Privacy policy

Who we are

We are Peepl Ltd, company number 11715691, based in Liverpool’s Baltic Triangle. You can find our contact details here.

What information we collect and how we use it

When you visit our website

We use a first-party, server-side analytics package to collect anonymised information about visitors to our website, to help us monitor the website’s performance, identify and block malicious users, and improve the experience for our visitors. This includes:

  • The first three bytes of your IP address
  • The country your IP address is registered to
  • The referrer URL provided by your web browser (if present)
  • The operating system of your device (eg: Windows, macOS)
  • The time of your visit

When you use our app

When you first set up our app on your mobile device, we require you to verify your phone number, for fraud prevention. Your phone number is stored securely in Google’s Firebase Authentication product, which is fully GDPR-compliant, and is only accessible to our technical team. You can read more about Firebase’s privacy and security commitments here. We have no way of associating your phone number with your device, or any other information about you.

When you top up your wallet in the Peepl app, we use Stripe to take payment from your credit or debit card. You can read Stripe’s Privacy Policy here. We do not store your card details anywhere.

When you make a purchase via the Peepl app, we request your address (for delivery) and your contact details (in case we need to contact you during delivery). Your details are stored securely in our database for 12 months, so we can refer back to them in case of dispute resolution, or to provide you with details of your past purchases. Your data will be stored in Amazon Web Services’ Ireland (EU West 1) datacentre. You can read more about Amazon’s privacy commitments here.

If you provide your mobile phone number during checkout, we will send you delivery updates via SMS. In order to do this, your phone number will be shared with Twilio. You can read more about Twilio’s privacy commitments here.

Since your payment is made on the Peepl blockchain, your (anonymous) wallet address will appear in the public transaction log of our blockchain provider, Fuse.

If you contact us via email

Your email address and message will be accessible to our core team and may be forwarded to the person or people in the organisation best equipped to respond. We adhere to strict internal privacy policies which comply with the GDPR.

Your personal information is never shared externally, or used for purposes other than the above.

Legal basis for processing

When you visit our website, we process your data on the legal basis of GDPR 6(1)(f) – Legitimate interests. We take measures to collect as little data as possible, and to anonymise the data we do collect, in order to minimise the potential impact on your privacy. Collecting anonymised visitor data is necessary for the functioning of our web server and our efforts to provide a consistent service to our visitors.

When you top up your wallet or make a purchase in the Peepl app, we process your data on the legal bases GDPR 6(1)(b) – Performance of a contract, and GDPR 6(1)(c) – Legal obligation. We need your data in order to fulfil your purchase, and we need to verify your identity and store your past purchases in order to fulfil our financial and legal obligations.

When you make a purchase in the Peepl app and we send you messages about your order via email or SMS, we do so on the legal bases GDPR 6(1)(b) – Performance of a contract, and GDPR 6(1)(f) – Legitimate interests. We use your details for the duration of our contract with you, to provide you with the information you would reasonably expect about your order.

When you contact us, you are consenting to the processes as described on this page. The legal basis is GDPR 6(1)(a) – Consent of the data subject.

Retention periods

In the case of data collected as part of a topup or purchase in the Peepl app, we are obliged to keep records relating to financial transactions for at least six years following the end of the accounting period in which the transaction took place. We destroy our records after this point.

If you contact us by email, we reserve the right to keep your message indefinitely, to aid continuity and so that we can view any historic context which may have bearing on subsequent support mail, even if members of our support team change. Support staff adhere to strict internal privacy and security policies.

In all other cases, we retain your personal data until such a time as you ask us to remove your details.

Your right to access

You may contact us at any time to ask to see what personal data we hold about you. Please contact us to request this.

Your right to erasure

You may request that we destroy the personal data that we hold about you, provided that there is no legitimate reason for us continuing to hold it – that is to say if it does not relate to financial transactions or is unlikely to be of any legal or practical purpose in the future. Please contact us to request this.

Your right to complain

If you believe that we have mishandled your data, you have the right to lodge a complaint with the Information Commissioner’s Office – but please do contact us first, so that we can try and help.