P
Peakhour

Privacy Policy

Last updated: June 1, 2026

1. Introduction

This Privacy Policy explains how Celebrities Management Private Limited ("Peakhour", "we", "us", or "our") — the company that operates the Peakhour platform at peakhour.ai, an AI-powered marketing automation service (the "Service") — collects, uses, discloses, and safeguards your information when you use our website and services.

Peakhour is a product of Celebrities Management Private Limited, registered office at 5th Floor, Tech Web Centre, Link Road, Oshiwara, Mumbai 400102, Maharashtra, India. For the EU/UK General Data Protection Regulation ("GDPR"), Celebrities Management Private Limitedis the data "controller"; under India's Digital Personal Data Protection Act, 2023 ("DPDP Act"), it is the "Data Fiduciary" that determines the purpose and means of processing your personal data.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, and password when you register for an account.
  • Organization information: business name, website URL, industry type, and business details provided during onboarding.
  • Payment information: billing details processed through our third-party payment processor (Stripe). We do not store full credit card numbers.
  • Content: newsletters, articles, and other content you upload or sync from connected platforms for AI analysis.

2.2 Information from Third-Party Platforms

When you connect a third-party account, you authorize that platform — through its OAuth consent screen — to share specific data with us. We request only the permissions ("scopes") needed to provide the features you enable, and we process that data solely to deliver the Service to you (see Section 12, "Third-Party Platform Data & Developer-Program Compliance"). Depending on the integrations you connect, we may receive:

  • Meta (Facebook, Instagram, Ads & WhatsApp Business):your public profile and email; the Facebook Pages and Instagram Business accounts you manage, their content and engagement/insights metrics; ad accounts, campaigns and performance data; and, where you connect WhatsApp Business, your WhatsApp Business Account(s), phone numbers, message templates and messaging metadata — each only as authorized through Meta's OAuth and subject to the Meta Platform Terms and Developer Policies.
  • X (formerly Twitter): basic profile information and the posts, engagement metrics and advertising data you authorize, subject to the X Developer Agreement and Policy.
  • LinkedIn: basic profile information, organization/company page information, ad account details, campaign performance metrics, and lead generation form responses, as authorized through OAuth and subject to the LinkedIn API Terms of Use.
  • Google: where you connect Google services (e.g., analytics or business profiles), the account, profile and metrics data you authorize, handled in accordance with the Google API Services User Data Policy, including its Limited Use requirements.
  • Beehiiv and other publishing tools: newsletter content, subscriber metrics, and publication details via API integration.

2.3 Automatically Collected Information

  • Usage data: pages visited, features used, and actions taken within the Service.
  • Device information: browser type, operating system, and device identifiers.
  • Cookies: we use essential cookies for authentication and session management. See Section 7 for details.

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service.
  • Process your content through AI models to generate tags, ad creatives, and marketing recommendations.
  • Manage your advertising campaigns on connected platforms.
  • Monitor campaign performance and apply automated optimization rules.
  • Send transactional emails (account verification, password resets, billing receipts).
  • Respond to your requests and provide customer support.
  • Detect, prevent, and address fraud, abuse, or technical issues.
  • Comply with legal obligations.

4. AI Processing

Our Service uses artificial intelligence — including our proprietary AI/ML models and third-party AI providers — to analyze your content, generate ad creatives, and optimize campaigns. When processing your content through AI:

  • Content may be processed by our proprietary models and/or third-party AI providers solely for the purpose of delivering the Service to you.
  • Where third-party AI providers are used, we select providers that do not train their models on customer data submitted through their API.
  • AI-generated outputs (tags, creatives, recommendations) are stored in your account.
  • You retain ownership of your original content and AI-generated outputs.

4.1 How Anonymized Data Improves the Platform for Everyone

Peakhour gets smarter over time. As more campaigns run across the platform, our AI learns which ad angles perform best for different industries, which headlines drive higher engagement, and which optimization patterns deliver the best results. This means every user benefits from the collective intelligence of the platform — better ad scoring, smarter creative suggestions, and more accurate performance predictions from day one.

To make this possible, we use aggregated, anonymized, and de-identified data to train and improve our proprietary models. Here is exactly what that means and what protections are in place:

  • All PII is permanently removed. Before any data enters our training pipeline, all personally identifiable information — including names, email addresses, account identifiers, organization names, and any other data that could identify an individual or business — is irreversibly stripped.
  • Data is aggregated across the platform.We work with patterns and trends across many accounts, not individual content. For example, we may learn that "question-based headlines outperform statement headlines in B2B SaaS ads" — but we never know which specific account that insight came from.
  • No reverse-engineering is possible. The anonymization process is one-way. The resulting dataset cannot be used to recover original content, identify its source, or link it back to any user or organization.
  • Your content is never shared. Raw customer content, PII, or organization-identifiable data is never used to train any model. Your individual content is never shown to other customers, used in outputs for other accounts, or made publicly available.

