Pebb LLC Privacy Policy
Privacy Policy
Last Updated: July 22, 2025
This Privacy Policy (“Policy”) explains how Pebb LLC (“Pebb”, “we”, “our”, or “us”) collects, processes, uses, discloses, and protects personal and organizational information of users (“Client”, “you”, or “your”) who access or use our proprietary platform, including all related services, mobile applications, integrations, APIs, and websites (collectively, the “Services”).
By accessing or using the Services, you acknowledge that you have read, understood, and agreed to the terms of this Policy and our Terms of Service. If you do not agree, please discontinue use of the Services immediately.
1. Scope and Application
This Policy applies to all interactions with the Services, whether as an administrator, end-user, organization representative, or third-party affiliate. It governs data collected via all delivery methods, including desktop, mobile, integrated third-party tools, and custom APIs.
2. Information We Collect
2.1 Information You Provide Directly
We collect personal and organizational information that you voluntarily provide, including but not limited to:
Full name, business email, company affiliation, and contact number
Job title, department, and user ID
User-generated content (e.g., chat messages, comments, profile fields, file uploads)
Uploaded media, documents, and associated metadata
Billing details, subscription preferences, and payment data (where applicable)
2.2 Information Collected Automatically
When using the Services, we may automatically collect technical and behavioral data, including:
IP address, device type, operating system, browser version
Log files, clickstream data, session durations, page interactions
Authentication tokens and time-based access history
Geolocation data (if enabled and permitted by you)
2.3 Information From Third Parties
We may receive and process personal data from integrated third-party systems, including:
Identity and access data from services like Azure AD, Google Workspace, or Okta
HRIS, SSO, and payroll platforms
External calendar, document, or productivity tools (e.g., Google Drive, Dropbox)
3. Legal Bases for Processing (EEA, UK, and Similar Jurisdictions)
We rely on the following legal bases to process personal data:
Contractual Necessity: To provide Services under your agreement
Consent: Where expressly given (e.g., for marketing emails)
Legitimate Interests: For service improvement, fraud prevention, and internal analytics
Legal Obligations: To comply with tax, audit, and regulatory duties
4. How We Use Your Information
We use the collected information for the following purposes:
To register and authenticate accounts
To deliver, manage, improve, and personalize the Services
To provide technical support, respond to inquiries, and manage client relationships
To analyze platform usage and generate internal performance reports
To comply with legal obligations and enforce our Terms of Service
To send notifications regarding changes to features, services, or policies
To offer optional surveys, feedback requests, and promotional content (with consent)
5. Data Sharing and Disclosure
We do not sell your personal data. However, we may disclose data to third parties as described below.
5.1 Service Providers and Subprocessors
We may share data with authorized service providers that help us operate and maintain the Services:
Cloud hosting (e.g., AWS)
Analytics (e.g., Google Analytics)
Email delivery and notification systems
Customer success and support tools
Listed subprocessors (see our Subprocessor Page)
These providers are contractually bound to use your data only as necessary to perform their services.
5.2 Legal Compliance and Business Transactions
We may also disclose information to:
Law enforcement, regulatory agencies, or courts in response to lawful requests
Prevent fraud, abuse, or harm
Facilitate due diligence or transfer of ownership during a merger, acquisition, or asset sale
6. Data Retention
We retain data only as long as necessary for the purposes outlined in this Policy, unless a longer retention period is required by law. Typical retention periods include:
User accounts: Retained for the duration of your subscription
Chat logs and content: Retained up to 180 days post-termination
Billing records: Retained for the legally required period (usually 7 years)
Upon contract termination or data deletion request, we will delete data unless retention is required for legal, regulatory, or compliance reasons.
7. Security Measures
We implement reasonable and appropriate physical, administrative, and technical safeguards, including:
TLS/SSL encryption for data in transit
Encrypted storage using AES-256 or similar algorithms
Role-based access controls (RBAC) and strict credential policies
Regular internal security audits and vulnerability scanning
Intrusion detection, logging, and incident response protocols
⚠️ Important Note:
No system is entirely immune to attack. While Pebb exercises due diligence, we make no guarantees of absolute security. You acknowledge and accept that you are responsible for managing your own credentials, permissions, and internal policies to maintain the integrity of your data.
8. International Data Transfers
Pebb is headquartered in the United States. By using our Services, you understand that your information may be transferred to and processed in the U.S. or other jurisdictions that may have different data protection laws than your own.
For EEA/UK residents, we use Standard Contractual Clauses (SCCs) and other legal safeguards to enable lawful international data transfers.
9. Your Rights and Choices
Depending on your region, you may have the right to:
Request access to the personal data we hold about you
Correct or update inaccurate data
Request deletion (subject to legal limitations)
Object to or restrict processing of your data
Withdraw consent (where processing is based on consent)
File a complaint with your local data protection authority
To exercise any of these rights, please contact us at: privacy@pebb.io. We may require verification of your identity prior to fulfilling requests.
10. Third-Party Services and Links
The Services may link to or integrate with third-party websites, platforms, or APIs (e.g., Google Drive, Dropbox). These are governed by separate privacy policies and are not controlled by Pebb. We do not accept responsibility or liability for their handling of your data.
Use of these third-party tools is at your own risk, and we encourage you to review their privacy practices independently.
11. Children’s Privacy
The Services are not intended for individuals under the age of 16. We do not knowingly collect data from children. If we discover that personal information of a child has been collected without verified parental consent, we will delete it promptly.
12. Data Breach Notification and Limitation of Liability
In the event of a confirmed breach of security involving Client Data:
We will notify affected customers without undue delay
We will investigate and take corrective actions
We will cooperate with applicable regulatory bodies
However, Pebb shall not be held liable for damages arising from:
Unauthorized access due to third-party cyberattacks
Misuse of credentials by authorized users
Misconfiguration by clients or third-party integrations
Clients agree to maintain strong passwords, apply access controls, and implement their own data loss prevention measures.
13. Changes to This Policy
We reserve the right to update or modify this Policy at any time. Changes will be posted on this page with a new effective date. For material changes, we may notify users via email or in-platform alert. Continued use of the Services constitutes acceptance of the updated Policy.
14. Contact Information
If you have questions or concerns about this Policy or how your data is handled, please contact us:
Pebb LLC
Email: privacy@pebb.io