Privacy Policy

High Performance Ventures LLC ("we," "us," "our," or the "Company") operates PeakHer, a personal performance intelligence platform for women, accessible at peakher.ai and through the PeakHer iOS application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application, mobile application, or interact with us in any way.

PeakHer helps women understand and optimize their personal performance by correlating biological rhythm data with real-world outcomes across business, fitness, family, and leadership. This Privacy Policy describes our practices regarding the sensitive personal data we collect to provide this service.

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

We collect several categories of information from and about users of our Service:

1.1 Account Information

When you create an account, we collect:

• Name: Your first name, as provided during registration.
• Email Address: Used for account authentication, communications, and password recovery.
• Password: Stored in hashed form; we never store or have access to your plaintext password.
• Professional Role: Your self-identified professional role or title, used to personalize your experience.
• Coach Voice Preference: Your selected AI coach persona style.

1.2 Health and Wellness Data

To provide personalized performance insights, we collect the following health-related information that you voluntarily provide through the Service:

• Menstrual Cycle Data: Your typical cycle length, the start date of your last menstrual period, and your confidence level in that date (exact or estimated). This data is used solely to calculate your current cycle phase and personalize your daily briefings.
• Daily Check-In Data: Self-reported ratings for energy level, confidence level, sleep quality, and stress level, submitted through daily check-ins via the app or SMS.
• Freeform Notes: Any optional text notes you provide during check-ins.

We treat all health and wellness data as sensitive personal information and apply heightened protections as described in this policy. We do not use your health data for advertising purposes.

1.3 Quiz and Assessment Data

When you take the PeakHer Rhythm Intelligence Quiz or any other assessment offered through the Service, we collect:

• Your responses to quiz questions
• Your calculated Rhythm Intelligence Score and assigned performance level
• Your identified blindspot category
• Any other results generated from your assessment responses

1.4 Phone Number and SMS Data

If you opt in to SMS briefings, we collect:

• Phone Number: Your mobile phone number, verified via a one-time passcode (OTP).
• SMS Preferences: Whether SMS briefings are enabled, your preferred delivery time, and your timezone.
• SMS Conversation Data: Messages you send in response to SMS briefings (such as check-in ratings and notes) are processed and stored to provide the conversational check-in experience.

1.5 Wearable Device Data

If you choose to connect a wearable device (Oura Ring, Whoop, or Garmin), we collect the following biometric data from the device manufacturer's API on your behalf:

• Sleep Data: Sleep duration, sleep stages (deep, REM, light, awake), sleep efficiency, and sleep quality scores.
• Heart Rate Data: Resting heart rate, heart rate variability (HRV), and average heart rate during activities.
• Recovery and Readiness: Recovery scores, readiness scores, and strain scores as provided by your wearable.
• Activity Data: Steps, active calories, workout type and duration, and active minutes.
• Physiological Metrics: Blood oxygen saturation (SpO2), respiratory rate, skin temperature deviation, stress scores, and body battery levels where available.

How wearable data is accessed: We use OAuth 2.0 (or OAuth 1.0a for Garmin) to securely connect to the wearable provider's API. We request only read-only access to your data. We never access your wearable device directly:all data flows through the manufacturer's cloud API.

You are in full control: You can connect and disconnect your wearable at any time from the Settings screen. When you disconnect, we stop syncing new data. You can request deletion of all previously synced wearable data by contacting us or using the data export and account deletion features.

Data retention: Wearable data is retained as long as your account is active and the wearable is connected. If you disconnect your wearable, previously synced data remains in your account unless you request deletion. If you delete your account, all wearable data is permanently deleted.

We treat all wearable biometric data as sensitive personal information. We do not sell, share, or use wearable data for advertising purposes. Wearable data is used solely to personalize your daily briefings and performance insights within PeakHer.

1.6 Calendar Data

If you choose to connect your Google Calendar, we collect:

• Event Data: Event titles, start and end times, event type, attendee count (not names or emails), and whether the event is all-day.

We request read-only access to your primary Google Calendar. We do not access event descriptions, attendee email addresses, or any other calendar besides your primary calendar. Calendar data is used solely to provide schedule-aware recommendations in your daily briefings (e.g., "Your presentation at 2 PM aligns with your Peak phase:lead with confidence"). You can disconnect your calendar at any time from Settings.

1.7 Usage and Device Data

We automatically collect certain information when you use the Service:

• Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers.
• Log Data: IP address, access times, pages or screens viewed, referring URL, and actions taken within the Service.
• App Usage Data: Features used, session duration, and interaction patterns within the web and mobile applications.
• Push Notification Tokens: If you enable push notifications on iOS, we collect your device push token to deliver notifications.