4.2 Plan Tiers and Data Processing

How your data is processed depends on your chosen plan tier. We offer three tiers, each with different data handling and AI model access:

Community

Community plans are offered at the lowest price point. By choosing a Community plan, you agree that your anonymized, de-identified usage patterns will be included in aggregate training data for the shared platform model. This is what enables Community pricing — your participation directly improves the platform for everyone. Data contribution is a condition of Community pricing and cannot be disabled while on a Community plan. You receive access to the shared platform model, which benefits from the collective intelligence of all Community users.

Professional

Professional plans are offered at standard pricing and exclude data contribution entirely. Your anonymized usage patterns will not be included in any aggregate training data. You still receive access to the shared platform model (trained on Community tier data), but your own data remains completely private.

Enterprise

Enterprise plans provide the highest level of data privacy and AI customization. Your data does not contribute to the shared model. In addition, you receive a dedicated private AI model that is trained exclusively on your organization's own data. This private model learns your specific industry patterns, audience behaviors, brand voice, and campaign performance over time — delivering increasingly personalized and accurate results. Your private model data is fully isolated and never mixed with data from other organizations or the shared platform model.

Free Trial

Free trial accounts include data contribution as a condition of the trial. By activating a free trial, you agree that your anonymized, de-identified usage patterns will be included in aggregate training data during the trial period. This allows us to offer the trial at no cost while improving the platform for all users. Trial accounts are subject to usage limits as described on our pricing page. At the end of your trial, you may choose any paid plan tier.

You can upgrade or change your plan at any time from your account settings. Plan changes take effect at your next billing cycle. If you switch from Community or a free trial to Professional or Enterprise, data contribution ceases at the plan change date; previously contributed anonymized data remains part of the aggregate dataset as it cannot be individually identified or extracted. If you downgrade from Enterprise, your private model is decommissioned at the end of your billing cycle.

5. How We Share Your Information

We do not sell your personal information. We share information only as follows:

  • Service providers (sub-processors): vetted third-party vendors that help us operate the Service — including cloud hosting, database and object storage, AI/ML model providers, payment processing (Stripe), and transactional email delivery. These providers act on our instructions under written contracts (including data-processing terms and, where applicable, Standard Contractual Clauses) that require them to protect your data and use it only to provide their service to us. A current list of material sub-processors is available on request from privacy@peakhour.ai.
  • Connected platforms: when you authorize us to publish content or manage campaigns, we share the content, ad creatives, targeting and configuration data necessary to carry out your instructions with the platforms you connect (e.g., Meta, X, LinkedIn, Google). We share with each platform only what is needed to perform the action you requested.
  • Legal requirements: when required by law, regulation, legal process, or governmental request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is subject to a different privacy policy.

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest.
  • Secure token storage for third-party platform credentials.
  • Role-based access controls and multi-tenant data isolation.
  • Regular security reviews and monitoring.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Cookies

We use the following types of cookies:

  • Essential cookies: required for authentication and session management. These are httpOnly cookies that cannot be accessed by JavaScript.
  • OAuth state cookies: short-lived cookies used during third-party platform authorization flows (e.g., LinkedIn OAuth).

We do not use advertising or tracking cookies. You can configure your browser to block cookies, but this may prevent you from using the Service. For full details of the cookies we set and their purposes, see our Cookie Policy.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Upon account deletion:

  • Personal information is deleted within 30 days.
  • Content and AI-generated data are deleted within 30 days.
  • Third-party platform tokens are revoked and deleted immediately.
  • Aggregated, anonymized data may be retained for analytics and service improvement.
  • Data required for legal compliance may be retained for the legally required period.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate or incomplete data.
  • Deletion: request deletion of your personal data.
  • Portability: request your data in a structured, machine-readable format.
  • Objection: object to processing of your data for specific purposes.
  • Withdrawal of consent: withdraw consent for data processing where consent is the legal basis.

