Privacy Policy
Last updated: 31 May 2026
Email and attachment scanning — in plain English
- We read the content of the inboxes you connect, so we can find your bills, subscriptions, and renewals. To do this, the relevant email text is sent to our AI provider, Anthropic (Claude), which processes it for us under contract.
- When you ask us to “dig deeper” on a contract, we may also open PDF documents attached to those emails — such as a bill, invoice, statement, or insurance policy — and read their text to recover a price or renewal date. We read only a few relevant documents, text only (not images), and we do not store the raw email or document text afterwards — only the details we work out from it.
- Documents like insurance policies can contain sensitive information (for example about health) or information about other people. Please only connect inboxes, and only use “dig deeper”, where you are entitled to let us process those messages and documents — including where they contain information about other people.
- The precise legal basis for this activity is being confirmed by our data-protection adviser [performance of contract / consent / legitimate interests — confirm]. The full detail is in the sections below.
1. Who this applies to
This policy explains how Peamo processes personal data for users in the United Kingdom, and your rights under UK data protection law (the UK GDPR and the Data Protection Act 2018). Peamo is operated by Arcshore Limited (company no. 17251532), registered in England & Wales at 960 Capability Green, C/O MMK Accountants Ltd, Luton, Bedfordshire, LU1 3PE, United Kingdom. Arcshore Limited acts as the data controller for the personal data described below.
2. Data we process
- Account information — your email address, your name where you provide it, and basic account settings.
- Connected-inbox access — when you connect a Gmail or Outlook account, we hold an access credential (an OAuth token) for that mailbox in an encrypted vault, and use it only to perform the scans you have authorised.
- Email content — with your permission, the content of connected email accounts is read to detect bills, contracts, subscriptions, and renewals. This content is processed in memory during a scan and is not stored afterwards — only the structured details below are kept. To detect contracts, the relevant email content is sent to our AI sub-processor, Anthropic (Claude), for classification (see section 6).
- Detected contract details — the structured details extracted from those messages, such as provider, recurring cost, renewal date, and category.
- On-demand enrichment (“Dig deeper”) — when you choose to dig deeper on a contract, Peamo re-reads the relevant emails in your already-connected inbox to fill in details such as price, renewal date, and the provider’s own manage-or-cancel link. This uses the same mailbox access you have already granted — it requests no broader permission. Where those emails include a PDF attachment that is likely to hold the relevant details — such as a bill, invoice, statement, or insurance policy document — Peamo may also read the text of that attachment to recover a price or renewal date. It reads only a small number of such documents for a given request, extracts text only (it does not process images or other attachment types), and applies size and length limits. As with a scan, this email content — and any text extracted from those attachments — is sent to our AI sub-processor, Anthropic (Claude), which processes it for us under contract. Peamo does not store the raw email content or attachment text after the request — we keep only the derived details, which are saved against that contract. (Anthropic, as our processor, may process and briefly retain that content on our behalf under its own contractual retention terms before deleting it — see sections 6 and 10.) These details are removed when the contract is erased — for example when you delete the contract, disconnect the inbox and choose to erase its detected contracts, or delete your account.
Sensitive information and information about other people. Some documents we may read to dig deeper — for example an insurance policy document — can contain special-category information (such as information about health) or information about other people. We minimise this: we read only the documents likely to hold the price or renewal date, we extract text only (we do not process images), we read only a small number of documents per request with size and length limits, and we do not store the raw text. The specific condition we rely on where such a document contains special-category information is being confirmed by our data-protection adviser [UK GDPR Art. 9 condition — confirm].
Your responsibility. Please only connect inboxes, and only use “dig deeper”, where you are entitled to let us process the relevant messages and documents — including where they contain information about other people.
Legal basis. Our legal basis for the on-demand “dig deeper” re-read and any reading of attached documents is being confirmed by our data-protection adviser [performance of contract / consent / legitimate interests — confirm]; we will update this policy to state the confirmed basis (see section 3).
3. Lawful bases
We rely on your consent to access and scan your connected email accounts, including the related transfer of email content to our AI sub-processor for classification; you can withdraw that consent at any time. We rely on the performance of our agreement with you to provide the service and to send you account and renewal notifications, and on our legitimate interests to operate, secure, and improve the service.
The specific basis for the on-demand “Dig deeper” re-read and any reading of attached documents — including the condition relied on where a document contains special-category information (such as information about health) — is being confirmed by our data-protection adviser [Art. 6 basis + Art. 9 condition — confirm], and section 2 will be updated to state it.