1.8 Payment Information

If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We do not directly collect, store, or have access to your full credit card number or bank account details. We receive from Stripe only a confirmation of payment status, subscription tier, and a truncated card identifier for your records.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing the Core Service

• To calculate your current cycle phase based on your menstrual cycle data and deliver personalized daily briefings with phase-specific guidance on nutrition, movement, focus, and emotional wellness.
• To incorporate wearable biometric data (sleep, HRV, recovery, strain) into your daily briefings, making recommendations specific to your measured physiological state combined with your cycle phase.
• To incorporate calendar events into your daily briefings, providing schedule-aware guidance that aligns your appointments with your current phase and energy level.
• To generate AI-powered insights and recommendations based on your check-in data and cycle phase.
• To track your patterns over time and surface correlations between your biological rhythm and reported performance metrics.
• To deliver SMS briefings and process conversational check-ins if you have opted in.
• To send push notifications (such as check-in reminders or briefing alerts) if you have opted in.
• To maintain your account and authenticate your identity.

2.2 AI-Generated Content

Your cycle phase data, check-in history, coach voice preference, and cycle date confidence level are sent to our AI provider (Anthropic, the maker of Claude) to generate personalized daily briefings and insights. The data sent to the AI does not include your name, email address, or other directly identifying information -- it consists of your cycle day, phase, recent check-in scores, and preferences. See Section 5 for details on how our AI provider handles this data.

2.3 Communication

• To send you service-related emails, including account verification, password resets, and important updates about the Service.
• To send marketing and promotional communications with your consent (you may opt out at any time).
• To respond to your support requests, inquiries, or feedback.

2.4 Product Improvement and Analytics

• To understand how users interact with the Service and identify areas for improvement.
• To conduct research and analysis using aggregated, de-identified data.
• To develop new features and services.
• To monitor and address technical issues.

2.5 Legal and Compliance

• To comply with applicable legal obligations.
• To enforce our Terms and Conditions.
• To protect our rights, privacy, safety, or property, and/or that of our users or others.

3. How We Collect Information

We collect information through the following methods:

• Direct Input: When you create an account, complete onboarding, submit daily check-ins, take quizzes, update your settings, or contact us.
• SMS Interactions: When you reply to SMS briefings with check-in data or other messages.
• Automated Collection: Through cookies, server logs, and similar technologies when you use the web application.
• Mobile App Collection: Through standard mobile app analytics and device APIs when you use the iOS application.
• Third-Party Services: We may receive information from payment processors (Stripe) about your subscription status.

4. Data Storage and Security

4.1 Where Your Data Is Stored

Your personal information and health data are stored in a PostgreSQL database hosted by Neon (neon.tech) in the US-East-1 region (Virginia, United States). Our web application is hosted on Vercel's global edge network. All data at rest and in transit is encrypted.

4.2 Security Measures

We implement industry-standard security measures to protect your data, including:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL (HTTPS).
• Encryption at Rest: Data stored in our database is encrypted at rest.
• Authentication: User sessions are managed using JSON Web Tokens (JWT) with secure expiration policies. Passwords are salted and hashed using industry-standard algorithms before storage.
• Access Controls: Access to production databases and infrastructure is restricted to authorized personnel only, using role-based access controls.
• OTP Verification: Phone numbers are verified through one-time passcodes before SMS features are activated.
• Secure Hosting: Our hosting providers (Vercel and Neon) maintain SOC 2 compliance and implement physical and logical security controls.

4.3 Security Limitations

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. In the event of a data breach affecting your personal information, we will notify you and any applicable regulatory authorities as required by law.

5. Third-Party Service Providers

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We have not sold personal information in the preceding twelve (12) months.

5.2 Service Providers

We share information with the following categories of third-party service providers who perform services on our behalf. Each provider receives only the minimum data necessary to perform its function:

