PebbiPebbi

Privacy Policy

Effective date: 21 January 2026

Pebbi is built with privacy at its core. This policy explains how we collect, use, share, and protect personal data when you use the Pebbi mobile app and this marketing website (together, the “Services”). It is UK‑centric (UK GDPR and Data Protection Act 2018) and is intended to be compatible with overseas use of the Services.

Who we are and how to contact us

Pebbi (“we”, “us”, “our”) is the controller of your personal data for the Services. If you have questions or wish to exercise your rights, please contact us via the Contact page.

What data we collect

We aim to collect the minimum data necessary to provide the Services.

  • Account and profile data: name, email address, and settings you choose.
  • Care activity data (app): entries you choose to log (e.g., feeding, sleep, diapers, milestones), notes, timestamps.
  • Household sharing (app): members you invite and roles you assign.
  • Device and technical data: device model, OS/version, app version, and limited diagnostic logs for reliability and security.
  • AI features data (optional, app): if you enable PebbiAI, we process relevant handover event content to generate handover summaries, and we store the resulting summaries in the app until you delete them or disable PebbiAI.
  • Communications: messages you send us (e.g., via the contact form). Email delivery is supported by our provider (see “Service providers”).
  • Website: essential cookies only for security and core functionality. We do not use advertising cookies.

Why we process your data (legal bases)

  • Contract: to provide and support core features of the app and website you request.
  • Legitimate interests: to keep the Services secure, prevent abuse, improve reliability, and understand high‑level usage in a privacy‑respecting way.
  • Consent: where you explicitly agree (for example, when you enable PebbiAI or submit the contact form). You can withdraw consent at any time by disabling the relevant feature.
  • Legal obligations: to comply with applicable laws and regulatory requirements.

How we use your data

  • Provide, maintain, and improve the Services and their security.
  • Enable optional household sharing with your chosen members.
  • Provide optional AI-driven handover summaries when PebbiAI is enabled.
  • Respond to support requests and communicate important updates.
  • Detect, prevent, and address fraud, abuse, and technical issues.

PebbiAI (AI-driven handover summaries)

Pebbi includes an optional feature called PebbiAI that can generate summaries of handover events to make it easier for caregivers to stay in sync. PebbiAI is designed with privacy in mind: data minimisation, redaction, and user control.

  • What’s shared: while PebbiAI is enabled, anonymised and redacted aggregate data related to handover events may be shared with third‑party AI processing providers (for example, Google) strictly for the purpose of handover summary generation.
  • No retention by AI agents: we configure and require AI providers not to retain the data they process for PebbiAI, and the data is used only to generate the requested summary.
  • No model training: PebbiAI processing is performed to generate your requested summaries, and is not used to train third‑party AI models.
  • Opt out and deletion: you can disable PebbiAI at any time in the app. Disabling PebbiAI will delete any existing AI summaries and will prevent future sharing of data for summary generation.
  • Clear labeling: all AI-generated content in the app is clearly marked with a “PebbiAI” badge so it’s easy to identify.

PebbiAI is an optional convenience feature. Please review summaries for accuracy before relying on them, especially for important health or care decisions.

Service providers and sharing

We do not sell your personal data. We share data only with trusted processors who act under our instructions and are bound by contracts requiring confidentiality and appropriate security measures. These include:

  • Cloud hosting: to run our infrastructure and store data securely.
  • Email delivery: to send operational and support emails (e.g., via Resend).
  • Security and reliability: limited diagnostics and logging to protect against abuse and ensure uptime.
  • AI processing providers (optional): to generate PebbiAI handover summaries when the feature is enabled.

We may disclose data if required by law, to protect safety, or during a corporate transaction (e.g., merger), where protections will apply.

International data transfers

Your data may be processed outside the UK. Where that occurs, we implement appropriate safeguards such as UK International Data Transfer Agreements (IDTA) or UK Addendum to EU Standard Contractual Clauses, and require equivalent protections from our processors.

Data retention

We retain personal data for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Typical retention:

  • Account and profile: for the life of the account and for a short period after deletion to allow recovery if requested.
  • Care activity data: until you delete entries or your account, subject to backup cycles.
  • Diagnostics and logs: short‑lived rolling windows (typically days to weeks) unless needed to investigate abuse or incidents.

Backups are retained for limited periods before being securely overwritten.

Your rights

Under UK GDPR you have the right to request: (i) access to your data; (ii) rectification; (iii) erasure; (iv) restriction of processing; (v) data portability; and (vi) to object to processing based on legitimate interests. Where we rely on consent, you may withdraw it at any time. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk). We will respond to valid requests within one month or explain if more time is needed.

Children’s data and parental responsibility

The app is intended for parents and caregivers, not for children’s direct use. Care activity data about children is entered and controlled by the responsible adult account holder. If you believe a child has provided us personal data directly, please contact us so we can take appropriate action.

Security

We use appropriate technical and organisational measures, including encryption in transit, access controls, network segmentation, least‑privilege access, and monitoring. No system is perfectly secure; we continuously improve our safeguards and encourage responsible disclosure of potential issues via the Contact page.

Cookies

Our website uses strictly necessary cookies for security and essential functionality. We also offer optional analytics cookies to help us understand what to improve. Analytics is only enabled after you opt in via our cookie banner, and you can change your preference at any time by resetting/saving your cookie preferences.

Analytics providers: Google Analytics and Microsoft Clarity (session analytics). We do not use advertising cookies.

Third‑party links

Our website and app may contain links to third‑party sites or app stores. Their privacy practices are governed by their own policies.

Changes to this policy

We may update this policy from time to time. Material changes will be highlighted here with a new effective date. If changes materially affect your rights, we will take reasonable steps to notify you.

Contact

To exercise your rights or ask questions, please contact us via the Contact page. If your query relates to UK data protection rights, please indicate so in your message.