where feasible.
US-Based Infrastructure: Please note that our servers are located in the United States. While we implement robust security measures, data stored in the US may be subject to access by US government authorities under certain circumstances (such as national security requests). We limit such access to what is legally required and notify affected users where legally permitted.
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity under your account.
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.
The Service may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices of third parties, and we encourage you to review the privacy policies of any third-party services you access.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will:
Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):
Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you in the past 12 months.
Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
Right to Opt-Out of Sale: We do not sell your personal information. If our practices change in the future, we will update this Privacy Policy and provide you with the right to opt out.
Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights.
To exercise these rights, please contact us using the information provided below. We will verify your identity before processing your request.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: peekpak.app@gmail.com
Address: PeekPak, 3 bis impasse barnabé, 34000 Montpellier, FRANCE
We will respond to all legitimate requests within 30 days (or as required by applicable law). We may need to verify your identity before processing your request for security purposes.
By using the PeekPak Service, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.