Privacy Policy
Effective May 18, 2026
1. Who we are
Pebble Engine (“Pebble”, “we”, “our”) operates the website-building platform at pebbleapp.ai and its associated services. Questions: web@getpebble.net.
2. What we collect and why
Account information
When you sign up, we collect your email address and, optionally, your first name and display name. Your password is hashed by Supabase — we never see it in plaintext.
Questionnaire answers
To build your site, we collect the information you enter into the Pebble questionnaire (business name, industry, services, tone preferences, etc.). This content is used solely to generate your site and is stored in your project files.
Billing information
If you subscribe to a paid plan, your payment is processed by Stripe. We never see or store your full card number. We do store your Stripe customer ID and subscription status to manage your account.
Usage events
We record product-level events (e.g., “site built”, “site published”) to understand how the product is used. These events record what happened and when — never the content of your site or questionnaire answers.
Email communications
After your first successful build, we send a short welcome sequence (day 1, 3, and 7) with tips and encouragement. You can reply to any email to unsubscribe from future messages.
3. Third-party services
Pebble uses the following services, each with its own privacy policy:
- Supabase — authentication, database, and file storage.
- Stripe — payment processing and subscription management.
- Resend — transactional email delivery (welcome, password reset, build tips).
- Cloudflare — hosting for your published sites and our own infrastructure.
- Google / GitHub — optional OAuth sign-in. We receive only your email address and public profile name.
- Plausible Analytics — privacy-friendly traffic analytics on pebbleapp.ai. No cookies, no cross-site tracking, no personal data collected.
4. Your generated sites
The websites Pebble generates are yours. We store the generated files on our servers to power the preview and editor. When you publish a site, Pebble deploys those files to Cloudflare Pages on your behalf. We do not sell, share, or use your site content for training AI models.
Privacy on generated sites: By default, Pebble-built sites include no third-party tracking scripts. Your visitors are not tracked unless you add your own analytics code.
5. Cookies and local storage
Pebble uses a session cookie to keep you signed in. We do not use advertising cookies or third-party tracking pixels on the platform itself.
6. Data retention and deletion
We keep your data for as long as your account is active. You can delete your account at any time from Settings → Account. Deletion requests enter a 14-day cooling-off period, after which your account, site files, and associated data are permanently removed. You can cancel a pending deletion during that window.
7. Your rights (GDPR / CCPA)
Depending on where you live, you may have rights to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Object to or restrict certain processing
- Data portability (a copy of your data in a common format)
Email web@getpebble.net to exercise any of these rights. Account deletion is self-serve via Settings.
8. Security
We use HTTPS everywhere, store passwords only as Supabase-managed hashes, and apply rate limiting to sensitive endpoints. No system is 100% secure; we will notify you promptly if we become aware of a breach affecting your data.
9. Children
Pebble is not directed at children under 13. We do not knowingly collect personal data from children.
10. Changes to this policy
We may update this policy as the product evolves. We will notify you by email before material changes take effect. Continued use after the effective date constitutes acceptance.
11. Contact
Pebble Engine — web@getpebble.net