Pebbo Privacy Policy

Last Updated: January 1, 2026

XYSOFT LLC (“XYSOFT,” “we,” or “us”) operates the Pebbo mobile application, website, and related services (collectively, the “Services”). This Privacy Policy describes how we collect, use, share, and protect your personal information when you use Pebbo. By using Pebbo, you acknowledge that you have read and understand this Privacy Policy and our data practices. If you do not agree with our practices, please do not use the Services. This policy is incorporated into our Terms of Service, and is governed by the same laws and principles (including California law for U.S. users).

1. Information We Collect

We collect various types of information from and about users of Pebbo. This includes information you provide directly, information collected automatically when you use our Services, and information from third parties.

A. Information You Provide to Us: When you use Pebbo, you may provide certain personal data, including:

  • Account and Contact Information: When you register or update your account, we collect identifiers such as your name (e.g. display name), username, email address, phone number, and account credentials. We use this information to create and secure your account. We may also collect your age or date of birth to ensure you meet our minimum age requirement (18 years or older).
  • Profile Details: You may choose to add profile information such as a profile picture or avatar, a bio/description, and your location or general area. Location may be provided as a textual location name (city/region) or coordinates to enable local listings. This profile information (excluding contact info like your email or phone) is visible to other Pebbo users as part of your public profile.
  • Listings and Content: When you create a listing for an item or post other content on Pebbo, we collect the information you include in that content. This can include item descriptions, titles, categories, price, photos or other media of the item, item condition, and any terms or tags you add. This content is made public to other users of the Services. We also collect any comments or feedback you post on items, and any ratings or reviews (if applicable) you leave for other users. Please do not include sensitive personal information in your listings or posts, as these are visible to others.
  • Transaction and Payment Information: If you buy or sell items through Pebbo’s in-app payment system, we (through our payment processor) collect information related to the transaction. This includes the item purchased, transaction price, date and time, and any “Lock Fee” deposits paid to reserve an item. Pebbo uses a third-party payment processor, Stripe, Inc., to handle payments securely. When you provide payment credentials (such as a credit/debit card number or bank account for payouts), that information is collected directly by Stripe, not by Pebbo. We do not receive or store your full financial account numbers or sensitive payment details; however, we may receive limited information such as your card’s type and last four digits or your bank name and last four digits of your account number for record-keeping. For sellers, you will need to provide Stripe with additional information to set up a Stripe Express payout account (such as your full name, address, date of birth, government ID or Social Security Number, and bank account details). Stripe shares with us a unique customer/account identifier and status information so that we know you have set up your payment account. We also keep records of payments, Lock Fee deposits, refunds, and payouts associated with your transactions on Pebbo.
  • Chats and Messages: Pebbo enables users to communicate via in-app chat messaging regarding items and transactions. These chat messages are stored and processed by our third-party real-time chat provider, Stream, on our behalf. We collect the content you send through chat (messages, images, etc.) and information about the chat (timestamps, participants). Note that messages you send to another user will be visible to that recipient. Pebbo may access and review chat communications as permitted by law (for example, to investigate fraud or misuse or when you report a problem) but otherwise your private messages are not publicly visible. Please be cautious about sharing personal information in chats, since we cannot control how recipients use that information.
  • Customer Support and Correspondence: If you contact us for support or submit a support ticket, we collect the information you choose to provide in that interaction. This may include your contact information, the details of your request or issue, and any attachments or screenshots you send. We maintain records of support tickets and communications (such as emails to our support address) to assist you and improve our Services.
  • Voluntary Information: We may also collect any other information you voluntarily provide to us. For example, if you participate in surveys, promotions, or beta tests, or if you provide feedback, suggestions, or contest entries, we will collect that information. If you opt to share your contacts or invite friends, we will collect the information you provide for those purposes (with your consent).

B. Information We Collect Automatically: When you use Pebbo (especially the mobile app or website), we automatically collect certain information about your device and usage of the Services. This includes:

  • Device Information: We collect technical details about the device and app you use to access Pebbo. For example, we gather data such as your device model, device name, operating system and version, app version, preferred language, and the device identifier or installation ID. We also record the platform (e.g. iOS or Android) and timestamp of when the device was registered or last active. This information helps us ensure the Services function correctly across devices, deliver push notifications, and troubleshoot technical issues.
  • Log and Usage Data: Like many online services, we keep logs of certain actions when you interact with Pebbo. This may include your IP address, the pages or screens you view, search queries you enter, features you use, links you click on, and the date/time of each request. We also log when you perform key actions (such as posting an item, following a user, making a purchase, or updating your profile). This usage information is collected to analyze trends, administer and secure the platform, and understand how users engage with Pebbo.
  • Location Information: If you enable location services or provide a location in the app, we may collect geolocation data about your device. This can include your precise location (GPS coordinates) or approximate location derived from your IP address or other device signals. We use location information to show you relevant local listings (e.g., items near you) and to display your general location on your listings or profile (e.g., city name). You can choose whether to allow the app to access precise GPS location via your device settings. If you do not allow it, you may still input a location manually, or the app may use less precise methods (like your stated city or ZIP code). Location data helps us customize the experience but is optional for certain features (note: disabling location may limit functionality – see Your Choices below).
  • Cookies and Similar Technologies: Pebbo’s website (and possibly parts of the app) uses cookies and similar tracking technologies to provide and improve the Services. Cookies are small data files stored on your browser or device. We (and authorized third parties) use cookies to remember your preferences, keep you logged in, and collect information about your interactions. For example, we may use cookies or device identifiers for authentication, to track site usage analytics, and to personalize content. For mobile app users, we may use analogous techniques (such as mobile ad IDs or analytics SDKs) to gather usage and diagnostic data. Please see Section 4. Cookies and Tracking Technologies for more details on how we use cookies and how you can control them.

