Privacy Policy

Last Updated: July 22, 2025

This Privacy Policy (“Policy”) explains how Pebb LLC (“Pebb”, “we”, “our”, or “us”) collects, processes, uses, discloses, and protects personal and organizational information of users (“Client”, “you”, or “your”) who access or use our proprietary platform, including all related services, mobile applications, integrations, APIs, and websites (collectively, the “Services”).

By accessing or using the Services, you acknowledge that you have read, understood, and agreed to the terms of this Policy and our Terms of Service. If you do not agree, please discontinue use of the Services immediately.

1. Scope and Application

This Policy applies to all interactions with the Services, whether as an administrator, end-user, organization representative, or third-party affiliate. It governs data collected via all delivery methods, including desktop, mobile, integrated third-party tools, and custom APIs.

2. Information We Collect

2.1 Information You Provide Directly

We collect personal and organizational information that you voluntarily provide, including but not limited to:

• Full name, business email, company affiliation, and contact number

• Job title, department, and user ID

• User-generated content (e.g., chat messages, comments, profile fields, file uploads)

• Uploaded media, documents, and associated metadata

• Billing details, subscription preferences, and payment data (where applicable)

2.2 Information Collected Automatically

When using the Services, we may automatically collect technical and behavioral data, including:

• IP address, device type, operating system, browser version

• Log files, clickstream data, session durations, page interactions

• Authentication tokens and time-based access history

• Geolocation data (if enabled and permitted by you)

2.3 Information From Third Parties

We may receive and process personal data from integrated third-party systems, including:

• Identity and access data from services like Azure AD, Google Workspace, or Okta

• HRIS, SSO, and payroll platforms

• External calendar, document, or productivity tools (e.g., Google Drive, Dropbox)

3. Legal Bases for Processing (EEA, UK, and Similar Jurisdictions)

We rely on the following legal bases to process personal data:

• Contractual Necessity: To provide Services under your agreement

• Consent: Where expressly given (e.g., for marketing emails)

• Legitimate Interests: For service improvement, fraud prevention, and internal analytics

• Legal Obligations: To comply with tax, audit, and regulatory duties

4. How We Use Your Information

We use the collected information for the following purposes:

• To register and authenticate accounts

• To deliver, manage, improve, and personalize the Services

• To provide technical support, respond to inquiries, and manage client relationships

• To analyze platform usage and generate internal performance reports

• To comply with legal obligations and enforce our Terms of Service

• To send notifications regarding changes to features, services, or policies

• To offer optional surveys, feedback requests, and promotional content (with consent)

5. Data Sharing and Disclosure

We do not sell your personal data. However, we may disclose data to third parties as described below.

5.1 Service Providers and Subprocessors

We may share data with authorized service providers that help us operate and maintain the Services:

• Cloud hosting (e.g., AWS)

• Analytics (e.g., Google Analytics)

• Email delivery and notification systems

• Customer success and support tools

• Listed subprocessors (see our Subprocessor Page)

These providers are contractually bound to use your data only as necessary to perform their services.

5.2 Legal Compliance and Business Transactions

We may also disclose information to:

• Law enforcement, regulatory agencies, or courts in response to lawful requests

• Prevent fraud, abuse, or harm

• Facilitate due diligence or transfer of ownership during a merger, acquisition, or asset sale

6. Data Retention

We retain data only as long as necessary for the purposes outlined in this Policy, unless a longer retention period is required by law. Typical retention periods include:

• User accounts: Retained for the duration of your subscription

• Chat logs and content: Retained up to 180 days post-termination

• Billing records: Retained for the legally required period (usually 7 years)

Upon contract termination or data deletion request, we will delete data unless retention is required for legal, regulatory, or compliance reasons.

7. Security Measures

We implement reasonable and appropriate physical, administrative, and technical safeguards, including:

• TLS/SSL encryption for data in transit

• Encrypted storage using AES-256 or similar algorithms

• Role-based access controls (RBAC) and strict credential policies

• Regular internal security audits and vulnerability scanning

• Intrusion detection, logging, and incident response protocols

⚠️ Important Note:

No system is entirely immune to attack. While Pebb exercises due diligence, we make no guarantees of absolute security. You acknowledge and accept that you are responsible for managing your own credentials, permissions, and internal policies to maintain the integrity of your data.

8. International Data Transfers

Pebb is headquartered in the United States. By using our Services, you understand that your information may be transferred to and processed in the U.S. or other jurisdictions that may have different data protection laws than your own.

For EEA/UK residents, we use Standard Contractual Clauses (SCCs) and other legal safeguards to enable lawful international data transfers.

9. Your Rights and Choices

Depending on your region, you may have the right to:

• Request access to the personal data we hold about you

• Correct or update inaccurate data

• Request deletion (subject to legal limitations)

• Object to or restrict processing of your data

• Withdraw consent (where processing is based on consent)

• File a complaint with your local data protection authority

To exercise any of these rights, please contact us at: privacy@pebb.io. We may require verification of your identity prior to fulfilling requests.

10. Third-Party Services and Links

The Services may link to or integrate with third-party websites, platforms, or APIs (e.g., Google Drive, Dropbox). These are governed by separate privacy policies and are not controlled by Pebb. We do not accept responsibility or liability for their handling of your data.

Use of these third-party tools is at your own risk, and we encourage you to review their privacy practices independently.

11. Children’s Privacy

The Services are not intended for individuals under the age of 16. We do not knowingly collect data from children. If we discover that personal information of a child has been collected without verified parental consent, we will delete it promptly.

12. Data Breach Notification and Limitation of Liability

In the event of a confirmed breach of security involving Client Data:

• We will notify affected customers without undue delay

• We will investigate and take corrective actions

• We will cooperate with applicable regulatory bodies

However, Pebb shall not be held liable for damages arising from:

• Unauthorized access due to third-party cyberattacks

• Misuse of credentials by authorized users

• Misconfiguration by clients or third-party integrations

Clients agree to maintain strong passwords, apply access controls, and implement their own data loss prevention measures.

13. Changes to This Policy

We reserve the right to update or modify this Policy at any time. Changes will be posted on this page with a new effective date. For material changes, we may notify users via email or in-platform alert. Continued use of the Services constitutes acceptance of the updated Policy.

14. Contact Information

If you have questions or concerns about this Policy or how your data is handled, please contact us:

Pebb LLC

Email: privacy@pebb.io