• Anthropic (Claude AI): We use Anthropic's Claude language model to generate your personalized daily briefings and insights. When generating a briefing, we send your current cycle day, cycle phase, recent check-in scores, coach voice preference, and cycle date confidence level to Anthropic's API. We do not send your name, email, or other directly identifying information. Anthropic's usage policies prohibit them from using API inputs to train their models. For more information, see Anthropic's Privacy Policy.
• Twilio: If you opt in to SMS briefings, we use Twilio to send and receive text messages. Twilio processes your phone number and the content of SMS messages exchanged between you and the Service. For more information, see Twilio's Privacy Policy.
• Vercel: Our web application and serverless API functions are hosted on Vercel. Vercel processes request data including IP addresses and request metadata. For more information, see Vercel's Privacy Policy.
• Neon: Our PostgreSQL database is hosted by Neon. Neon stores all user data including account information, health data, and check-in history. Neon encrypts data at rest and in transit. For more information, see Neon's Privacy Policy.
• Stripe: If you subscribe to a paid plan, Stripe processes your payment information. We do not store your full payment card details. For more information, see Stripe's Privacy Policy.
• Apple Push Notification Service (APNs): If you enable push notifications on iOS, Apple delivers notifications to your device using your device push token. For more information, see Apple's Privacy Policy.
• Expo (EAS): Our iOS application is built and distributed using Expo Application Services. Expo processes app build artifacts and distribution metadata. For more information, see Expo's Privacy Policy.
• GoHighLevel: We use GoHighLevel for customer relationship management and email campaigns. If you join our mailing list or become a customer, your name and email address may be stored in GoHighLevel. For more information, see GoHighLevel's Privacy Policy.

These service providers are contractually obligated to use your information only for the purposes of providing services to us and are required to maintain the confidentiality and security of your information.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to:

• Comply with a legal obligation, court order, or legal process
• Protect and defend the rights or property of High Performance Ventures LLC
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users of the Service or the public
• Protect against legal liability

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

6. Cookies and Similar Technologies

6.1 What We Use

Our web application uses the following technologies:

• JWT Authentication Tokens: Stored in your browser to maintain your logged-in session. These are essential for the Service to function and cannot be disabled while using the app.
• Local Storage: Used to cache certain preferences and non-sensitive app state on your device for performance purposes.
• Session Cookies: Standard session cookies may be used by our hosting provider (Vercel) for routing and security purposes.

6.2 Analytics

We may use analytics services to understand how users interact with our Service. These services may use cookies and similar technologies to collect usage data. You can control cookie behavior through your browser settings.

6.3 Your Cookie Choices

You may set your browser to refuse all or some cookies, or to alert you when cookies are being sent. If you disable cookies, some parts of the Service may become inaccessible or not function properly. Note that essential authentication tokens are required for the Service to operate.

7. Your Rights and Choices

You have the following rights regarding your personal information:

7.1 Access Your Data

You have the right to request a copy of the personal information we hold about you. You can export your data at any time through the Settings panel in the app. We will also fulfill manual requests within thirty (30) days.

7.2 Correct Your Data

You have the right to request correction of any inaccurate or incomplete personal information. You can update your profile information, cycle data, and preferences directly in the app Settings.

7.3 Delete Your Data

You have the right to request deletion of your account and all associated personal information. You can initiate account deletion through the Settings panel in the app, or by contacting us at Results@highperformanceventures.com. Upon receiving a verified deletion request, we will delete your personal data within thirty (30) days, except where we are required to retain certain information by law.

7.4 Export Your Data

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. The data export feature in the app Settings provides your data in a standard format that you can download and transfer.

7.5 Opt Out of SMS

You may disable SMS briefings at any time through the app Settings, or by replying "STOP" to any SMS message from us. We will process your opt-out immediately.

7.6 Opt Out of Push Notifications

You may disable push notifications at any time through your iOS device settings or within the app.

7.7 Opt Out of Marketing Communications

You may opt out of marketing emails at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at Results@highperformanceventures.com. We will process your request within ten (10) business days. Opting out of marketing emails will not affect transactional or service-related communications.

7.8 Withdraw Consent

Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at Results@highperformanceventures.com.

8. Children's Privacy

The Service is not intended for individuals under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take immediate steps to delete that information. If you are a parent or guardian and you believe your child has provided us with personal information, please contact us at Results@highperformanceventures.com so that we can take appropriate action.

For users between the ages of 13 and 17, parental or guardian consent is required to use the Service. By allowing a minor to use the Service, the parent or guardian agrees to this Privacy Policy on behalf of the minor.

9. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected. Specifically:

• Account Data: Retained for as long as your account is active. Upon account deletion, personal data is deleted within thirty (30) days.
• Health and Check-In Data: Retained for as long as your account is active to provide pattern analysis over time. Deleted upon account deletion.
• SMS Conversation Data: Retained for as long as your account is active and SMS features are enabled. Deleted upon account deletion or SMS opt-out.
• SMS Verification Codes: Automatically expire and are deleted within fifteen (15) minutes of generation.
• Quiz Data: If submitted without an account, quiz data may be stored locally in your browser and is not retained on our servers unless linked to an account.
• Payment Records: Transaction records may be retained for up to seven (7) years as required for tax and accounting compliance.
• Aggregated Analytics: De-identified, aggregated data that cannot be used to identify you may be retained indefinitely for research and product improvement purposes.