C. Information from Third Parties: We may receive personal information about you from third-party sources in certain situations, including:

  • Third-Party Authentication or Import: If we in the future allow you to sign up or log in through a third-party account (e.g., Apple, Google, Facebook) or import information from such accounts, we would receive information like your name and email from those services (according to your permission and their privacy policies). Note: Currently, Pebbo uses its own authentication system (via Supabase) with email/phone and does not require a social login.
  • Payment and Identity Verification Partners: As noted, our payment processor Stripe collects information when you engage in transactions. Stripe may share with us a limited subset of that data necessary for us to record and confirm your payments, detect fraud, or comply with legal obligations. For instance, we receive confirmation when you have successfully completed Stripe’s onboarding, and we might receive updates if there are issues with your payment account (such as failure to verify identity or a frozen account). We may also receive identity verification results or status from Stripe or other verification services if such checks are required by law (for example, confirmation that your government ID was verified, without receiving the ID itself). If we utilize a separate identity verification service in the future (for verifying your identity or address, or for fraud prevention), that provider may give us a report or confirmation relating to you.
  • Analytics Providers: We may use third-party analytics services (such as Google Analytics or similar tools) that collect information about how users find and use our Services. These providers may set cookies or use device identifiers to gather usage data and report it to us. This helps us understand user engagement and improve performance. The information provided to us by our analytics partners does not typically include direct personal identifiers, but it may be combined with other data we have in some cases.
  • Advertising and Social Media Partners: At this time, Pebbo does not serve third-party advertisements nor integrate social media login or sharing features that collect your data. If in the future we partner with advertising networks or enable social sharing features, we will update our policy and ensure any required disclosures are provided. (For example, ad partners might provide us with demographic insights or interest-based segments, and social networks might share information if you use a “Share” button – but again, such features are not currently in use on Pebbo.)
  • Other Users: We may receive information about you from other users of the platform. For example, other users can rate or review you (if that feature exists), report you to Pebbo for a policy violation, or otherwise send us information regarding your interactions. If a user communicates with us about you (such as in a dispute), we will collect and use that information as part of resolving the issue. Additionally, buyers and sellers share information with each other through the platform (e.g. in chat or during the transaction process); while this is facilitated by Pebbo, we treat such user-to-user disclosures as being made by you, not by Pebbo. We recommend that you only share the information necessary for your transaction and exercise caution, as described further below.
  • Publicly Available Data: We might gather information that is publicly available, such as postal code mappings for location verification or recall information for products, etc. We may combine this with data you provide (for example, using a provided ZIP code to derive general region).

D. Sensitive Information: Pebbo does not require any sensitive personal information from users for general use of the platform, aside from identity verification for high-volume sellers or payment compliance when applicable. We do not collect any biometric identifiers, facial recognition data, or precise health or genetic information from users. We ask that you not upload or share sensitive personal details (like Social Security numbers, driver’s license numbers, financial account passwords, health information, or precise location of children) on public areas of Pebbo. If you do provide or upload any sensitive data (for example, a government ID for verification or tax purposes), it will be used strictly for those verification/legal compliance purposes and protected in accordance with this policy.

2. How We Use Your Information

We use the personal information we collect for the following purposes, all in accordance with applicable laws:

