[Pebbling] Privacy Policy
Our Privacy Promise
Hello, and thank you for trusting Pebbling with your personal reflections. Your privacy and trust are our top priorities.
- We use your information only to improve your service experience.
- We never sell or share your personal data for advertising or commercial purposes.
- All records are encrypted and securely stored. Even Pebbling’s team cannot access the original content of your entries.
- During data analysis, individuals cannot be identified — all data are pseudonymized or anonymized.
- We are committed to full transparency about what we collect, how we use it, and with whom we share it.
Article 1 (Purpose of Processing Personal Information)
Pebbling processes personal information for the following purposes:
- Account creation and management
- Service provision and operation (e.g., saving and viewing records)
- Customer support and inquiries
- Legal compliance (e.g., tax, consumer protection)
- Improving service quality and user experience
- Marketing and communications (only with separate user consent; refusal does not affect core service use)
- Emergency protection of life, body, or property, when required
Article 2 (Categories of Personal Information Processed)
| Category | Data Collected | Purpose of Use |
|---|---|---|
| Account Registration | [From Apple/Google] Name (or nickname), Email | Account creation and management |
| Service Use (User Input) | Preferred pronoun (he/she/they), Journal entries (text) | Record storage and retrieval |
| Service Use (Automatically Collected) | Pseudonymous ID, device information (OS, app version, model), access logs, error logs, ad identifiers (ADID/IDFA), cookies and similar technologies | Service improvement, analytics, and security management |
| Future Features (Planned) | Photos, external links, community posts, AI recommendation data | For providing new features |
Information Not Collected:
- Passwords: Only social logins are supported; no password storage.
- Payment details: In-app purchases are processed via App Store or Play Store; no financial data (e.g., card numbers) are stored by Pebbling.
Article 3 (Retention and Destruction of Personal Information)
- General Rule: Data are deleted immediately upon account deletion. Backup data are securely removed within a regular system cycle.
- Retention by Law:
- Contract, withdrawal, and payment records — 5 years
- Consumer complaints or dispute records — 3 years
- Advertising and display records — 6 months
- Tax-related transaction records — 5 years
- Fraud Prevention: Data may be retained for up to 1 year to prevent illegal registrations or misuse.
- Destruction Method: Electronic files are permanently deleted beyond recovery; paper documents are shredded or incinerated.
Article 4 (Provision of Personal Information to Third Parties)
Pebbling does not share personal data with third parties unless:
- Required by law, or
- The user has provided explicit consent for a specific purpose.
Article 5 (Entrusted Processing and Overseas Transfers)
| Processor | Country | Purpose of Processing | Data | Retention Period |
|---|---|---|---|---|
| Supabase | Korea (Seoul), U.S. | Database hosting | All collected data in Article 2 | Until account deletion or contract termination |
| Google Firebase | U.S. and others | Error monitoring & analytics | Logs, device info, ad ID | According to Google policy |
| Apple App Store / Google Play | Various | In-app purchase processing | Payment metadata | According to store policy |
| Meta SDK | U.S. and others | Marketing performance measurement | Advertising ID | According to Meta policy |
Article 6 (Reasonably Related Use Beyond Original Purpose)
Pebbling may use or provide personal data for purposes reasonably related to the original intent of collection, considering factors such as user expectations, relationship relevance, and data security.
Article 7 (User and Legal Guardian Rights)
- Users may request access, correction, deletion, suspension of processing, or withdrawal of consent at any time.
- Requests can be made via the in-app inquiry form, by email ([email protected]), or in writing.
- For minors, legal guardians may exercise the same rights on behalf of the user with proper authorization.
- Some data may be retained if required by law (e.g., tax records).
- California Residents (CCPA/CPRA): Have rights to access, correct, delete, and opt-out of data sharing.
- International Users (e.g., GDPR): Have the right to file complaints with their national data protection authorities. In Korea, users may contact the Personal Information Protection Commission (www.pipc.go.kr, ☎118).
Article 8 (Breach Notification)
If any data breach or leakage occurs, Pebbling will promptly notify affected users and relevant authorities as required by law, including details on the breached items, time of occurrence, response measures, and mitigation steps.
Article 9 (Data Security Measures)
- Administrative: Internal management plan, staff training
- Technical: Data encryption in storage and transmission, access control minimization, security software installation
- Physical: Restricted access to servers, controlled data storage areas
Article 10 (Data Protection Officer)
- Name: Hyunwoo Hwang
- Title: CEO / Data Protection Officer
- Email: [email protected]
- Address: 40 Dongil-ro 186-gil, Nowon-gu, Seoul, Republic of Korea
Article 11 (Changes to This Policy)
This Policy takes effect from the date below.
- Material changes (e.g., new data categories or third-party sharing): announced 30 days before enforcement.
- General updates: announced 7 days prior.
📌 Business & Data Controller Information
- Effective Date: September 19, 2025
- Company Name: Mongle Labs
- Address: 40 Dongil-ro 186-gil, Nowon-gu, Seoul, Republic of Korea
- Data Protection Officer: Hyunwoo Hwang (CEO)
- Email: [email protected]