Privacy Policy

1. Introduction and Scope

Pebble ("we", "us", "our", or "Company") operates the Pebble service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit and use our website and service, including any other media form, media channel, mobile website, or mobile application related or connected thereto (collectively, the "Service").

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service. Your use of the Service signifies your acceptance of this Privacy Policy.

2. Information We Collect

We collect information in various ways, including information you provide directly and information collected automatically.

2.1 Information You Provide Directly

• Account Registration: Name, email address, password, and optional profile information
• Audio Content: Speech samples and practice recordings for transcription and analysis
• Communication Data: Messages, feedback, support requests, and responses
• Profile Information: Speaking goals, experience level, learning objectives, and preferences

2.2 Information Collected Automatically

• Device Information: Device type, operating system, browser type, and IP address
• Usage Data: Pages visited, features used, session duration, and interaction patterns
• Performance Metrics: Speech analysis results, transcription accuracy, and improvement metrics
• Cookies and Tracking: Session cookies (httponly, secure) and authentication tokens

2.3 Third-Party Information

If you authenticate via Google OAuth, we receive your Google account information (name, email, profile picture) from Google. We do not receive or store your Google password.

3. How We Use Your Information

3.1 Service Provision and Improvement

• Creating and maintaining your account
• Delivering real-time transcription and speech analysis
• Generating personalized feedback and recommendations
• Tracking your progress and learning outcomes
• Improving the accuracy and effectiveness of our AI models

3.2 Communication

• Responding to your inquiries and support requests
• Sending service announcements and updates
• Notifying you of changes to our policies or service

3.3 Analytics and Research

• Analyzing usage patterns and user behavior (anonymized)
• Conducting research to improve the Service
• Creating aggregate statistical reports

3.4 Security and Legal Compliance

• Preventing fraud and unauthorized access
• Protecting our rights and your safety
• Complying with legal obligations and law enforcement requests

3.5 AI Model Training (With Consent)

With your explicit opt-in consent, we may use anonymized and de-identified versions of your speech data to train and improve our transcription and analysis models. You can withdraw this consent at any time in your settings.

4. Data Storage and Retention

4.1 How Long We Keep Your Data

• Account Information: Retained while your account is active and for 30 days after deletion
• Audio Recordings: Stored in your account history until you delete them; real-time session audio is not stored unless saved
• Performance Analytics: Retained in your account for your reference and historical analysis
• Deleted Account Data: Permanently deleted 30 days after account deletion (except where required by law)
• Backup Data: May be retained for up to 90 days for disaster recovery purposes

4.2 Data Location

Your data is primarily stored in secure cloud infrastructure. If we use multiple data centers, your data may be transferred between them for backup and redundancy purposes.

5. Data Security and Protection

5.1 Security Measures

We implement industry-standard security measures to protect your information:

• SSL/TLS encryption for data in transit
• AES-256 encryption for sensitive data at rest
• Secure authentication with JWT tokens and httponly cookies
• Regular security audits and penetration testing
• Access controls and role-based permissions
• Input validation and sanitization

5.2 Limitations

While we implement reasonable security measures, no system is 100% secure. We cannot guarantee absolute security of your data.

5.3 Your Responsibilities

You are responsible for maintaining the confidentiality of your password and account credentials. Notify us immediately of any unauthorized access or security breaches.

6. Sharing of Information

6.1 We Do NOT Sell Your Data

We do not sell, trade, or rent your personal information to third parties for their marketing purposes.

6.2 Service Providers

• OpenAI: We send audio data to OpenAI's Whisper API for transcription (subject to OpenAI's privacy policy)
• Google: OAuth authentication provider (subject to Google's privacy policy)
• Cloud Infrastructure: Data hosting and backup providers

6.3 Legal Requirements

We may disclose your information when required by law, court order, or government request. We will attempt to notify you of such requests unless legally prohibited.

6.4 Aggregated Data

We may share aggregated, anonymized, and de-identified data (statistics, trends, research findings) publicly without restriction.

7. Your Privacy Rights

7.1 Access and Portability

You have the right to request a copy of your personal data in a machine-readable format. You can download your data through your account settings.

7.2 Correction and Deletion

You may update your account information or request deletion of your account and associated data at any time. We will delete your data within 30 days, except where retention is required by law.

7.3 Opt-Out of Communications

You can opt out of marketing emails at any time by clicking the "unsubscribe" link in our emails or adjusting your notification preferences in settings.

7.4 Cookie Preferences

You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.

7.5 Exercising Your Rights

To exercise any of these rights, contact us at privacy@pebble.ai. We will respond within 30 days.

8. Cookies and Tracking Technologies

• Essential Cookies: Required for authentication and service functionality (httponly, secure)
• Session Cookies: Maintain your logged-in session
• Analytics Cookies: Track usage patterns to improve the Service
• Preference Cookies: Remember your settings and preferences

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected information from a child under 13, we will delete it immediately.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional privacy rights under the California Consumer Privacy Act (CCPA):

• Right to know what data is collected and how it's used
• Right to delete your personal information
• Right to opt-out of data sales (we don't sell data)
• Right to non-discrimination for exercising your rights

To exercise these rights, contact us at privacy@pebble.ai.

11. European Privacy Rights (GDPR)

If you are in the European Union, your data processing is governed by the General Data Protection Regulation (GDPR). You have the following rights:

• Right to access, rectification, and erasure
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with a data protection authority

Contact us at privacy@pebble.ai to exercise these rights.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service following changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights:

Email: privacy@pebble.ai
Support: support@pebble.ai
Response Time: We will respond within 7 business days