A quick summary

This short summary is here to help you understand the main points of this Privacy Policy. It does not replace the full Privacy Policy below, which explains in more detail what data we process, why we process it, which service providers we use, and what choices and rights you have.

Peaks uses Apple HealthKit data you choose to share and health-related data you enter to generate circadian rhythm, sleep, recovery, and related insights. This processing happens mainly on your device. Depending on your settings, some app data and derived data may also sync through Apple’s private CloudKit/iCloud infrastructure. We do not store your HealthKit data, sleep data, or circadian calculations on our own servers.

We do keep a limited amount of server-side data for things like authentication, security, account continuity, and referrals. This does not include your HealthKit data, sleep data, or circadian calculations.

When Product Insights is enabled, we use Mixpanel to understand how Peaks is used and to improve the app. This can include app activity, onboarding and experiment context, subscription and paywall context, and feedback text you choose to send through supported in-app feedback flows. Outside Europe, this may use a pseudonymous internal identifier so we can avoid double-counting across devices. In Europe, we do not assign a Peaks account identifier to Product Insights.

Outside Europe, when Ad Attribution is enabled, we use AppsFlyer to measure campaign attribution and conversion performance. In Europe, AppsFlyer is disabled.

If you contact us, sign up for email updates, or buy a subscription, we also process the data needed for those things. Apple handles App Store payments, so we do not receive your full payment card details.

You can control Product Insights and Ad Attribution in the app, unsubscribe from emails at any time, and contact us if you want to request deletion of server-side data we control. Deleting the app from your device does not automatically delete server-side data.

Vogelhaus Apps GmbH ("Vogelhaus", "we", "us", or "our") operates Peaks ("Peaks" or the "app"). Peaks offers a free basic service and may also offer paid subscriptions and one-time purchases for additional features.

This Privacy Policy explains what personal data Peaks processes, why we process it, which service providers we use, and what choices and rights you have.

Controller

Vogelhaus Apps GmbH is the controller for the processing described in this Privacy Policy.

For privacy questions or requests, contact Florian Schulte at florian@vogel.haus.

Data we process

Health-related data

Peaks can access data from Apple HealthKit if you choose to grant that permission. Peaks can also process health-related data you enter manually. Peaks uses this data to calculate circadian rhythm, sleep, recovery, and related insights.

This processing happens primarily on your device. Depending on your settings, certain app data and derived data may also sync through Apple’s private CloudKit/iCloud infrastructure associated with your account. We do not store your HealthKit data, sleep data, circadian calculations, or similar health-related data on our own servers.

Server-side account and security data

We store a limited amount of server-side data through Supabase to support authentication, account continuity, referrals, and security. This can include an internal account or device identifier, a CloudKit-linked record identifier or similar technical identifier, authentication timestamps, device verification and App Attest-related data, an internal technical account handle that may take an email-like format, an internal user ID, and referral codes or referral records if you use referral features.

This server-side data does not include your HealthKit data, sleep data, or circadian calculations. We do not ask for or receive your real Apple ID email address for account creation.

Product Insights

When Product Insights is enabled, Peaks sends product analytics data to Mixpanel so we can understand feature usage, onboarding, screen flows, experiments, paywall performance, purchase flows, subscription state, and general app activity.

This can include app and device context, onboarding context, experiment assignments, entitlement and renewal status, paywall context, product IDs, storefront, price and currency context, offer metadata, and free-text feedback content you choose to submit through supported in-app feedback flows.

For users outside Europe, Peaks may use a pseudonymous internal identifier for Product Insights so events from your devices can be associated with the same Peaks account and not double-counted. This identifier is not your real name or email address.

For users in Europe, Peaks does not assign a Peaks account identifier to Product Insights.

Ad Attribution

Outside Europe, when Ad Attribution is enabled, Peaks uses AppsFlyer to measure campaign attribution and conversion performance. This can include attribution and conversion-related app data such as entry-point context, paywall context, product context, and trial or purchase context.

For users in Europe, Peaks disables AppsFlyer.

Feedback and support

If you submit in-app feedback, a feature request, or an issue report, we may process the content of that submission, including any information you choose to include, to review the issue, improve Peaks, and respond where applicable.

If you contact us by email, we process your email address, message, attachments, and related metadata.

Newsletter and email updates

If you sign up for our newsletter or email updates, we process your email address and related signup metadata, such as which app or form the signup came from.

Purchases and subscriptions

If you buy a subscription or one-time purchase, payments are processed by Apple through the App Store and StoreKit. We do not receive your full payment card details. We may process product, offer, storefront, entitlement, renewal, and purchase-status information to unlock paid features, restore purchases, and measure paywall and conversion performance.

How we use data

We use personal data to provide Peaks and its core features; calculate and sync circadian rhythm and related insights; authenticate and secure the app; operate referrals and similar account-linked functionality; respond to support requests and review feedback; understand product usage and improve Peaks; manage newsletter subscriptions; and operate purchases, restore purchases, and entitlements.

We do not send your HealthKit data, sleep data, circadian calculations, or payment card details to Mixpanel or AppsFlyer. We also do not send your real email address to Mixpanel or AppsFlyer. If you choose to submit free-text feedback through supported in-app feedback flows, that text may be sent to Mixpanel when Product Insights is enabled.

Legal bases for processing

If you are in the EEA, we generally rely on the following legal bases:

• your consent, where required, for HealthKit access, health-related processing in Peaks, newsletter signups, and analytics or attribution settings that are based on consent;

• performance of a contract, where processing is needed to provide Peaks, restore purchases, manage subscriptions, maintain account continuity, or provide requested features;

• our legitimate interests, where appropriate, to secure Peaks, prevent abuse, maintain service continuity, understand how the app performs, improve the product, and respond to support requests.

Health-related data is treated as sensitive data under EU law and is subject to specific processing conditions. Where Peaks processes such data and EU law applies, we rely on your explicit consent unless another lawful basis under applicable law applies. 

Service providers

We use the following main service providers:

Apple, for platform services including HealthKit, CloudKit/iCloud, StoreKit, and the App Store.

Supabase, for backend infrastructure, authentication, and limited server-side identity, security, and referral data. Our Supabase deployment is hosted in the EU.

Mixpanel, for Product Insights. Peaks is configured to use Mixpanel’s EU endpoint.

AppsFlyer, for Ad Attribution outside Europe when Ad Attribution is enabled.

Loops, for newsletter and email-update signups.

Google, for support email handling through Gmail.

These providers process data on our behalf or under their own roles, depending on the service and context.

International transfers

Some of our service providers may process or access personal data outside the EEA, including in the United States. Where required, we rely on appropriate safeguards such as standard contractual clauses, adequacy decisions, or another lawful transfer mechanism. 

Your controls

You can control Product Insights and Ad Attribution separately in the app.

Turning off Product Insights stops Mixpanel analytics from the app.

Turning off Ad Attribution stops AppsFlyer attribution from the app where AppsFlyer is available.

For users in Europe, AppsFlyer is disabled.

You can also unsubscribe from newsletters at any time using the unsubscribe link in the email or by contacting us.

Because some data is stored only on your device or in Apple’s private CloudKit/iCloud infrastructure associated with your account, you can also manage or delete some data through your device settings, the Health app, and your iCloud settings.

Retention

We keep data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including providing Peaks, protecting the service, complying with legal obligations, and resolving disputes.

Product Insights data in Mixpanel is retained for up to 1 year.

Server-side account, security, and referral data may be retained for as long as needed to support authentication, account continuity, referrals, and service protection.

Support emails and feedback are retained for as long as reasonably needed to respond to you, improve Peaks, and keep appropriate business records.

Newsletter data is retained until you unsubscribe or we otherwise stop operating the mailing list. We may keep limited suppression information after unsubscribe so we can honor your opt-out.

Data stored only on your device or in your CloudKit/iCloud account remains under your control and can be deleted by you from your device or iCloud settings. Under EU law, personal data should be kept only for as long as needed, and organisations should set review or deletion limits. 

Deletion

Deleting Peaks from your device does not automatically delete server-side data we control.

To request deletion of server-side data we control, contact florian@vogel.haus. Deleting server-side data may invalidate referral codes, remove referral history, and sign you out of server-based features.

Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. If processing is based on consent, you can withdraw that consent at any time. If you are in the EEA, you also have the right to complain to your local data protection authority.

To exercise privacy rights relating to server-side data we control, contact florian@vogel.haus. For data stored only on your device or in Apple’s services, the practical way to access or delete that data may be through the app, your device, the Health app, or your iCloud settings. 

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may notify you in the app or by other appropriate means.