  • Providing and Improving the Service: We use your information to operate Pebbo and deliver the features and services you expect. This includes processing your account registration and authentication, displaying your listings to other users, enabling search and discovery of items, and facilitating communications (chat) and transactions between users. We also use data to personalize your experience, such as showing you items in your vicinity or suggestions based on your activity. Additionally, your information helps us to maintain and improve core functionality, fix bugs, and develop new features. For example, understanding how users navigate the app can guide interface improvements, and analyzing common search terms can help us optimize our categories.
  • Facilitating Transactions and Payments: Your information is essential for handling purchases, sales, and the Lock Fee reservation system on Pebbo. We use personal data to allow buyers and sellers to transact. For instance, if you are a buyer, we use your selected payment method (via Stripe) to charge you for purchases or Lock Fees, and we record the transaction details. If you are a seller, we use your information to initiate payouts of sale proceeds to your chosen account via Stripe. We also use contact and transaction data to send you confirmations, receipts, and in-app notifications about transaction status. For shipped orders, we may use your and the other party’s information to assist in shipping (for example, generating shipping labels or sharing your provided shipping address with the seller). All financial transactions are processed by Stripe, but we use your data to instruct Stripe and to keep transactional records. We also calculate and collect any applicable fees (such as Pebbo’s commission or Stripe’s processing fees) and taxes, using your information as needed to comply with tax regulations (e.g., determining if sales tax applies based on locations).
  • Lock Fee Handling: For transactions using Pebbo’s Lock Fee feature (a good-faith deposit to hold an item), we use and share information to administer this process. We will use your payment information (via Stripe) to charge and hold the Lock Fee deposit, and we keep track of the status of the deposit (e.g., refundable to buyer or payable to seller) as the transaction progresses. We also use notifications to remind parties to complete the transaction (since completing it or marking an item received triggers the appropriate refund or release of the deposit). The handling of Lock Fee outcomes (refund to buyer, release to seller, or forfeiture to Pebbo after a long period of inaction) is largely automated based on rules in our system, but we use user inputs (such as a seller indicating a buyer no-show) to decide how to allocate the deposit. Your data is used to ensure the Lock Fee is correctly attributed and sent to the right party. For example, if you as a seller claim a Lock Fee due to a buyer’s no-show, we will instruct Stripe to release the funds to your account and notify the buyer of that outcome.
  • Communication and Notifications: We use your contact information (email, phone number, and in-app identifiers) to communicate with you about your account and provide customer support. We may send you service-related communications such as welcome emails, transaction alerts, chat message notifications, security alerts (e.g., password changes or new device logins), and updates about changes to our terms or policies. We also send in-app push notifications for things like new messages, item offers, or status updates on your listings and transactions. You can control certain notification preferences in the app settings or by adjusting your device notification settings. For email communications, we include an unsubscribe option for any marketing emails (but not for essential service emails). If you contact us with a question or support issue, we will use your information to respond to you and resolve your inquiry.
  • Customer Service and Support: In addition to responding to direct inquiries, we use data (such as your support ticket history, chat logs, and account information) to provide effective customer support and troubleshoot problems. For example, if you report a bug or a fraudulent activity, we will reference your account data and logs to diagnose the issue and assist you. We may also contact you through the app or via email/phone to follow up on support matters. Information from support interactions is used to improve our services and training.
  • Safety, Security, and Trust & Safety: We are committed to keeping Pebbo a safe and trustworthy marketplace. We use personal information to prevent and address fraud, breaches, and other harmful or unauthorized activities. This includes using data to verify user identities (for example, requiring high-volume sellers to submit identity documents or tax IDs and verifying them), and confirming that users meet our eligibility criteria (such as age and geographic restrictions). We monitor usage patterns and communications for suspicious behavior or violations of our Terms of Service and policies. For instance, we may use automated tools to detect spam or scam messages in chat, or to flag listings that contain prohibited content. If we have reason to believe an account is engaged in misconduct (fraud, harassment, listing forbidden items, etc.), we will investigate using the relevant data (profile info, listing content, message history, etc.). We may also use device and usage information to detect and prevent multiple accounts or other attempts to circumvent restrictions. Your information is also used to enforce our terms—e.g., we may warn, suspend, or ban users based on misuse of personal data or policy violations, and we use your data to implement those actions (such as disabling your account or blocking your device).
  • Legal Compliance: We use your information as necessary to comply with applicable laws and regulations. For example, U.S. law (the INFORM Consumers Act) requires us to collect and verify certain information from high-volume sellers and, in some cases, to disclose part of that information to buyers. We will use the data you provide for these compliance purposes (e.g., verifying your identity and tax ID if you meet the threshold, and displaying or providing your contact information as legally required). We also maintain records of transactions and certain communications for prescribed periods to comply with financial, tax, and consumer protection laws. Additionally, if law enforcement or regulatory authorities request information via valid legal process, we will use your data to respond as required (see Section 3: How We Share Your Information below for details on when we disclose data for law enforcement).
  • Fraud Prevention and Dispute Resolution: We may use personal information to resolve disputes or claims between users, or between users and Pebbo. For example, if a buyer and seller have a disagreement about an item’s condition or a payment, we will use the information available (listing details, chat history, transaction records, photos, etc.) to assist in resolving the issue. We might also use your information to address chargebacks or payment disputes (working with Stripe to provide necessary evidence). In cases of fraud, we use data like device identifiers, IP addresses, and usage patterns to identify fraudulent activity and take action. We also use information to make sure funds are properly handled (e.g., holding or releasing payments appropriately in cases of potential fraud or when a dispute is ongoing).
  • Service Enhancements and Analytics: We use collected information to analyze and improve Pebbo’s operations and user experience. This includes conducting data analytics on how users use the app: which features are most popular, how long users engage, conversion rates of listings to sales, etc. We may generate aggregated insights (which do not identify individuals) to help us understand market trends or the effectiveness of certain app features. For instance, we may analyze search terms to decide which new categories to add, or analyze chat response times to consider new chat features. We also use your feedback and surveys to guide product development. Additionally, we use information (possibly including your content) to develop and improve technological solutions like our AI features. For example, Pebbo utilizes AI (OpenAI models) to help sellers optimize their listing titles and descriptions. If you opt to use the AI optimization feature, the content of your listing (text and possibly images) may be processed by our AI provider to generate improved wording or suggestions. We use the results to help you edit your post. We may also use user content (like listing descriptions or common phrases) in aggregate to train or fine-tune our models or algorithms to better serve our users (e.g., improving auto-suggestions or moderation tools). Any such use of content for machine learning is done without identifying the content with your personal identifiers.
  • Marketing and Promotional Communications: We may use your contact information (email or in-app notifications) to send you promotional messages about new Pebbo features, surveys, special offers, or other marketing content from us. For example, we might send an email invite to a new feature (“Check out Pebbo’s new category for electronics!”) or notify you of a promotion in your area. We do not sell your personal information to third-party advertisers, and we do not bombard you with third-party ads; any marketing is primarily about Pebbo’s own services or trusted partners integrated in our platform. If we ever consider partnering with external advertisers or implementing targeted ads, we will provide appropriate notice and opt-out options. You have choices about marketing communications (see Section 6: Your Rights and Choices), and you may opt out of these messages at any time. Note that we will still send essential communications as described earlier.
  • Cookies and Tracking Uses: We use cookies and similar technologies to achieve various purposes, such as keeping you logged in on the web, remembering your preferences (like language or notification settings), and understanding how you navigate through Pebbo’s site. We also use these tools to provide and measure online services. For example, cookies help with analytics (telling us whether you’re a new visitor or returning, and how you found our site), and with fraud prevention (detecting if multiple accounts are being created from the same browser). If we later implement advertising, cookies might be used to limit ads or measure their effectiveness. Our use of cookies is further detailed in Section 4 below.
  • Combined and Derived Data Uses: We may combine information from different sources (for instance, linking your phone number with your account profile, or combining your app usage data with feedback you provided) to better understand your needs and improve the Services. We may also derive inferences from the data we collect – for example, inferring your approximate city from your IP address if you didn’t explicitly provide a city, or inferring that you might be interested in a particular category of goods based on your browsing and purchasing history. These inferences help us personalize the content and offers you see (such as recommending similar items to ones you viewed). We treat these inferences as personal data when they are linked to your profile.
  • Additional Purposes: We may use your information for any other purpose that we disclose to you at the time of collection or that you consent to. We will seek your consent when required (for instance, if we ever want to use your personal information for a materially new purpose not covered by this Privacy Policy). We also use information to protect our legal rights, comply with any audits or compliance checks, and for other day-to-day business needs (such as payment processing audits, accounting, record-keeping, and corporate governance).

We base our processing of personal data on various legal grounds, including your consent (where applicable), the necessity to perform our contract with you (Terms of Service), and our legitimate interests in operating and improving our Services, protecting the safety of our users, and complying with legal obligations.

