Legal

Data Processing Agreement

Last updated June 3, 2026

This DPA describes how PeekHive processes personal data on behalf of customers. It supplements our Terms of Service and reflects our zero-knowledge design, which minimizes the personal data processed in the first place.

This is a starting-point template, not legal advice. Have it reviewed by qualified counsel and tailored to your jurisdiction and data flows before relying on it in production.

1.Roles of the parties

For personal data processed through the product, the customer is the data controller and PeekHive is the data processor. PeekHive processes such data only on the customer's documented instructions, including as configured in the product.

2.Subject matter and duration

The subject matter is the provision of the PeekHive digital experience analytics service. Processing continues for the duration of the subscription and any agreed post-termination export window.

3.Nature and purpose of processing

PeekHive processes telemetry to provide session replay, heatmaps, funnels, form analytics, surveys, live view, and visitor profiles, and to secure and improve the service.

4.Categories of data and data subjects

  • Data subjects: the customer's website visitors and end users.
  • Data categories: anonymized interaction events, masked DOM content, performance metrics, coarse geolocation, and device/browser metadata.
  • By design, sensitive inputs and customer-marked elements are masked on-device, so raw identifiers and special-category data are not intended to be processed.

5.Zero-knowledge processing

PeekHive's masking engine redacts sensitive fields and patterns on the end-user's device prior to transmission. The customer is responsible for configuring masking for any additional sensitive elements specific to their site.

6.Sub-processors

PeekHive engages vetted sub-processors (for example, cloud infrastructure and payment processing) under written terms imposing data-protection obligations no less protective than this DPA. A current list is available on request, and we will give notice of material changes so the customer may object on reasonable grounds.

7.Security measures

  • Encryption in transit (TLS 1.3) and at rest.
  • Role-based access control and least-privilege access.
  • Audit logging of access to sensitive features such as session replay.
  • Network controls, monitoring, and regular review of security practices.

8.International transfers

Where personal data is transferred across borders, PeekHive relies on appropriate safeguards such as the Standard Contractual Clauses, and offers regional data residency options.

9.Assistance with data-subject requests

PeekHive provides tooling and reasonable assistance to help customers respond to data-subject access, correction, and deletion requests, including a right-to-be-forgotten capability to delete a specified visitor's data.

10.Personal data breach notification

PeekHive will notify the customer without undue delay after becoming aware of a personal data breach affecting the customer's data, and will provide information reasonably required for the customer to meet its own notification obligations.

11.Audits

PeekHive will make available information necessary to demonstrate compliance and allow for audits, including via third-party reports such as SOC 2, subject to reasonable confidentiality and scheduling.

12.Return and deletion; contact

On termination, the customer may export its data within an agreed window, after which PeekHive will delete or anonymize it in line with the retention policy, except where retention is required by law. For DPA requests, contact dpo@peekhive.com.

Related

Privacy PolicyTerms of ServiceEnterprise & Compliance