← Pebble

Privacy Policy

Last updated: April 27, 2026

Pebble is a civic-action app built by Pebble, Inc. (“Pebble,” “we,” “us”). Pebble helps you take civic actions — calling, emailing, and commenting on bills, rules, and lawsuits — that affect you and your district.

1. Scope

Pebble is currently available only to users physically located in the United States. If you are outside the US, our sign-up flow routes you to a waitlist instead of creating an account.

2. Data we collect

From you, during onboarding

  • Phone number. Used by Firebase Authentication to verify it's really you. We store your phone number on your user record so friends who have you in their contacts can find you after hashing.
  • Address or GPS location. Used to look up your federal and state representatives. We do not store your raw address or coordinates; we only store the resulting reps snapshot (names, contact info, and office addresses).
  • Username (handle). A public identifier you pick.
  • Track selection. Which issue areas you follow. Used to personalize your feed.

From you, after onboarding

  • Actions you take. When you confirm a call, email, comment, or donation, we record the verb, target, and timestamp.
  • Device contact hashes. If you opt in to “Find friends,” we read your device contacts, hash each phone number on your device, and send only the hashes to our server. Your raw contacts never leave your device.
  • Push notification token (FCM). Stored so we can deliver notifications.
  • Posts, upvotes, friend requests. Recorded as you interact with other users.

Automatic

Standard server logs (IP address, user-agent, timestamps) for security and reliability.

3. How we use the data

  • Phone number — SMS verification; finding you via other users' contacts.
  • Address / GPS (transiently) — resolving your reps.
  • Reps snapshot — routing calls/emails to the right officials.
  • Track + action history — personalizing your feed and streak.
  • Contact hashes — matching friends without reading their numbers.
  • FCM token — delivering push notifications.

We do not sell your personal data. We do not run ad-targeting.

4. Who sees your data

Inside Pebble

  • You see all your own data.
  • Your friends (mutual-accepted) see your username, streak, and action history — subject to the visibility setting in Settings.
  • Pebble employees may access your data to debug problems you report, investigate abuse, or comply with legal requests.

Third-party processors

  • Firebase (Google) — Authentication, Firestore, Cloud Messaging, App Check.
  • Google Cloud Run — hosts our backend API.
  • Anthropic — classifies civic content during our daily pipeline. User data is not sent to Anthropic.
  • OpenAI — username moderation during signup only.
  • Geocodio — resolves addresses and coordinates to districts and state legislators during onboarding.
  • AppsFlyer — mobile attribution. Used to credit friend invites when someone installs Pebble through a shared link. AppsFlyer receives a device identifier (Apple's IDFV on iOS, not the IDFA advertising identifier, which Pebble does not request). Pebble does not enable cross-app tracking.
  • LegiScan, CourtListener, Congress.gov, Regulations.gov, Federal Register, Every.org — upstream data providers or, for Every.org, a donation partner we hand off to.

5. Retention

We keep your data for the life of your Pebble account. When you delete your account, we remove it from our active systems immediately and from backups within 30 days, except where we are legally required to keep specific records longer.

  • Phone number, phone hash, username, reps snapshot, track selection, push token (FCM), notifications, posts, upvotes, friend list, action history: kept while your account exists; deleted on account deletion.
  • Contact hashes sent during a friend-match run: not persisted on our servers — only used to compute the match response and discarded.
  • Server logs (IP, user-agent, timestamps): up to 90 days for debugging and abuse investigation.
  • Waitlist entries (non-US sign-ups): kept until we expand to your region or you ask us to remove them.

6. Your rights

  • Delete your account in-app. Open Pebble, go to You → Settings → Delete account, and confirm. This permanently removes your username, phone number, phone hash, reps snapshot, track selection, action history, notifications, push token, friend list, and any posts or upvotes you've made. The deletion runs immediately on our active systems; backups are purged within 30 days.
  • Revoke consent. Account deletion (above) revokes all consent. You can also turn off push notifications at any time in iOS Settings, change who can see your actions in Settings → Who can see my actions, or remove a friend in the friends list.
  • Access / export. Email support@eggnog.ai from the address tied to your account and we will send you a copy of the data we hold about you within 30 days.
  • State consumer privacy rights (CA, VA, CO, CT, UT, and others) — we honor access and deletion requests under these laws. We do not sell personal information and do not use it for cross-context behavioral advertising.

7. Security

We use Firebase App Check, encrypted transport (HTTPS), and tight Firestore security rules. No system is perfect; we will notify you and any relevant regulators if we learn of a breach affecting your personal information.

8. Children

Pebble is intended for users aged 13 and older. We do not knowingly collect data from children under 13. If you believe a child under 13 has an account, email support@eggnog.ai and we will delete it.

9. Changes

We will update this policy when our practices change. Material changes will be announced in-app, and the “Last updated” date will change.

10. Contact

Pebble, Inc.
1836 McAllister St, Apt 2
San Francisco, CA 94115
support@eggnog.ai