3. How We Share Your Information

We understand that your personal information is important, and we share it only in the ways described in this Policy. We do not sell your personal data to third parties for their own marketing purposes. We may disclose or share information in the following circumstances:

  • With Other Pebbo Users (Buyer/Seller Transactions): In our peer-to-peer marketplace, certain information is shared between users to facilitate transactions and community interactions. For example, if you express interest in or agree to buy an item from another user, that user will see your profile information such as your username, display name, profile photo, general location (e.g. city), and join date. They will also see any mutual feedback or ratings if that feature is available. If you engage in a chat with another user, they will see the content you send in that chat (including any contact info you choose to share). When a transaction is agreed upon, a seller may need a buyer’s real name and shipping address to fulfill a shipment; Pebbo will share that information with the seller with the buyer’s consent as part of the checkout or shipping process. Similarly, for an in-person transaction, a buyer and seller may decide to exchange a location or contact number via the chat – that is at the users’ discretion. We encourage users to use Pebbo’s in-app messaging rather than sharing personal contact details, but if you do share such info with another user, please understand Pebbo cannot control what that user does with it. High-Volume Seller Disclosures: If you qualify as a high-volume seller under applicable law, we may be legally required to disclose certain identifying information about you to buyers who have purchased from you (or to make it available on your profile). This may include your verified name or business name, verified address, and contact information (e.g., email or phone). We will only do so as required by the INFORM Consumers Act or similar laws, and we will inform you if such disclosures are being made. Aside from legal requirements, we do not share your email, phone, or other contact info directly with other users unless you choose to share it (or unless it’s part of a required transaction step like providing a shipping label).
  • On Your Public Profile and Listings: Content you post on Pebbo is visible to others by nature of the platform. This means that your listings (including description, photos, price, location/general area, and username) are publicly visible to anyone using Pebbo. Your profile page (with your username, profile photo, bio, and stats like ratings, followers, and join date) is also visible to others. If you “like” or save an item, that action may be visible to the item’s owner. Any comments you post publicly on listings or community forums would be visible to other users as well. Please note that public content can be viewed, collected, or shared by others, including being indexed by search engines (if our listings become accessible via web). We cannot control third parties’ access to publicly available information. If you delete content or your account, we will stop displaying it, but caching or archival by others (including search engines) may persist for some time.
  • With Your Consent or At Your Direction: We will share your information with third parties if and when you explicitly instruct us to or consent to such sharing. For instance, if Pebbo implements a feature allowing you to share your listings on external social media, we will send the relevant content to the platform you choose at your direction. If you participate in a promotion or partnership that involves sharing data (e.g., redeeming a third-party coupon in Pebbo), we will disclose info as needed with your consent. We may also feature user testimonials or success stories on our site – but will always obtain your permission before publishing any personal testimonial.
  • Service Providers and Partners: We employ and partner with various third-party companies and individuals to help us operate and improve Pebbo. These service providers perform services on our behalf and under our instructions, and they are contractually obligated to protect the information we share with them. The categories of service providers we use include:
    • Payment Processors: As noted, we use Stripe, Inc. to process all payments and payouts on Pebbo. We share information with Stripe to enable payment transactions. This includes sharing certain personal identifiers and transaction details as needed – for example, when you initiate a payment, we provide Stripe with your user ID and the transaction amount, and Stripe already has your payment credentials on file from when you set them up. When you sign up as a seller for Stripe payouts, we share necessary data to create your account (like your name and email or other contact info) with Stripe, and Stripe collects additional info directly. Stripe uses this information to provide its services (e.g., fraud detection, compliance) and will treat your data according to its own privacy policy. We may also share limited information with Stripe to help resolve disputes or chargebacks (for instance, evidence that an item was delivered). Important: Any sensitive financial information (full card numbers, bank account numbers, SSN, government IDs) that is required for payment processing is collected by Stripe and not by Pebbo. We only receive tokens or references (like a Stripe customer ID or payment ID) and necessary outcome info from Stripe. For more details, see Stripe’s Privacy Policy. If we use additional payment providers or services (such as Apple Pay, Google Pay, or PayPal in the future), similar sharing will occur with those providers as needed to process transactions.
    • Chat and Communication Services: We use Stream (GetStream.io) as our in-app chat service provider. Stream hosts and delivers the messages and media that users exchange in Pebbo chats. We share with Stream the information required to set up and maintain your messaging channels. This includes your user identifier and authentication (so Stream knows you are an authorized user) and your profile information like display name and avatar, so that these appear in chats. When you send messages or images via the chat, that content is transmitted to Stream’s servers and then delivered to the intended recipient(s). Stream, acting as our processor, will store those messages for a period (to sync across devices and allow users to view chat history). Pebbo staff may access message content stored on Stream if needed for trust and safety investigations or as required by law (Stream provides administrative tools for our moderation team). Aside from that, Stream does not use your message content except to transmit and store it on our behalf. Stream may, however, process some metadata (like message timestamps and user IDs) to provide features like unread message counts and notifications. Using Pebbo’s chat indicates your consent to share your communications with our messaging provider for delivery. If you prefer not to use the in-app chat, you should not send messages via Pebbo. (However, using external communication channels outside Pebbo is against our safety recommendations and Terms, especially for completing transactions, so we strongly advise using Pebbo chat for all communications with other users.)
    • Cloud Hosting and Data Storage: Pebbo is built on trusted third-party infrastructure. We utilize Supabase (a hosting platform on cloud infrastructure) for our application backend and database, which means that personal data you provide is stored on cloud servers managed by Supabase (hosted on a platform such as Amazon Web Services) on our behalf. Supabase and our cloud providers act as data processors, meaning they handle data storage and retrieval under strict security protocols and under our instructions. They do not access your information for any purpose other than to maintain the service (e.g., backups, database management). We also use cloud storage for images and media you upload (your listing photos, profile pictures, etc. may be stored in a cloud storage bucket). These storage providers might include AWS S3 or similar, facilitated through Supabase. All such providers are bound by confidentiality and security obligations. In summary, when you use Pebbo, your data will reside on secure cloud servers operated by third parties, but controlled by XYSOFT.
    • Analytics and Performance: We may share certain data with analytics providers that help us understand app performance and user behavior. For example, we might use Google Analytics (for the web) or services like Amplitude or Firebase Analytics (for mobile) to collect usage statistics. These services would receive data such as device identifiers, IP address, and events within the app (like screens viewed, buttons clicked). This information is generally collected by the third-party tool directly via their SDKs or scripts on our app/website. The data provided to these analytics companies may allow them to identify you across other sites or services that use their analytics, but we do not provide your name or contact information to analytics vendors. We ensure any analytics partners are under agreements that limit their use of the data to providing services to us (with any further sharing either in aggregate form or under your device settings choices). You can opt out of certain analytics as described in Section 6 below.
    • Communications and Support Tools: We may use third-party tools to facilitate communications. For example, if we send emails, we might use an email delivery service (such as SendGrid, Mailchimp, or similar) to actually send those messages. Those services would have access to your email address and the content of the message. They are only allowed to use it for sending on our behalf. Similarly, for SMS or push notifications, we use services provided by Apple, Google (Firebase Cloud Messaging), or telecommunications providers to deliver messages to your device. Your device’s push token (a unique identifier) is shared with the push notification service so that our messages reach you. If you contact us via support email or an in-app support chat, our helpdesk software (if used) or email client will process those communications. We also may use a ticketing system (possibly built in-house or via a service like Zendesk/Freshdesk) to manage support requests, which would store your contact info and the request details. All such providers are only permitted to use your data to assist us in providing you service and support.
    • AI and Content Moderation Providers: To enhance user experience, we mentioned using OpenAI’s services for content optimization. When you opt to use AI suggestions for your listing, the text you provide (e.g., an item description) is sent to OpenAI’s API and processed to generate a suggestion. OpenAI will briefly retain and analyze that content to provide the response and for its own service improvements, subject to OpenAI’s policies. We do not share info like your account details with the AI service beyond the content you submit for transformation. Additionally, we may employ automated moderation tools (which could include AI-based image or text analysis) to detect prohibited content. If we use an external service for this (for instance, a service that scans images for banned items or scans text for hate speech), the relevant content would be sent to that provider for evaluation. These providers are only looking for policy violations and do not use your data for other purposes. By using Pebbo and posting content, you acknowledge that your content may be processed by such automated systems.
    • Other Service Providers: We may share necessary information with other vendors that provide services such as fraud prevention, security monitoring, marketing assistance, software development, or business analytics. For example, we might share a hashed version of your email or phone number with a service that helps us verify if it appears in known fraud databases. Or we might use an advertising partner to run Pebbo ads on other platforms, in which case we could provide a device identifier or hashed ID to them to target those ads (only with appropriate consents). We will ensure that any such sharing complies with applicable law and that no sensitive personal information is shared without consent.

