Effective date: 03 September 2025
Controller: René Holst, Olof Palmes Allé 31B, 8200 Aarhus N, Denmark
Contact: dev@pebblekids.app
We are the data controller for personal data we process about our users, customers, and partners. If you have questions about this policy or how we handle personal data, contact us at the email above.
Note: The app is currently published by an individual. If/when a company is formed, this policy will be updated with the companyâs legal details and roles (controller/processor) where relevant.
Summary (TL;DR)
- We collect app usage and device data to run the app, handle subscriptions (via RevenueCat), and manage deep links/attribution (via Branch).
- We do not sell personal data.
- You can ask for access, deletion, correction, and other rights under GDPR.
- We aim to collect the minimum data needed to provide the service.
Scope
This policy covers personal data processed by the Pebble Kids/Bimle mobile app, our websites (if any), and related services, including third-party SDKs we use to provide functionality.
What We Collect and Why
1) Data you provide to us
- Account/support information (if you contact us): name, email, message content.
- Newsletter or marketing sign-ups (if enabled): email address, preferences.
Purpose: respond to inquiries, provide support.
Legal basis: Legitimate interests (Art. 6(1)(f)) and/or Contract (Art. 6(1)(b)).
Purpose: send requested communications.
Legal basis: Consent (Art. 6(1)(a)). You can withdraw consent anytime.
We do not collect credit card numbers in the app. Payments are handled by Apple App Store/Google Play. We receive subscription status/entitlement information, not full payment card data.
2) Data collected automatically
- Device & app data: device model, OS version, app version, language/region, IP address, time zone, crash logs, performance metrics.
- Identifiers for attribution/subscriptions:
- Platform identifiers (e.g., iOS/Android device identifiers permitted by the OS, such as IDFA/AAID where available and with user consent per platform rules), App Instance ID, Anonymous User ID, and similar.Purpose: deep linking, restore purchases, verify entitlements, measure campaign performance, and prevent fraud.Legal basis: Consent where required by law/platform; otherwise Legitimate interests.
- Event/usage data: in-app actions (e.g., opening the app, starting a subscription, deep-link open).
Purpose: run the service, secure it, fix bugs, improve performance.
Legal basis: Legitimate interests (security, fraud prevention, product improvement).
Purpose: deliver core features, support, troubleshooting, and to understand usage patterns to improve the app.
Legal basis: Legitimate interests and/or Contract.
Where platform settings require consent (e.g., iOS tracking permission for IDFA), we honor your device choice.
Third-Party Providers (Processors)
We use reputable service providers to help us operate the app. These providers act as processors on our behalf unless otherwise stated.
- RevenueCat (subscriptions & entitlements)
- Branch (deep linking & attribution)
- Platform app stores (Apple/Google) (controllers for payments)
- Hosting/ops & support tools (if used, e.g., error/crash reporting, CDN, email)
Data processed: app/user identifiers (anonymous user IDs), purchase receipts, subscription status, device & app metadata.
Purpose: verify purchases, manage entitlements, subscription lifecycle, anti-fraud.
Data processed: device and app identifiers, IP address, user agent, deep-link parameters, install/open events.
Purpose: route deep links, measure campaign performance, attribution, and user experience flows.
Data processed: payment and account data you provide to Apple/Google.
Purpose: process payments, manage subscriptions, receipts.
Role: generally independent controllers for payment data.
Data processed: limited contact data, logs, diagnostics, or support messages.
Purpose: deliver and support the service securely and reliably.
We maintain processor agreements (DPAs) and require appropriate safeguards for international transfers (see below).
Lawful Bases for Processing (GDPR)
- Contract (Art. 6(1)(b)) â to provide core app features and subscription access.
- Legitimate interests (Art. 6(1)(f)) â security, fraud prevention, service improvement, basic analytics/attribution.
- Consent (Art. 6(1)(a)) â where required (e.g., certain identifiers/attribution in some regions, marketing emails, notifications beyond operational).
- Legal obligation (Art. 6(1)(c)) â accounting/tax and compliance.
You may withdraw consent at any time via in-app settings (where available), device settings (e.g., iOS tracking permission), or by contacting us.
Childrenâs Privacy
Pebble Kids/Bimle is intended to be used by parents/caregivers with or for their children. We do not knowingly collect personal data directly from children under the age required by law in their country (which in the EEA is typically 13â16).
If you believe a child provided personal data to us without appropriate consent, contact us and we will delete it.
Data Sharing
We share personal data only with:
- Service providers/processors listed above (under contract, limited to stated purposes).
- Authorities when required by law.
- Business changes: If we form a company, merge, or transfer assets, personal data may be transferred to the new entity under this policyâs protections (youâll be notified of material changes).
We do not sell your personal data.
International Transfers
Some processors may process data outside the EEA/UK. When they do, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) and implement additional safeguards as needed.
Data Retention
We keep personal data only as long as necessary for the purposes described:
- Subscription/entitlement records: retained to manage access, address chargebacks/fraud, comply with tax/accounting laws.
- Support emails and diagnostics: retained for troubleshooting and service improvement, then deleted or anonymized.
- Device/attribution data: retained per providerâs standard retention windows and our operational needs, then minimized or anonymized.
When data is no longer needed, we delete or irreversibly anonymize it.
Security
We use reasonable administrative, technical, and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration. No system is 100% secure, but we aim to follow industry best practices and least-privilege access.
Your Rights (EEA/UK)
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase (delete) your data
- Restrict processing
- Object to processing based on legitimate interests
- Data portability (receive your data in a usable format)
- Withdraw consent at any time (where processing is based on consent)
To exercise these rights, email dev@pebblekids.app. We may need to verify your identity. You also have the right to lodge a complaint with your local data protection authority. In Denmark: Datatilsynet.
Your Choices & Controls
- Device settings: control app permissions (e.g., notifications), limit ad tracking/IDFA, reset advertising identifiers.
- In-app settings (if available): manage analytics/attribution preferences.
- Emails: use unsubscribe links or contact us to opt out.
Cookies/SDKs
We do not use web cookies inside the mobile app. The app uses SDKs (e.g., RevenueCat, Branch) that may process device identifiers and events to deliver features described above, respecting platform-level consent controls.
Data Deletion & Account Closure
If you want to delete your data (and any in-app account if/when accounts are offered), contact dev@pebblekids.app with your request. We will delete or anonymize personal data unless we must retain certain information for legal obligations (e.g., tax records).
Changes to This Policy
We may update this policy to reflect legal, technical, or business changes. The âEffective dateâ will be updated. Material changes will be communicated in-app or by other appropriate means.
Contact
Controller: René Holst
Address: Olof Palmes Allé 31B, 8200 Aarhus N, Denmark
Email: dev@pebblekids.app