When we no longer need your personal information, we will securely delete or anonymize it in accordance with our data retention procedures.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising purposes.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
• Right to Limit Use of Sensitive Personal Information: Your health and wellness data (including menstrual cycle data) constitutes sensitive personal information under the CPRA. We use this data only as necessary to provide the Service as described in this policy. You have the right to limit its use to what is necessary to perform the Service.

Categories of Personal Information Collected: Identifiers (name, email, phone number, IP address); health information (cycle data, check-in data); internet or electronic network activity (usage data, device information); professional information (role/title); inferences drawn from the above to create a profile.

To exercise your California privacy rights, please contact us at Results@highperformanceventures.com. We will verify your identity before processing your request and respond within forty-five (45) days.

11. European Economic Area, United Kingdom, and International Users (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or other jurisdictions with data protection laws, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent legislation:

Legal Bases for Processing

We process your personal data based on the following legal bases:

• Consent: For processing health data (menstrual cycle information, check-in data), sending marketing communications, and enabling optional features like SMS briefings and push notifications.
• Performance of a Contract: For providing the Service, managing your account, and processing payments.
• Legitimate Interests: For product improvement, security, and fraud prevention, where these interests are not overridden by your data protection rights.
• Legal Obligation: For compliance with applicable laws and regulations.

Your GDPR Rights

• Right of Access: You have the right to obtain confirmation of whether we are processing your personal data and to receive a copy of that data.
• Right to Rectification: You have the right to request correction of inaccurate personal data.
• Right to Erasure: You have the right to request deletion of your personal data under certain circumstances.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to processing of your personal data based on our legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

International Data Transfers

Your information is transferred to and processed in the United States. If you are located outside the United States, please note that data protection laws in the United States may differ from those in your jurisdiction. By using the Service, you consent to the transfer of your data to the United States. We implement appropriate safeguards, including standard contractual clauses where required, to protect your data during such transfers.

To exercise any of these rights, contact us at Results@highperformanceventures.com. We will respond within thirty (30) days.

12. Health Data Protections

We recognize that menstrual cycle data, daily wellness check-ins, and related health information are particularly sensitive. We are committed to the following protections for your health data:

• Purpose Limitation: Your health data is used solely to provide you with personalized performance insights and daily briefings. It is never used for advertising, profiling for third parties, or any purpose other than delivering the Service to you.
• No Sale: We will never sell your health data to any third party.
• Minimal Sharing: Health data is shared only with Anthropic (for generating AI briefings, without directly identifying information) and stored in our database (Neon). It is not shared with any other third parties except as required by law.
• Encryption: Health data is encrypted both in transit and at rest.
• User Control: You can view, export, and delete your health data at any time through the app Settings.
• No Employer or Insurer Access: We do not provide your health data to employers, insurance companies, or data brokers under any circumstances.

13. Push Notifications

The PeakHer iOS app may request permission to send push notifications. These notifications may include:

• Daily check-in reminders
• Daily briefing availability alerts
• Phase transition notifications
• Account and security alerts

Push notifications are entirely optional. You can enable or disable them at any time through your iOS device settings (Settings > Notifications > PeakHer) or within the app. We use Apple Push Notification Service (APNs) to deliver notifications. Your device push token is stored on our servers solely for the purpose of delivering notifications and is deleted if you disable notifications or delete your account.

14. SMS Communications

If you opt in, we will send you daily briefings and facilitate check-in conversations via SMS through Twilio. By opting in, you consent to receive recurring automated text messages at the phone number you provide. Message and data rates may apply. Message frequency varies but is typically one to three messages per day.

You can opt out of SMS at any time by:

• Replying "STOP" to any message from us
• Disabling SMS in the app Settings
• Contacting us at Results@highperformanceventures.com

For help, reply "HELP" to any message or contact Results@highperformanceventures.com. SMS features are available to users with US phone numbers. Carriers are not liable for delayed or undelivered messages.

15. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to have your online activity tracked. The Service honors Global Privacy Control (GPC) signals where required by law. For standard DNT signals, because there is no uniform standard for interpretation, the Service does not currently respond to DNT browser signals.

16. Third-Party Links

The Service may contain links to third-party websites, applications, or services that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

17. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make changes, we will update the "Effective Date" at the top of this page. For material changes -- particularly changes that affect how we handle health data or expand sharing with third parties -- we will provide notice through the Service, by email, or through the iOS app before the changes take effect. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

High Performance Ventures LLC
Email: Results@highperformanceventures.com
Website: peakher.ai

We will respond to all privacy-related inquiries within thirty (30) days.