In all cases, we limit the personal information shared with service providers to what is necessary for them to perform their functions, and we require them to protect it and not use it for unauthorized purposes.

  • Business Transfers: If XYSOFT LLC (Pebbo) is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your personal information may be transferred as part of that transaction. For example, if another company acquires XYSOFT or Pebbo’s business, we will transfer our user databases (which include personal information) to that successor entity. In such cases, we will ensure that the successor honors the commitments in this Privacy Policy or provides you notice and choice if they intend to materially change the handling of your personal information. Similarly, if we engage in corporate transactions like joint ventures or investment funding, it may be necessary to disclose certain information (often in aggregate or de-identified form, but potentially some personal info if required under confidentiality) to those involved in evaluating or executing the transaction. We will only do so to the extent needed and with appropriate safeguards.
  • Legal Compliance and Protection of Rights: We may disclose your information when we believe in good faith that such disclosure is required to comply with applicable law, regulation, legal process, or an enforceable governmental request. This includes: responding to subpoenas, court orders, or legal processes (for example, disclosing data to law enforcement or tax authorities who present a lawful demand); addressing requests related to national security or law enforcement as per legal requirements; or fulfilling our reporting obligations (for instance, providing information to regulatory agencies if mandated). We may also share information if necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or rights of any person, or violations of our Terms of Service or other agreements. For example, if we believe a user is attempting to commit fraud or harm someone, we may provide information to the appropriate authorities. If another user or a third party (such as an IP owner) brings a legal claim against you or us, and we determine that the relevant personal data in our control should be provided in the context of that dispute, we may disclose data as needed to handle the dispute (consistent with applicable privacy and data protection laws).
  • Enforcing Our Policies and Contracts: Related to the above, we may disclose information to attorneys, auditors, or collection agencies if necessary to enforce our agreements or collect payments due to us. For instance, if you owe us fees and have not paid despite notices, we might send your basic info to a collections firm. Or if we terminate your account for cause and you dispute it, we might share relevant facts with legal counsel for resolution. We will do so only to the extent necessary and still aim to protect your privacy.
  • Affiliates and Subsidiaries: XYSOFT LLC may share your information with any current or future affiliated entities (for example, if XYSOFT LLC establishes regional subsidiaries or related companies). Any affiliates that receive your information will abide by the same privacy commitments. Currently, XYSOFT LLC is a standalone entity, but if in the future our corporate structure changes, we will update you accordingly.
  • Aggregate or De-Identified Data: We may also share information that has been aggregated or anonymized in such a way that it cannot reasonably be used to identify you. This type of data is not considered personal information. For example, we might publish trends about usage of Pebbo, such as the number of items sold in a month or average prices in certain categories, or share aggregated demographic information with prospective partners. We may also disclose de-identified usage data to research organizations or for industry analysis. In all such cases, we ensure that the data does not identify any individual and cannot be re-associated with you.
  • Marketing and Advertising Partners: As of the latest update, Pebbo does not share personal data with third-party advertisers for their independent use. If this policy changes and we engage in limited data sharing for advertising (for instance, using a third-party ad network to display ads within Pebbo or sharing a device identifier with partners to retarget ads for our Services on other platforms), we will do so in accordance with privacy laws and provide appropriate notice and opt-out mechanisms. We will never share sensitive personal information for advertising without consent. Any future “selling” or “sharing” of personal information (as defined under laws like the California Consumer Privacy Act) would be communicated and allowed only if users have not opted out or have expressly opted in, as required. Again, currently we do not engage in such activity.
  • Social Media and Integrated Tools: If Pebbo integrates social features (like a Facebook “Like” button on an item, or an option to log in via Google, etc.), and you choose to use those features, certain information may be shared with or collected by the third-party providing the feature. For example, clicking “Share to Facebook” would share the item information and possibly your username to Facebook’s platform. These third parties have their own privacy policies governing their use of that information. We encourage you to review the privacy settings on any social accounts you link to Pebbo. (At present, direct social media integrations in the Pebbo app are minimal; we primarily focus on in-app interactions.)

In all cases of sharing, we endeavor to only share the minimum information necessary for the purpose and to do so securely. We do not sell your personal information for money. Additionally, we do not share personal information with third parties for their own direct marketing purposes unless you separately agree to that sharing (for example, if you sign up for a joint promotion that asks us to share data with a partner, which would be clearly disclosed at that time).

