Privacy Policy

Last updated: January 31, 2026

1. Introduction

Peaqview ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal and enterprise data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Enterprise Architecture platform, including our web application, API services, and MCP (Model Context Protocol) server.

By using Peaqview, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.

2. Data Controller

Peaqview SAS is the data controller responsible for your personal data. For any privacy-related inquiries, please contact us at:

Peaqview SAS

Email: privacy@peaqview.com

General inquiries: contact@peaqview.com

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Company/organization name
  • Job title and role
  • Password (encrypted)
  • Authentication tokens for SSO/SAML integrations

3.2 Enterprise Architecture Data

Data you input into the platform:

  • Application portfolio information (names, descriptions, costs, criticality)
  • Business processes and BPMN diagrams
  • Software contracts and vendor information
  • Technology assessments and Architecture Decision Records (ADRs)
  • Relationships and dependencies between systems
  • Custom fields and metadata defined by your organization

3.3 Usage Data

We automatically collect:

  • Log data (IP address, browser type, pages visited, timestamps)
  • Feature usage analytics
  • API call logs for debugging and security
  • Performance metrics

3.4 Integration Data

When you connect third-party services:

  • Jira issues and project metadata
  • Confluence page references
  • ServiceNow CMDB synchronization data
  • SSO provider tokens (Azure AD, SAML)

4. How We Use Your Data

We use collected data to:

  • Provide services: Operate and maintain the Peaqview platform
  • Authenticate users: Verify identity and manage access permissions
  • Enable AI features: Power AI Partners, semantic search, and intelligent recommendations
  • Generate insights: Create portfolio analytics, reports, and visualizations
  • Improve the platform: Analyze usage patterns to enhance features
  • Provide support: Respond to inquiries and troubleshoot issues
  • Ensure security: Detect and prevent fraud, abuse, and security incidents
  • Communicate: Send service updates, security alerts, and (with consent) marketing

5. MCP Server Data Handling

Our MCP (Model Context Protocol) server enables integration with AI assistants like Claude. Here's how we handle data in MCP interactions:

5.1 Data Access

  • The MCP server only accesses data explicitly requested by the user through tool calls
  • Access is scoped to the authenticated user's permissions within their workspace
  • No data is accessed without a direct user request

5.2 Data Transmission

  • All MCP communications are encrypted using HTTPS/TLS
  • Authentication uses OAuth 2.0 with service account credentials
  • Tokens are short-lived and automatically refreshed

5.3 Data Storage

  • The MCP server itself is stateless - no conversation data is stored
  • Authentication tokens are cached temporarily (maximum 15 minutes)
  • Tool responses are returned directly to the AI assistant without persistent storage

5.4 Third-Party AI Models

  • Peaqview's MCP server does not send your data to third-party AI models
  • The AI assistant (e.g., Claude) processes responses according to its own privacy policy
  • We recommend reviewing your AI assistant's privacy policy for complete information

6. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

  • Contract performance: Necessary to provide the services you requested
  • Legitimate interests: Platform improvement, security, and fraud prevention
  • Legal obligations: Compliance with applicable laws and regulations
  • Consent: Marketing communications and optional features (where applicable)

7. Data Retention

We retain your data according to the following principles:

  • Account data: Retained while your account is active, plus 30 days after deletion request
  • Enterprise architecture data: Retained until you delete it or close your account
  • Usage logs: Retained for 12 months for security and debugging purposes
  • Audit trails: Retained for 7 years as required by enterprise compliance standards
  • Backups: Retained for 90 days, then permanently deleted

Upon account termination, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes.

8. Data Sharing and Third Parties

We do not sell your personal data. We may share data with:

8.1 Service Providers

  • Cloud infrastructure: Scaleway (EU), Microsoft Azure (EU regions)
  • Email services: For transactional and marketing emails
  • Analytics: Aggregated, anonymized usage statistics

8.2 Integrations You Enable

  • Atlassian (Jira, Confluence) - when you connect these services
  • ServiceNow - when you enable CMDB synchronization
  • Your identity provider - for SSO authentication

8.3 Legal Requirements

We may disclose data when required by law, court order, or to protect our rights and safety.

9. Data Security

We implement comprehensive security measures:

  • Encryption: Data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Access controls: Role-based permissions with workspace isolation
  • Authentication: Support for SSO, SAML, MFA, and OAuth 2.0
  • Audit logging: Complete audit trail of all data access and modifications
  • Infrastructure: EU-based data centers with SOC 2 compliance
  • Monitoring: 24/7 security monitoring and incident response
  • Backups: Automated encrypted backups with disaster recovery

10. Your Rights (GDPR)

Under GDPR and applicable privacy laws, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Revoke consent for optional processing at any time

To exercise these rights, contact us at privacy@peaqview.com. We will respond within 30 days as required by GDPR.

11. Cookies and Tracking

We use cookies for:

  • Essential cookies: Authentication, session management, security
  • Functional cookies: User preferences and settings
  • Analytics cookies: Understanding platform usage (anonymized)

You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.

12. International Data Transfers

Peaqview primarily processes data within the European Union. If data transfer outside the EU is necessary, we ensure appropriate safeguards through:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Data processing agreements with all sub-processors

13. Children's Privacy

Peaqview is designed for enterprise use and is not intended for individuals under 16 years of age. We do not knowingly collect data from children.

14. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification at least 30 days before they take effect. The "Last updated" date at the top indicates the most recent revision.

15. Contact Us

For privacy-related questions, concerns, or to exercise your rights:

Privacy Inquiries

Email: privacy@peaqview.com

General Support

Email: contact@peaqview.com

Data Protection Officer

Email: dpo@peaqview.com

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.