Privacy Policy
Last updated: May 12, 2026
Summary
Pebble & Petal is a baby-care app for parents and caregivers. This policy describes the information we process when you use the app, why we process it, and your choices.
Information We Process
- Account and profile information: caregiver email address (when you create an account), names and dates associated with caregiver and child profiles, and optional profile metadata.
- Content you create: logs you record (feeds, diapers, sleep, growth, medicine, and similar care entries), milestones, notes, diary entries, voice memos, and optional photos.
- Care coordination data: when you invite a caregiver to a household, the people you invite and the children you have shared with them.
- Subscription and entitlement data: purchase receipts and entitlement status, processed through the platform store (Apple or Google) and our subscription provider.
- Device and app data: app version, device model and OS version, install identifier, anonymized usage events, and crash diagnostics. These are used to operate the app and improve reliability.
- Push notification token: when you allow notifications, a device push token is registered so we can deliver reminders and household updates you have opted into.
- Voice input: when you use voice logging, your speech is converted to text. Transcription may be performed on-device or by our AI service provider depending on your device and chosen feature.
- Permissions: microphone (voice logging), photo library and camera (optional photo attachments), notifications (reminders and household updates).
How We Use Information
- Provide the app’s features and saved history across your devices.
- Generate in-app summaries, insights, and reminders.
- Synchronize your data across devices you are signed in on and with caregivers you invite to your household.
- Process subscriptions and entitlements.
- Operate, troubleshoot, secure, and improve the app.
How Your Data Is Stored
Pebble & Petal stores a copy of your data on your device for offline access. When you create an account, your data is also stored in our cloud database so the app continues to work across your devices, after reinstalls, and with caregivers you invite. Photos and other media you attach are stored in our cloud storage when account sync is active. Some content (for example notification tokens and analytics events) is generated and sent in the course of normal app operation.
Sharing With Caregivers You Invite
If you invite a co-parent, family member, or caregiver to your household, they will be able to view and update the baby profiles and care logs that you have shared with them, based on the role you assign. You can change or revoke this access at any time from the app.
Push Notifications
When you enable notifications, we register a push token from Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM). We use the token to deliver in-app notifications you have opted into, including reminders and notifications from members of your household. You can disable notifications at any time in your device settings or in the app.
Health and Medical Scope
Pebble & Petal is educational and organizational software. It is not a medical device. It does not diagnose, treat, cure, or prevent any medical condition. Consult a qualified healthcare professional for medical advice.
Sharing and Disclosure
- We do not sell personal information.
- We do not share personal information for cross-context behavioral advertising.
- We use service providers (“sub-processors”) for hosting, authentication, push delivery, subscription processing, analytics, crash reporting, and AI-assisted features. Each sub-processor is bound by contractual terms requiring the protection of personal information consistent with this policy and applicable law.
Sub-Processors
| Sub-processor | Purpose | Data categories | Location |
|---|---|---|---|
| Supabase, Inc. | Managed Postgres database, authentication, object storage | Account identifiers, email, authentication tokens, app content you create (logs, notes, photos), household membership records | United States (AWS us-east-1) |
| RevenueCat, Inc. | Subscription entitlement management and receipt validation | App install ID, platform user identifiers, purchase and receipt data | United States |
| Apple Inc. | App distribution, Sign in with Apple, push notifications (APNs), in-app purchases | Apple ID token, device push token, IDFA/IDFV (when applicable), purchase receipt | United States |
| Google LLC | Android app distribution, Google Sign-In, Firebase Cloud Messaging (Android push), in-app billing | Google account identifiers, OAuth tokens, device push token, advertising ID (when applicable), purchase receipt | United States |
| Functional Software, Inc. (Sentry) | Crash reporting and error diagnostics | Device and OS metadata, app version, crash stack traces, optional user identifier | United States |
| PostHog Inc. | Product analytics and feature telemetry | Pseudonymous install ID, event metadata, device and OS metadata | United States (us.i.posthog.com) or European Union (eu.i.posthog.com), depending on region |
| OpenAI, L.L.C. | AI-assisted voice/transcription and summary features (where enabled) | Short-form text derived from your input (e.g., voice-log transcripts), pseudonymous request identifiers; no account credentials | United States |
We update this list when we add, change, or remove sub-processors. Material changes are reflected in the “Last updated” date above and, where required, communicated in-app or by email.
Retention
- Account data and synced content are retained for as long as your account is active. When you delete your account, we delete your personal data from active systems within a reasonable period, subject to legal obligations and limited backup retention.
- Diagnostic and analytics data is retained for limited operational periods.
- You can request deletion of your account and associated data from inside the app (Settings → Account → Delete account) or from our data deletion page.
Security
We use administrative, technical, and organizational safeguards designed to protect personal information in transit and at rest, including encryption in transit (TLS) and access controls scoped to least privilege for internal access.
Children
Pebble & Petal is intended for use by parents and caregivers (adults), not direct use by children. Information about children is entered by caregivers and is not used for advertising or third-party marketing.
Your Rights
- Access, correction, deletion, and portability: request through the app or by emailing privacy@pebbleandpetal.com.
- Permissions: you can disable microphone, photo, camera, or notification access at any time from your device settings.
- Account deletion: available in-app at Settings → Account → Delete account, and via our data deletion page.
California (CCPA/CPRA) Notice
California residents may request:
- categories and specific pieces of personal information we have collected
- deletion of personal information
- correction of inaccurate personal information
- portability of personal information
We do not sell personal information and do not share personal information for cross-context behavioral advertising as those terms are defined under California law.
International Transfers
Pebble & Petal is operated from the United States. If you access the app from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where our sub-processors operate.
Changes to This Policy
We may update this policy from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated in-app or by email where appropriate.
Contact
- Email: privacy@pebbleandpetal.com
- Data deletion requests: /data-deletion