4. How we use your data
- to detect and organise your recurring contracts and renewals;
- to present renewal dates, recurring costs, and category-average estimates;
- to operate, maintain, secure, and improve the service; and
- to communicate with you about your account and the service.
5. Security
We apply technical and organisational measures to protect your data. Access tokens for connected email accounts are held in an encrypted token vault, separated from application data, and are used only to perform the scans you have authorised. No security measure is perfect, but we work to keep our safeguards proportionate to the data we hold.
6. Sub-processors
We use the trusted service providers below to run Peamo. Each processes personal data only to provide its function to us, under our instructions:
- Supabase — database, authentication, and the encrypted vault that holds your inbox access credentials. Hosted in the United Kingdom (London).
- Vercel — application hosting and scheduled tasks.
- Anthropic (Claude) — our artificial-intelligence sub-processor. Anthropic processes email content to detect contracts and renewals. When you run a scan, the relevant email content is sent to Anthropic’s Claude model for classification; and when you dig deeper on a contract, the relevant email content — and any text extracted from PDF attachments such as bills or policy documents — is sent for the same purpose. Anthropic acts as a processor, processing this content on our behalf and on our instructions. Under Anthropic’s commercial terms, the inputs and outputs sent through its commercial API are not used to train its models by default, and are deleted from Anthropic’s systems within a limited retention window (currently up to around 30 days, with a zero-data-retention option available for eligible commercial use), except where it must retain them to meet a legal or safety obligation. United States; transfers are made under standard contractual clauses with the UK Addendum, supported by a transfer risk assessment (see section 10). [Confirm against our signed Anthropic DPA.]
- Google — when you connect a Google account, provides Gmail sign-in and read access to your Gmail messages for scanning.
- Microsoft — when you connect a Microsoft account, provides Outlook sign-in and read access to your Outlook messages for scanning.
- Resend — delivery of transactional email such as sign-in links and account notifications.
- Sentry — error monitoring. Hosted in the European Union (Germany) and configured to remove personal data, including masking email addresses, from error reports.
- Plausible — privacy-friendly, cookieless website analytics. Aggregate measurement only, with no individual identifiers.
We update this list when our providers change. Connecting to bank accounts (Open Banking) is not enabled in the current service.
7. Retention
- Email content is processed only during a scan and is not stored afterwards — we do not keep the contents of your emails.
- Detected contract details are retained while your account is active; you can delete individual contracts at any time.
- Inbox access credentials are held only while a connection is active and are removed when you disconnect that inbox.
- Scan records — limited operational records of each scan (its status and counts, not email content) — are kept to run and support the service; we are introducing automated deletion of these records after 90 days.
“Not stored” here means Peamo does not keep the raw email or attachment text after a scan or a “dig deeper” request. Our AI sub-processor, Anthropic, may process and briefly retain that content on our behalf under its own contractual retention terms before deleting it (see section 6) — so this does not mean the content is never retained anywhere.
Where we are required to keep certain data for longer to meet a legal obligation, we do so for no longer than necessary.
8. Your rights
Under UK GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected (rectification);
- have your data erased in certain circumstances (erasure);
- receive your data in a portable format (data portability);
- restrict or object to certain processing;
- withdraw your consent to email access at any time; and
- complain to the Information Commissioner’s Office (ICO).
To exercise these rights: you can disconnect any connected inbox at any time from your account settings, and choose at that point to erase the contracts detected from it; you can delete individual contracts in the app; and you can withdraw email-access consent by disconnecting. For a copy of your data, or to request full erasure of your account, email us at support@peamo.co.uk and we will action your request.
9. Cookies
Peamo uses cookies and similar technologies that are necessary to sign you in and keep the service secure. For analytics we use Plausible, which is cookieless and does not track you across sites. We do not use advertising cookies.
10. International transfers
Your core account and contract data is stored in the United Kingdom (Supabase, London). Some of our other providers process data outside the UK. Email content — and any text extracted from attachments — sent to Anthropic (Claude) for classification is processed in the United States; for that transfer we rely on standard contractual clauses with the UK Addendum, supported by a transfer risk assessment [to be completed and confirmed by our data-protection adviser]. Error-monitoring data (Sentry) is hosted in the European Union (Germany), although it may be accessed from outside the EU by Sentry or its providers under appropriate safeguards. Where data is processed outside the UK, we rely on appropriate safeguards recognised under UK data protection law — such as adequacy regulations or standard contractual clauses with the UK Addendum — to protect your data.
11. Contact and data protection
For any privacy question, or to exercise your rights, you can contact Arcshore Limited at support@peamo.co.uk, which is our route for all data-protection enquiries.