← Back to Home
🔒 Privacy Policy
Last updated: March 31, 2026
Pebble (the "App") is developed and operated by peanut ("we"). We value your privacy. This policy explains how we collect, use, and protect your personal data.
Data We Collect
We collect the following data through the App:
- Account info: Name and email address obtained via Google or Apple sign-in
- Profile: Nickname, theme color, and language preference you set
- Pairing info: Anniversary date, invite code
- User content: Notes, lists, saved links, comments, uploaded images
- Device info: Push notification token (for sending notifications), device ID (for E2EE key management)
End-to-End Encryption (E2EE)
Your note content (titles, body, checklist items), personal memos on saved posts, and comments are protected with AES-256-GCM end-to-end encryption. This means:
- Encryption keys exist only on your and your partner's devices
- Keys are securely transferred between devices via X25519 key exchange; the server only relays encrypted keys
- Our server stores only ciphertext and cannot read your content
- Even if the server is breached, your data remains safe
Unencrypted data includes: tags, platform source, and public post titles/thumbnails (this information comes from public web pages and is not private content).
How We Use Your Data
Your data is used solely for the following purposes:
- Provide shared notes and saves between paired partners
- Send push notifications (new notes, new saves, reminders)
- Maintain and improve the service
- Verify user identity
Data Storage & Security
- Data is stored on AWS cloud servers with HTTPS/TLS encryption in transit
- User-uploaded images are stored on AWS S3; note images are end-to-end encrypted before upload
- Only paired partners can access shared content
- Encryption keys are protected by the device secure storage (iOS Keychain / Android Keystore) and are never uploaded to the server
- We do not sell or share your data with any third party for advertising purposes
Data Deletion
You can permanently delete all your personal data at any time via Settings → Delete Account in the App. When unpairing, all shared data (notes, saves, comments, encryption keys) will also be deleted.
Third-Party Services
The App uses the following third-party services:
- Google Sign-In: Account authentication, subject to Google Privacy Policy
- Apple Sign-In: Account authentication, subject to Apple Privacy Policy
- Firebase Cloud Messaging: Push notifications, subject to Firebase Privacy Policy
- Firebase Crashlytics: Crash reporting and diagnostics, collects anonymous crash logs and device information to improve app stability, subject to Firebase Privacy Policy
- Firebase Analytics: Anonymous usage statistics, collects app usage patterns (such as open count, screen views) to improve the service, not linked to personal identity, subject to Firebase Privacy Policy
- RevenueCat: Subscription management, subject to RevenueCat Privacy Policy
- AWS: Server and file storage
Children's Privacy
The App is not intended for children under 13. We do not knowingly collect personal data from children.
Policy Changes
We may update this privacy policy periodically. Changes will be announced in the App or on this page.
Contact Us
If you have any privacy-related questions, please contact: