Privacy Policy
Last updated: July 3, 2026 · Template — review with counsel and fill in company details before launch.
This policy explains, in plain language, what data JawPeak ("we", "us") collects on jawpeak.com, why, and what your rights are. It applies to the website and quiz funnel. The iOS app has its own in-app privacy notices.
1. What we collect and why
- Quiz answers (age band, goals, habits, training experience, commitment level). We process these solely to build your personalized training plan and to tailor the content we show you. Some answers concern your fitness and wellness habits; by starting the quiz you give your explicit consent to this processing. We never ask for, and you should not submit, medical information.
- Email address — collected when you request your results. We use it to deliver your plan, receipt, and login link (transactional). We only send marketing email if you tick the separate, optional marketing checkbox; you can withdraw that consent at any time via the unsubscribe link in any email.
- Payment data — processed entirely by Stripe, our payment processor. We never see or store your card number. We receive your subscription status, plan, and billing country from Stripe.
- Analytics and advertising data — only with your cookie consent, we use the Meta Pixel and Meta Conversions API to measure our advertising (events such as quiz start, email submitted, purchase, with your email in hashed form). If you choose "Essential only" in the cookie banner, the Meta Pixel is not loaded and no hashed identifiers are sent.
- Technical data — IP address, user agent, and approximate region, processed by our hosting provider (Cloudflare) for security and delivery.
2. Legal bases (GDPR) / processing conditions (KVKK)
- Consent — quiz answers about your fitness habits; marketing email; advertising cookies/pixel. You may withdraw consent at any time without affecting prior processing.
- Contract — delivering your plan, processing your purchase, providing the service you bought.
- Legitimate interests — site security, fraud prevention, and basic service analytics that do not involve advertising identifiers.
- Legal obligation — tax and accounting records of purchases.
For visitors in Turkey, personal data is processed under KVKK (Law No. 6698) on the equivalent conditions above; explicit consent (açık rıza) is obtained separately for marketing communications, as required, and commercial electronic messages are only sent in accordance with İYS requirements.
3. Who we share data with
- Stripe — payment processing (their privacy policy applies to payment data).
- Supabase — our database provider (stores your email, quiz answers, and access codes).
- Cloudflare — hosting and content delivery.
- Meta Platforms — advertising measurement, only with your consent, using hashed identifiers.
- Email provider (Resend) — sending transactional and (if opted in) marketing email.
We never sell your personal data. We share it only with the processors above under data-processing agreements, or where required by law.
4. International transfers
Our providers may process data in the United States and the EU. Where data leaves the EEA/UK/Turkey, transfers rely on adequacy decisions or standard contractual clauses (and, for Turkey, the KVKK transfer mechanisms in force).
5. Retention
- Quiz answers of non-purchasers: deleted or anonymized within 12 months of last activity.
- Customer records: kept while your subscription is active, then as required for tax/accounting (typically 7–10 years for invoices).
- Marketing consent records: kept as long as you are subscribed plus the period needed to evidence consent.
6. Your rights
Depending on where you live (GDPR, UK GDPR, KVKK, or US state privacy laws), you can: access a copy of your data; correct it; delete it; restrict or object to processing; port it; and withdraw consent at any time. To exercise any right, email [email protected] — we respond within 30 days. You also have the right to complain to your supervisory authority (in Turkey, the KVKK Board; in the EU, your national DPA).
7. Cookies
Essential cookies/storage keep the funnel working (your quiz progress, plan selection, consent choice). Advertising cookies (Meta Pixel) load only after you click "Accept all" in the banner. You can change your choice by clearing this site's data in your browser.
8. Children
This service is for adults. We do not knowingly collect data from anyone under 18. If you believe a minor has provided data, contact us and we will delete it.
9. Contact
Data controller: [COMPANY LEGAL NAME], [ADDRESS]. Email: [email protected].
10. Changes
We will post any changes here and update the date above. Material changes affecting consent will be re-requested.