To exercise any of these rights, contact us at privacy@peakhour.ai. We will respond within 30 days.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where required.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

12. Third-Party Platform Data & Developer-Program Compliance

Where the Service accesses data through a third-party platform's API ("Platform Data"), we comply with that platform's developer terms and policies. As a general rule, we use Platform Data only to provide and improve the features you have enabled, we do not sell or rent Platform Data, we do not use it for our own advertising or to build independent user profiles, we retain it only for as long as needed to deliver the Service, and we delete it when you disconnect the integration, close your account, or ask us to.

12.1 Meta Platform (Facebook, Instagram, Ads, WhatsApp)

Our use and transfer of information received from Meta APIs adheres to the Meta Platform Terms and Developer Policies. Meta Platform Data is used solely to provide the publishing, analytics, advertising and WhatsApp Business features you enable; it is never sold, and it is not used for any purpose other than delivering those features to you. You may revoke our access at any time from your Meta account settings, and you may request deletion of data we hold via our Data Deletion page.

12.2 Google

Where you connect Google services, our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We do not transfer or use Google user data for serving advertisements, we do not sell it, and we do not allow humans to read it except as expressly permitted (e.g., with your consent, for security, or to comply with law).

12.3 X (formerly Twitter)

Our access to and use of X content and data complies with the X Developer Agreement and Policy. We use X data only to provide the features you enable and cease using, and delete, such data when you revoke access or as required by X.

12.4 LinkedIn

Our use of LinkedIn data complies with the LinkedIn API Terms of Use and is limited to the authorized purposes for which you connected your LinkedIn account.

12.5 Microsoft and other providers

Where you connect Microsoft or other third-party services, we comply with the applicable provider's API terms and use the data only to deliver the features you have enabled.

12.6 Revoking access

You can disconnect any integration at any time from your account settings or from the relevant platform's app/connected-apps settings. On disconnection we revoke the stored access tokens and stop accessing that platform's data.

13. Legal Bases for Processing (EEA / UK)

If you are in the European Economic Area or the United Kingdom, we process your personal data on one or more of the following legal bases under the GDPR:

  • Performance of a contract (Art. 6(1)(b)) — to create and operate your account and provide the Service you request.
  • Legitimate interests (Art. 6(1)(f)) — to secure, maintain, analyze and improve the Service, prevent fraud and abuse, and communicate with you about the Service, balanced against your rights and freedoms.
  • Consent (Art. 6(1)(a)) — where we rely on your consent (for example, certain optional integrations or communications); you may withdraw it at any time without affecting prior processing.
  • Legal obligation (Art. 6(1)(c)) — to comply with applicable law, tax and accounting requirements, and lawful requests.

14. Region-Specific Privacy Rights

14.1 European Economic Area & United Kingdom (GDPR)

In addition to the rights in Section 9, you have the right to lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office). Where processing is based on consent or contract and is carried out by automated means, you also have the right to data portability.

14.2 California (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect and how we use and disclose it, to request access and deletion, to correct inaccurate information, and to be free from discrimination for exercising these rights. You may use an authorized agent to submit requests.

We do not "sell" or "share" your personal information as those terms are defined under the CCPA/CPRA, and we have not done so in the preceding twelve months.

14.3 India (DPDP Act, 2023)

If you are in India, you have the right to access a summary of your personal data and our processing, to correction and erasure of your data, to nominate another person to exercise your rights in the event of death or incapacity, and to readily-available grievance redressal (see Section 15). Where we process your data on the basis of consent, you may withdraw that consent at any time with effect going forward. If you remain dissatisfied after contacting our Grievance Officer, you may approach the Data Protection Board of India.

15. Grievance Redressal (India)

In accordance with the DPDP Act, 2023 and applicable Information Technology rules, Celebrities Management Private Limited has appointed a Grievance Officer to address questions or complaints about this Privacy Policy and the processing of your personal data:

Grievance Officer, Celebrities Management Private Limited
5th Floor, Tech Web Centre, Link Road, Oshiwara, Mumbai 400102, Maharashtra, India
Email: grievance@peakhour.ai

We will acknowledge grievances promptly and aim to resolve them within the timeframes required by applicable law.

16. Governing Law & Jurisdiction

This Privacy Policy and any dispute arising out of or relating to it or the processing of your personal data are governed by the laws of India, and the courts at Mumbai, Maharashtra shall have exclusive jurisdiction, without prejudice to any mandatory data-protection or consumer rights available to you under the laws of your country of residence.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

18. Contact Us

If you have questions about this Privacy Policy or our data practices, contact:

Celebrities Management Private Limited
5th Floor, Tech Web Centre, Link Road, Oshiwara, Mumbai 400102, Maharashtra, India
Privacy: privacy@peakhour.ai
Grievance Officer (India): grievance@peakhour.ai