Warning about External Disclosures: If you directly disclose information through Pebbo’s public forums or messaging with other users, that information may be collected and used by others over whom we have no control. For instance, if you post your phone number in a listing description, anyone viewing that listing could use it. Or if you share personal details with another user in chat, Pebbo cannot prevent that user from saving or distributing those details. Please exercise discretion and good judgment when sharing personal information in any online marketplace, including Pebbo. We are not responsible for circumvention of privacy settings or security measures on the platform by other users (for example, someone taking a screenshot of your public profile or chat and sharing it elsewhere). If you believe a Pebbo user is misusing your personal information, please contact us so we can investigate and take appropriate action.

4. Cookies and Tracking Technologies

We and our partners use cookies and similar technologies to operate and enhance our Services, particularly on our website. This section explains how we use these technologies and your choices regarding them.

What Are Cookies? Cookies are small text files placed on your computer or mobile device when you visit a website. They are widely used to make websites work, or work more efficiently, as well as to provide reporting information. Cookies set by the website owner (in this case, Pebbo/XYSOFT) are called “first-party cookies.” Cookies set by parties other than the website owner are “third-party cookies.” Third-party cookies typically enable certain third-party features or functionality to be provided on or through the site (e.g., analytics, advertising, and social media integration).

How We Use Cookies: Pebbo’s website uses first-party cookies for essential functionality such as:

  • Authentication and Security: to keep you logged in as you navigate between pages, to recognize you when you return, and to help us maintain security (for example, by enabling multi-factor authentication or preventing fraudulent use of credentials).
  • Preferences: to remember your preferences and settings (such as language choice, or whether you’ve dismissed a particular popup or onboarding flow).
  • Features and Performance: to enable certain features like remembering items in your cart (if applicable) or improving load speeds through caching. We may also use cookies to gather performance data, such as error logging or debugging information.

We also use third-party cookies or similar technologies for:

  • Analytics: As mentioned in Section 3, we may use tools like Google Analytics which set cookies to collect information about how visitors use our site. These cookies collect information such as your IP address, browser type, pages visited, time spent on pages, and referring page (if you came from a link). We use this information to compile reports and to help us improve the website. The cookies collect information in an anonymous form (we do not attempt to identify you through analytics cookies).
  • Advertising (Future Use): Currently, we do not display third-party ads on Pebbo, but if we do in the future, advertising partners might use cookies to deliver ads that are relevant to you on our site or to measure the effectiveness of ad campaigns. For example, an ad network might place a cookie to limit how many times you see a particular ad or to track whether you clicked on an ad.
  • Social Media Plug-ins: If our site includes social media sharing buttons or login features, the providers of those features (like Facebook, Twitter, Google) may set cookies or use other identifiers to track your interaction. This could happen, for example, if you click a “Login with Google” button – Google might set cookies to manage the login process.
  • Other Tracking Technologies: In addition to cookies, we may use web beacons (also known as clear GIFs or pixel tags) in our emails or on our site. These are tiny graphics with a unique identifier that let us know when an email has been opened or a certain page has been viewed. This helps us measure the success of our communications and marketing campaigns. We may also use local storage (which allows data to be stored locally on your browser or device) for certain tasks like caching data for offline use or remembering preferences in the app.

Your Choices:

  • Browser Settings: You can typically set your web browser to refuse some or all browser cookies, or to alert you when cookies are being sent. Each browser is different, so check your browser’s help or settings menu for instructions on how to manage cookies. Please note that if you disable or refuse cookies, some parts of our Service (particularly on the website) may become inaccessible or not function properly. For example, you might not be able to stay logged in or use interactive features.
  • Device Settings (Mobile App): For the Pebbo mobile app, cookies per se are not used in the same way, but mobile operating systems provide settings to control certain device identifiers and tracking (for example, resetting or limiting ad tracking on your device). You can also control push notifications and location sharing through your device settings, as mentioned elsewhere in this Policy.
  • Do Not Track: Some browsers have a “Do Not Track” (DNT) feature that signals to websites that you do not want to be tracked. Currently, there is no universal standard for how to respond to DNT signals. Therefore, our website does not respond to these signals in any particular way, and will continue to operate as described in this Privacy Policy regardless of a “Do Not Track” request. If a standard for responding to DNT is established in the future, we will re-evaluate our practices accordingly.
  • Third-Party Opt-Outs: Analytics providers and potential advertising partners may offer their own opt-out mechanisms. For instance, Google Analytics offers an opt-out browser add-on that you can install to prevent data from being used by Google Analytics on websites. Similarly, if we were to use advertising cookies, you could opt out of targeted ads from certain ad networks via industry programs (such as the Digital Advertising Alliance’s opt-out page or the Network Advertising Initiative’s site). We will update this section with relevant links if and when Pebbo engages in advertising that uses cookies.
  • Essential Cookies: Please note that some cookies are essential for the operation of our Service. You cannot opt out of these if you wish to use the Service, except by completely disabling cookies in your browser (which, as noted, will impair functionality). Examples include cookies that authenticate users or prevent fraudulent use of credentials.

For more detailed information about cookies and how they work, you may visit allaboutcookies.org or similar educational resources.

By using our website and online Services, you consent to the use of cookies and similar technologies as described in this Policy, unless you disable them through your browser settings.

