Pebblechest
Beta

Privacy Policy

Last updated: January 2026

Template notice: this page is a starter baseline and should be reviewed/updated for your product and jurisdiction.

Who we are

This Privacy Policy describes how Pebblechest (“we”, “us”) processes personal data when you use Pebblechest.

Contact (privacy): thomas@pebblechest.com · Denmark

Scope

This policy applies to our website, application, and related services. It does not cover third‑party sites you may access via links in our product.

What we collect

  • Account data: email address, name (optional), password hash (if using password login), and profile fields you add.
  • Security and session data: IP address, user agent, and authentication session metadata to prevent fraud and secure accounts.
  • Billing data (if you subscribe): Stripe customer and subscription identifiers and invoice history. We do not store full payment card numbers.
  • Content data: content you create or publish in the app (for example posts or uploads).
  • Cookie and device data: necessary cookies for authentication and security; optional analytics/marketing cookies only with your consent.

How we use data

  • Provide and maintain the service (authentication, account management, core features).
  • Secure the service (rate limiting, fraud prevention, audit logs, debugging).
  • Process subscriptions and manage billing (if enabled).
  • Improve the product and user experience (analytics only with consent).
  • Send transactional messages (verification and password reset emails).

Legal bases (GDPR)

  • Contract: to provide the service you request.
  • Legitimate interests: to secure, prevent abuse, and improve our service.
  • Consent: for optional cookies/trackers and marketing communications (where applicable).

Cookies and similar technologies

We use necessary cookies to operate core features (for example sign‑in and security). Optional cookies (analytics/marketing) are only used if you opt in. You can change your choices at any time.

Cookie Policy

Sharing and processors

We may share data with service providers that help us operate the service. Common examples in this template include:

  • Supabase (database, authentication-related storage).
  • Stripe (payments, subscriptions, invoicing).
  • Email delivery provider (for verification/password reset emails).
  • Hosting/monitoring providers (for uptime and performance).

You should review and update this list to match the providers you actually use.

International transfers

Some providers may process data outside your country/region. Where required, we rely on appropriate transfer mechanisms (for example standard contractual clauses) and take steps to protect your data.

Data retention

We keep personal data only as long as necessary for the purposes described above, including legal and accounting requirements. You can request deletion of your account data where applicable.

Security

We use technical and organizational measures to protect personal data (for example access controls, logging, and encryption in transit). No method of transmission or storage is completely secure.

Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, or request portability of your personal data. You may withdraw consent at any time for optional cookies.

Cookie Policy

To exercise rights, contact thomas@pebblechest.com .

Complaints

If you are in the EEA/UK, you may lodge a complaint with your local data protection authority. We encourage you to contact us first so we can try to resolve the issue.

Children

Our service is not directed to children under 13. If you believe a child has provided personal data, contact us and we will take appropriate steps.

Changes

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice as required.