Peer Group Tools Privacy Policy
Effective Date: March 19, 2026
Last Updated: March 19, 2026
Introduction
Peer Group Tools (“PGT,” “we,” “us,” or “our”) operates the website at https://peergroup.tools and the PG Compass Platform. We are committed to protecting the privacy and security of the personal information entrusted to us by our users (“you” or “your”).
This Privacy Policy explains what information we collect, how we use and protect it, and the choices you have regarding your data. It applies to all users of our website and platform services.
By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.
Information We Collect
Account Information
When you create an account or interact with our platform, we collect information you provide directly, including:
• Your name and email address
• Organization or peer group affiliation
• Account credentials (managed securely through Auth0 — we never store passwords in plain text)
Usage and Log Data
When you use our services, we automatically collect certain technical information, including:
• IP address, browser type, and operating system
• Pages visited, features used, and time spent on the platform
• Device identifiers and general geolocation (country/region level)
• Error logs and performance data to help us improve the servicePayment Information
We use Stripe as our third-party payment processor. When you purchase a subscription, your payment card details are collected and processed directly by Stripe. We do not store, access, or process your full credit card number. We may receive from Stripe limited transaction details such as the last four digits of your card, billing address, and transaction status for record-keeping purposes.
Cookies and Analytics
We use cookies and similar technologies to operate our platform, remember your preferences, and understand how our services are used. We use the following third-party analytics and operational tools:
• Google Analytics — website traffic analysis and usage patterns
• Datadog — application performance monitoring and error tracking
• Application Insights — system health and diagnostics
• Pendo — product usage analytics and in-app guidance
• SendGrid — transactional email delivery
You may control cookies through your browser settings. Disabling cookies may limit certain features of our platform.
How We Use Your Information
We use the information we collect to:
• Provide, operate, and maintain the PG Toolkit™ platform and its features
• Create and manage your account and authenticate your identity
• Process transactions and send related confirmations
• Communicate with you about your account, updates, and support requestsAnalyze usage trends to improve our platform and user experience
• Detect, prevent, and address security issues, fraud, and technical problems
• Comply with legal obligations and enforce our Terms of Service
We will not use your personal information for purposes materially different from those described above without notifying you and, where required, obtaining your consent.
Data Security
We take the security of your data seriously and employ industry-leading measures to protect it. Our infrastructure is hosted on Google Cloud Platform (GCP) with the following safeguards in place:
Encryption
• All data in transit is secured using TLS 1.3 encryption
• All data at rest is encrypted using AES-256 encryption via Google Cloud’s default encryption
• Encryption keys are managed through Google Cloud Key Management Service (KMS) and protected by strict Identity and Access Management (IAM) policies
• Access to encryption keys is limited to designated senior engineering personnel and is fully governed, logged, and monitored
Access Controls
• Access to production systems is restricted under least-privilege principles
• Multi-factor authentication (MFA) is required for all production system access
• We use Auth0 for user authentication, which provides password protection, brute-force mitigation, IP throttling, and anomaly detection
Monitoring
• All system access is logged and monitored
• We use Datadog and Application Insights for continuous security and performance monitoring
While no method of transmission or storage is 100% secure, we are committed to protecting your information using commercially reasonable and industry-standard practices.
Data Ownership and Retention
You retain full ownership of your data at all times. We do not claim any intellectual property rights over the content you submit to our platform.
We retain your personal information only for as long as necessary to provide our services and fulfill the purposes described in this policy. When your account is deleted, your data is removed from our active systems. You may request permanent deletion (“shredding”) of your data at any time by contacting us, and upon such request, your data will be irreversibly removed from active systems.
We may retain certain information as required by law or for legitimate business purposes, such as resolving disputes, enforcing our agreements, or meeting regulatory obligations.
Sharing of Information
We do not sell your personal information. We may share your information only in the following circumstances:
• Service providers: We share data with trusted third-party vendors who help us operate our platform (e.g., Stripe for payments, Google Cloud for hosting, SendGrid for email delivery, Auth0 for authentication). These providers are bound by contractual obligations to protect your data and use it only for the services they provide to us.
• Legal compliance: We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of PGT, our users, or the public.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.
• With your consent: We may share your information for other purposes when you have given us explicit consent to do so.
International Data Transfers
Your personal information is stored and processed in the United States, where our infrastructure is hosted on Google Cloud Platform. If you are accessing our services from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.
