Privacy Notice

1. Who We Are and Why You're Seeing This

Peabody Compliance (operated by Peabody Software, LLC) provides location verification technology to businesses — such as online gaming platforms, fintech applications, and sweepstakes operators. When you use one of those platforms, they may direct you to the Peabody Verify app to confirm your physical location before allowing access to certain features.

Peabody acts as a technology provider on behalf of the platform you signed up with (your "operator"). Your primary relationship for data purposes is with that operator. This notice explains what Peabody specifically collects and does with your information during the verification process.

2. What We Collect and Why

We collect only what is necessary to perform a location verification. Here is what that includes:

Location Data

• GPS coordinates (latitude, longitude, altitude) — to confirm you are physically present in an authorized location.
• Location accuracy — to assess the reliability of the GPS reading.
• Nearby Wi-Fi access point identifiers (BSSID/SSID) — used alongside GPS to cross-verify your location and detect location spoofing tools.
• IP address — to check for VPN or proxy use that might mask your true location.

Device Signals

• Operating system version — to assess device integrity.
• Device vendor identifier (IDFV) — a device-level identifier assigned by iOS, stable until the app is uninstalled. Used to link verification records to a device when no account identifier is provided by your operator.
• Jailbreak / mock location indicators — to detect whether your device has been tampered with or is simulating a false location.
• VPN / remote desktop status — to identify connections that could be used to circumvent location restrictions.

Consent Record

• When you grant or decline location consent in the Peabody Verify app, we record that decision along with the timestamp — both the time reported by your device and the time our server received it. This record is required by certain state laws.

Identity Information (from your operator)

• If your operator included your account ID or email address in the link they used to open the Peabody Verify app, we store that alongside your verification record so the result can be matched back to your account. Peabody does not independently verify or collect this information — it comes from your operator.

3. How We Use Your Information

• To perform the location check your operator requested and return a pass/fail result to them.
• To detect fraud and spoofing — cross-referencing GPS, Wi-Fi, and IP signals to identify location manipulation tools.
• To maintain a tamper-evident audit log — regulators in many jurisdictions (particularly gaming and fintech) require operators to retain records of location verifications. Peabody stores these logs on the operator's behalf.
• To improve our service — we analyze aggregated, de-identified telemetry to improve detection accuracy. This analysis does not identify you personally.

We do not use your location data to serve you advertisements, build behavioral profiles for marketing, or sell your information to data brokers.

4. Who We Share Your Information With

• Your operator — we return the verification result (compliant / not compliant, risk score, reason) to the platform that requested the check. They may store this result in their own systems subject to their own privacy policy.
• Infrastructure providers — our hosting and database services run on infrastructure that may be operated by third-party cloud providers. These providers act under confidentiality obligations and are not permitted to use your data for their own purposes.
• Google Geolocation API — in some cases, nearby Wi-Fi access point identifiers are sent to Google's Geolocation API to assist in triangulating your position. This is subject to Google's own privacy terms. No personally identifying information is included in these requests.
• Legal compliance — we may disclose information if required by law, court order, or valid legal process.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do not sell your personal data to any third party.

5. How Long We Keep Your Data

Verification logs and consent records are retained for as long as required by the operator's regulatory obligations — typically between one (1) and seven (7) years depending on jurisdiction. If you submit a deletion request, we will process it within 30 days to the extent permitted by applicable law. Some records may be retained longer where required by law, regulation, or legitimate fraud prevention purposes.

6. Your Privacy Rights

Depending on the state or country where you live, you may have the following rights regarding the personal data we hold about you:

• Right to know — request a summary of the personal data we have collected about you.
• Right to delete — request that we delete your personal data, subject to legal retention requirements.
• Right to correct — request correction of inaccurate information.
• Right to opt out — withdraw your consent to location tracking. Note that doing so may affect your ability to use certain features of your operator's platform.
• Right to non-discrimination — exercising your privacy rights will not result in different or lesser service from Peabody.

These rights apply under laws including the California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and similar state frameworks.

To exercise any of these rights, submit a request using our Data Deletion & Consent Revocation form or email us at support@peabodycompliance.com. We will acknowledge your request within 10 business days and complete processing within 30 days.

7. Your Consent to Location Tracking

Before the Peabody Verify app requests access to your device's location, it will ask for your express consent. You may decline. If you decline, the verification cannot be completed and your operator's platform may restrict access to certain features accordingly. You can revoke your consent at any time through the Data Deletion & Consent Revocation form or through your iOS device's location settings.

8. Children's Privacy

The Peabody Verify app is not directed at children under the age of 13, and we do not knowingly collect personal data from children under 13. The platforms that use our verification technology are required by their own terms to restrict use by minors in accordance with applicable law. If you believe a child's data has been collected in error, contact us at support@peabodycompliance.com.

9. Data Security

We use industry-standard security measures to protect your data, including encryption of data in transit (TLS) and at rest. Location verification requests are signed with HMAC-SHA256 to prevent tampering. Access to personal data is restricted to authorized personnel and systems.

10. International Data Transfers

Our servers are located in the United States. If you are accessing the Peabody Verify app from outside the United States, your data will be transferred to and processed in the United States. By using the app, you acknowledge this transfer. We take steps to ensure your data is handled in accordance with applicable privacy law.

11. Changes to This Notice

We may update this notice from time to time. The "Last Updated" date at the top of this page will reflect when changes were made. We encourage you to review this notice periodically. Continued use of the Peabody Verify app after changes are posted constitutes your acceptance of the updated notice.

12. Contact Us

If you have questions about this notice or how your data is handled, please contact us:

• Email: support@peabodycompliance.com
• Data requests: peabodycompliance.com/data-deletion.html