← Back

Privacy Policy

Pebbii Ltd · Last updated: April 2026

1. Introduction

Pebbii Ltd ("we", "us", or "our") operates the Pebbii Journal mobile application (the "App"). This Privacy Policy explains how we collect, use, and safeguard your personal information. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using Pebbii Journal, you agree to this Privacy Policy. If you do not agree, please do not use the App.

2. Data Controller

  • Email: hello@pebbii.com
  • Address: 27 Old Gloucester Street, London, WC1N 3AX, UK

3. Information We Collect

3.1 Information You Provide

  • Account: display name, email address (optional), and profile picture. We do not store passwords — you sign in via Google, Apple, or email through Firebase or Auth0.
  • Journal entries: the text of your entries, entry date, and any photo you attach.
  • Location: if you choose to tag an entry with a location, we collect the GPS coordinates and location name from your device. This is optional and requires your permission. We do not collect background location data.

3.2 Information Collected Automatically

  • Push notification token: if you grant notification permissions, we store a device token (FCM) used solely to deliver notifications to your device.
  • IP address: logged for security purposes only. Not used for advertising or tracking.

3.3 What We Do Not Collect

We do not collect your contacts, data from other apps, advertising identifiers, or biometric data. We do not use analytics SDKs to track your behaviour in the App.

4. How We Use Your Information

  • To provide the Service (Contract Performance): storing and syncing journal entries, running shared journals and the reveal mechanic, delivering daily prompts, and processing subscriptions via the Apple App Store or Google Play Store.
  • To protect the Service (Legitimate Interests): detecting and preventing fraud or unauthorised access, and troubleshooting.
  • With your consent: sending push notifications (opt out any time in device settings), sending marketing emails about new features (opt out any time), and AI-generated personalised prompts (see Section 5).
  • Legal obligations: complying with legal obligations or responding to lawful requests from authorities.

5. AI-Powered Features

All users receive daily prompts from our curated library. Premium users can additionally enable AI-generated personalised prompts, powered by Anthropic's Claude API.

When generating prompts, we send your journal metadata to the API: journal name, type, prompt categories, and your monthly entry count. The text of your journal entries is never sent to the AI service.

You can withdraw consent for AI features at any time in App settings.

6. How We Share Your Information

We do not sell your personal information.

  • Other users: in a shared journal, your entries become visible to other members after they submit their own response (the reveal mechanic). Your display name is visible to members of journals you join.
  • Firebase & Auth0: authentication and identity verification.
  • Firebase Cloud Messaging: push notification delivery (your device token only).
  • Cloud storage: user-uploaded images (Cloudflare R2 or Backblaze B2).
  • Apple App Store / Google Play Store: subscription billing. We do not receive your payment card details.
  • Mailjet: transactional emails (e.g. data export download links).
  • Anthropic: AI prompt generation for users who have enabled this feature.
  • Legal requirements: we may disclose your information when required by law or a valid court order.
  • Business transfers: if Pebbii Ltd is acquired or merges, your data may transfer to the successor entity. We will notify you before this happens.

All service providers are bound by confidentiality obligations and may only use your data for the purposes for which it was disclosed.

7. Data Security

We protect your data with encryption in transit (TLS), OAuth-based authentication (no passwords stored by us), and strict access controls. No internet transmission is 100% secure, but we apply commercially reasonable measures to protect your information.

8. Data Retention

  • Account and journal data: retained while your account is active; deleted within 90 days of account deletion.
  • Device tokens: deleted when you remove the device or delete your account.
  • Subscription records: retained for 7 years for legal and tax compliance.

9. Your Rights Under UK GDPR

You have the right to access, correct, delete, restrict, or export your personal data, and to object to or withdraw consent for certain processing. Use the in-app account settings or contact us at hello@pebbii.com. We will respond within one month.

You may also lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk.

10. Children's Privacy

The App is for users aged 13 and older. We do not knowingly collect data from children under 13. If you believe a child has registered, contact us and we will delete their data. We recommend parental guidance for users aged 13–17, particularly for shared journals.

11. International Data Transfers

Some service providers (Firebase, Auth0, Anthropic, Mailjet) process data in the United States. We ensure appropriate safeguards, such as Standard Contractual Clauses approved by the UK ICO, are in place for all international transfers.

12. Tracking Technologies

We do not use advertising cookies or third-party tracking SDKs. Authentication session tokens are used solely to keep you signed in.

13. Changes to This Policy

We will notify you of material changes by updating the "Last Updated" date in the App and, for significant changes, by email. Continued use of the App constitutes acceptance.

14. Contact

  • Email: hello@pebbii.com
  • Address: 27 Old Gloucester Street, London, WC1N 3AX, UK