Where we transfer personal data internationally, we implement appropriate safeguards in accordance with applicable law, including Standard Contractual Clauses (SCCs) approved by the European Commission where required.
Children’s Privacy
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@peergroup.tools.
Your Rights
Depending on your location, you may have certain rights regarding your personal information. We honor these rights for all users regardless of jurisdiction, to the extent practicable:
• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request that we delete your personal information from our systems.
• Portability: Request your data in a structured, commonly used, machine-readable format.
• Restriction: Request that we restrict or limit the processing of your data.
• Objection: Object to processing based on our legitimate interests.Withdraw consent: Where processing is based on consent, withdraw it at any time.
• Non-discrimination: We will not treat you differently for exercising your privacy rights.
To exercise any of these rights, please contact us at privacy@peergroup.tools. We will respond to your request within 30 days.
Additional Disclosures for U.S. State Privacy Laws
This section applies to residents of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia, and supplements the information above.
Categories of Personal Information
In the past 12 months, we have collected the following categories of personal information:
• Identifiers: name, email address, IP address, and account identifiers
• Commercial information: subscription and transaction history
• Internet activity: interactions with our platform, usage data, and analytics
• Geolocation data: approximate location derived from IP address
Your State Privacy Rights
Depending on your state of residence, you may have the right to know what personal information we collect, request its deletion, opt out of any sale or sharing of personal information (we do not sell personal information), and request correction of inaccurate data. To exercise these rights, contact us at privacy@peergroup.tools.
Do Not Track
Some browsers offer a “Do Not Track” signal. At this time, we do not respond to Do Not Track signals, but we do not engage in cross-site tracking of our users.
Additional Disclosures for GDPR (EU)
Data Controller
Peer Group Tools is the data controller with respect to the personal information we collect from you. Our contact details are provided at the end of this policy.
Legal Bases for Processing
We process your personal information on the following legal bases:
• Contract performance: To provide our services to you under our Terms of Service.
• Legitimate interests: To operate, improve, and secure our platform, and to communicate with you about our services.
• Consent: Where you have given explicit consent, such as for marketing communications. You may withdraw consent at any time.
• Legal obligation: To comply with applicable laws and regulations.
Your GDPR Rights
In addition to the rights listed above, EU residents have the right to lodge a complaint with their local data protection authority. We encourage you to contact us first so we can address your concerns.
International Transfers from the EEA
Where we transfer personal data outside the European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.
Additional Disclosures for UK GDPR
For residents of the United Kingdom, we process your data in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018. The legal bases for processing and your rights mirror those described in the EU GDPR section above.
For international transfers of personal data from the UK, we rely on appropriate safeguards including Standard Contractual Clauses. If you have concerns about our data practices, you may contact the Information Commissioner’s Office (ICO) at www.ico.org.uk, though we encourage you to reach out to us first.
Additional Disclosures for PIPEDA (Canada)
For residents of Canada, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Canada’s Anti-Spam Legislation (CASL).Under PIPEDA, you have the right to:
• Access the personal information we hold about you (requests may be subject to a nominal fee of up to $30.00 CAD)
• Request correction of inaccurate or incomplete personal informationWithdraw consent for the collection, use, or disclosure of your personal information
We will respond to access requests within 30 days. If we cannot meet this timeframe, we will notify you of the delay and the reason for it.
We do not send unsolicited commercial emails to individuals with whom we have no relationship. You may opt out of marketing communications at any time.
If you have concerns about our compliance, you may contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or by calling 1-800-282-1376.
Additional Disclosures for the Australian Privacy Act
For residents of Australia, we handle your personal information in accordance with the Privacy Act 1988 and the Australian Privacy Principles (APPs).
Please be aware that some of our third-party service providers may be located outside Australia and may not be subject to the Privacy Act. By using our services, you acknowledge that some third parties may not be accountable under the Privacy Act, and you may not be able to seek redress under the Privacy Act against those third parties.
Business Transfers
In the event that PGT is involved in a merger, acquisition, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your information.
Data Breach Notification
In the event of a data breach that affects your personal information, we will investigate the incident promptly. Where required by applicable law, we will notify affected individuals and relevant data protection authorities within the timeframes mandated by law.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or through a prominent notice on our platform prior to the change becoming effective. We encourage you to review this policy periodically.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Peer Group Tools — Privacy Department
Email: privacy@peergroup.tools
Website: https://peergroup.toolsGoverning Law:
This Privacy Policy is governed by and construed in accordance with the laws of the State of Colorado, United States.