5. Data Retention

We will retain your personal information for as long as is reasonably necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. The specific duration for which we keep different types of data can vary based on the nature of the data and the context in which it was collected:

  • Active Account Data: If you have an active Pebbo account, we retain the personal information associated with your account for the duration of your account’s existence. This allows us to provide you with the Services (for example, showing your past transactions, messages, and profile info).
  • Listings and Content: Content you post (listings, profile info, comments) will remain visible on Pebbo until you remove it or your account is deleted (subject to any caching or sharing by others as noted). If you delete a listing or other content, we generally remove it from public view, but it may remain in our backups or archives for a short period. If your item was involved in a completed transaction, certain details (like the transaction record and basic listing info) might be retained for record-keeping even if the listing itself is not publicly visible anymore.
  • Transaction Records: We retain records of transactions and payments (including Lock Fee transactions) as long as necessary for transaction processing, dispute resolution, and compliance with financial regulations. This typically means we keep transaction data for a minimum period required by law (for instance, tax or accounting laws may require retention for a number of years – often seven years in the U.S.). Even if you delete your account, we may be required to keep certain transaction records to comply with legal obligations (we will retain only what is necessary and will archive it securely).
  • Communications: If you have engaged in chat messages, we store those communications to provide the chat history to you and the other party. We currently do not impose a specific expiration on chat history, but we reserve the right to purge old messages from our systems to manage storage. As indicated in our Terms, we do not guarantee that content or chat transcripts will be retained indefinitely. Important messages or information should be saved externally by users if desired. If a chat or account is reported for violating policies, we may retain the relevant messages even if the account is later deleted, in order to cooperate with investigations or to have a record for future reference (for example, to prevent a banned user from returning).
  • Support Tickets and Logs: Information you provide to customer support (tickets, emails) and logs of how you used the Service (audit logs, device logs) are retained as long as needed to address your issue and to improve our support processes. We might keep support correspondence for some time after resolution in case of follow-up, as well as to train our staff or to create FAQ references (with personal data removed). System logs that record activity (login attempts, API calls, errors) are typically retained for a finite period (which could range from a few months to a year) unless required longer for security analysis.
  • Legal Compliance and Protection: In some cases, we may retain certain information for longer periods if we believe in good faith that it’s necessary for legal enforcement or defense. For example, if we deactivate an account due to fraud or safety concerns, we may keep information about that account to prevent the user from re-registering, or to provide to law enforcement if needed. If we are involved in litigation or receive a legal hold request, we will retain relevant information until the matter is resolved. Additionally, as noted, high-volume seller information and associated verification data may be retained to comply with laws like the INFORM Act and to produce to authorities upon request.
  • Account Deletion: If you request deletion of your account (or if we delete it due to inactivity or violation), we will take steps to remove or anonymize personal information within a reasonable timeframe. Following deletion, you will no longer be able to access your account or any content associated with it. However, some information will remain in our archives or backups for a period of time until those are cycled out (backups are maintained to ensure system integrity and disaster recovery). We also retain any information as necessary to comply with law or legitimate interests as described above. When your account is deleted, personal data that is no longer needed is either securely destroyed or de-identified. Some residual information that does not identify you (for instance, aggregate statistics about the number of users in a region) may persist in our database.
  • Anonymized or Aggregated Data: We may retain data that has been rendered anonymous or aggregated such that it is no longer associated with your personal identifiers. This is not personal data, and we may keep it indefinitely to use for analytics, business planning, or reporting.

In summary, we strive not to keep personal data longer than necessary. When we determine that we no longer need personal information (and no law or other obligation requires us to keep it), we will delete, destroy, or anonymize it in a secure manner. If you have specific questions about our retention policies for a certain type of data, you can contact us for more information.

Please note that even after you delete your account or data, your information may not be immediately removed from all our systems. For example, data stored in backup media might remain for a period of time until the backup is overwritten or destroyed. We maintain backup data securely and limit access to it. We also may retain an identifier (like a hashed email) to remember that you requested deletion, so that we don’t inadvertently recreate an account for you without your consent.

6. Your Rights and Choices

We offer various ways for you to manage your personal information and exercise rights under applicable privacy laws. These include the ability to access, update, delete, or restrict certain data. Below, we outline your rights and the choices you have regarding your information:

  • Access and Correction: You have the right to access the personal information we hold about you and to request corrections of any inaccuracies. Much of your basic account information can be viewed and updated directly by you in the Pebbo app. For example, you can edit your profile (display name, profile picture, bio, location), update your contact information (email, phone number), and change your password in the account settings. Please ensure that your information is accurate and up-to-date. If any of your information changes, promptly update it in the app. If you need assistance or wish to request a copy of personal data that Pebbo has about you, you can contact us (see Contact Us below). We will provide you with the information required by law, in a portable format if applicable, after verifying your identity (to protect your privacy). We will also correct any factual inaccuracies you report. In certain cases, if a correction is not feasible, we may offer to note the request alongside the data.
  • Account Deactivation and Deletion: You have the right to request deletion of your Pebbo account and the personal data associated with it. We aim to comply with such requests in accordance with applicable law. You may delete your account by contacting Pebbo support at our support email or through the app if that feature is available. For security, we will likely ask you to verify your request (for example, by confirming from the email associated with your account). Once confirmed, we will deactivate your account and remove personal data that we are not required or permitted to retain. Note that deletion is irreversible – your profile, listings, and messages will be permanently removed or anonymized. Data that other users have received (such as messages you sent or feedback you left) may still be visible to them even after your account is gone, and some transaction records or necessary logs will be retained as described in Data Retention. If you simply stop using Pebbo without deleting your account, we may eventually deem the account inactive and delete it after a prolonged period, but we have no obligation to do so. It’s best to request deletion if you want to terminate your use. California Residents: Please see the “California Privacy Rights” section below for additional deletion rights under the law.
  • Withdrawal of Consent: In cases where we rely on your consent to process your data (for example, if you opted in to a specific feature or marketing communication), you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal. For instance, if you gave permission to use precise location data, you can revoke that permission by changing your device settings (turning off location for Pebbo) or via the app’s privacy settings if available. If you consented to an AI feature using your data, you can stop using that feature and contact us to delete any stored inputs that are attributable to you. Withdrawing consent for optional processing may limit your ability to use certain features, but it will not result in deletion of data processed prior to withdrawal unless you separately request deletion.
  • Opt-Out of Marketing Communications: You can opt out of receiving promotional emails or messages from us. If you prefer not to receive marketing emails, you can click the “unsubscribe” link (usually at the bottom of the email) and follow the instructions. You can also manage your communication preferences in the app settings or contact us to be removed from marketing lists. Please note that even if you opt out of marketing, we may still send you transactional or service-related messages (such as payment receipts, important account notifications, or policy updates) as these are not promotional. If you are receiving push notifications with promotional content, you can disable Pebbo notifications entirely in your device’s settings, or adjust which notifications you get in the app’s settings (if granular controls are provided). For SMS messages, you may reply “STOP” if such option is provided, or contact support to opt out of texts. We will process opt-out requests as soon as possible, but please allow a few days for email preferences to fully update.
  • Push Notifications and Alerts: The Pebbo app, with your permission, may send push notifications or alerts to your device. You can control these at any time through your device’s settings (for example, turning off notifications for the Pebbo app on iOS or Android). In the app, you may also have settings to choose which push notifications you want to receive (e.g., new chat messages, items found, promotions). Adjust these settings to suit your preferences. Keep in mind that if you disable all notifications, you might miss important alerts about your transactions or account.
  • Location Data: You can decide whether to grant Pebbo permission to access precise location information. If you previously allowed it but no longer want Pebbo to use GPS/location data, you can revoke that permission in your smartphone’s settings (under the Pebbo app permissions). Even if you disable precise location, you can still manually set a location in your profile or listings. Also, note that we might still derive a rough location from your IP address for security and regional content (which is common for all internet services). If you want to limit that, using a VPN might obscure your IP-based location, but it’s not generally necessary for normal usage. If location is blocked, some features (like finding nearby items or auto-filling your city) may not function.
  • Cookies and Tracking Choices: As detailed in Section 4, you have control over cookies through your browser settings. You can also opt out of certain third-party tracking (like Google Analytics) by using the tools those providers offer. If we ever implement interest-based advertising, we will provide an opt-out for the “sale” or “share” of data for these purposes, as required by law (e.g., via a “Do Not Sell or Share My Personal Information” link for California residents, if applicable). Currently, we do not engage in such data sales/sharing.
  • California Privacy Rights: If you are a resident of California, you have specific rights under the California Consumer Privacy Act (CCPA) and its amendments (such as CPRA). These include the right to know what personal information we have collected about you in the past 12 months, the right to know how we use and share that information, the right to request deletion of your personal information, the right to correct inaccurate personal information, the right to opt out of the “sale” or “sharing” of personal information, and the right not to receive discriminatory treatment for exercising any of these rights. We provide details of the categories of personal information we collect and the categories of sources, purposes, and third parties with whom we share such information throughout this Privacy Policy (see Sections 1, 2, and 3). To summarize, in the preceding 12 months, we may have collected the following categories of personal information about our users: identifiers (e.g., name, email, phone) and account login info; personal records (e.g., payment information and transaction history); protected characteristics (age/date of birth for eligibility, but we do not collect gender, etc., unless voluntarily provided); commercial information (listings posted, items bought or sold, Lock Fee deposits); internet or electronic activity (device info, log data, cookies); geolocation data (if provided); audio/visual data (photos you upload, and possibly any voicemail or recorded support calls, though we primarily use text); inferences drawn from the above (preferences, etc.); and any other information you choose to provide. We collect these from you directly, and automatically, and from service providers as described above. We use them for the business and commercial purposes described in Section 2. We share personal information with service providers and as required by law, and we do not sell personal information for monetary consideration. We also do not share it for cross-context behavioral advertising at this time. If that changes, California residents will be provided the opportunity to opt out. If you are a California resident and wish to exercise your access, correction, or deletion rights, you (or an authorized agent acting on your behalf) can contact us via the methods in Contact Us below. We will verify your request by confirming details associated with your account (we may ask you to log in or provide information like your last transaction or sign-in). Once verified, we will respond as required by law, typically within 45 days. If we need more time (up to an additional 45 days), we will inform you of the reason. Please note some information may be exempt from such requests (for example, we cannot provide certain sensitive information like full payment card numbers, and we may retain data needed for security or legal reasons). Additionally, California’s “Shine the Light” law (Civil Code Section 1798.83) entitles California users to request and obtain from us once a year, free of charge, a list of any third parties to whom we disclosed their personal information (if any) for those parties’ direct marketing purposes in the preceding calendar year, as well as the type of personal information disclosed. Pebbo does not share personal information with third parties for their own direct marketing purposes without your consent. Therefore, under Shine the Light, we have nothing to disclose. If you still wish to make a Shine the Light inquiry, you may do so by contacting us.
  • Nevada Residents: Nevada law allows customers to opt out of the sale of certain personal information (as defined under Nevada law) to third parties. We do not currently sell personal information as defined in Nevada law. If you are a Nevada resident who has questions about our data practices or would like to be notified if our practices change, please contact us.
  • European/International Users: Pebbo is intended for U.S. users only. We do not actively offer our services to EU or other international users at this time. However, if you are using Pebbo outside the U.S. (against our intended use case), please be aware that we primarily consider U.S. privacy laws. If you are in a jurisdiction with specific privacy rights (e.g., GDPR in Europe, PIPEDA in Canada, etc.), we will try to honor any valid requests (such as right of access or deletion) in line with our legal obligations. You can contact us to exercise those rights, but note that as a U.S.-only service, our ability to fully comply might be limited (and we may ask you to close your account if use is not authorized in your region). EU users, for example, typically have rights to access, rectification, deletion, restriction, objection, and portability. While we do not target the EU, if we receive a request referencing those rights, we will treat it similarly to a California request as described above. We also note we rely on the necessity to perform our contract (provide the service) and legitimate interests for processing, and we only rely on consent where indicated (like for marketing or optional features).
  • Authorized Agents: If you wish, you may designate an authorized agent to make privacy requests on your behalf (for example, under California law). The authorized agent must provide proof of their authority (such as a signed permission from you), and we may still require you to verify your identity directly with us or confirm that the agent has permission. This is to prevent fraud.
  • Non-Discrimination: Pebbo will not discriminate against you for exercising any of your privacy rights. This means we will not deny you our Services, charge you different prices, or provide a lesser quality of service just because you made a privacy rights request. If you opt out of certain optional data uses (like personalized ads, if we had them), we will of course not include you in those, but that is not a discriminatory action, just compliance with your choice.

If you have any questions about your rights or how to exercise them, you can always reach out to us at the contact information provided below. We are here to help you manage your personal information and ensure you feel comfortable with how it’s handled on Pebbo.

7. Security

We take the security of your personal information seriously and have implemented a variety of technical and organizational measures to protect it. However, please note that no website or app can guarantee complete security. We strive to protect your data, but we cannot warrant the security of information transmitted through the internet or stored on our systems with absolute certainty.

Security Measures We Employ:

  • Encryption: Pebbo uses encryption to protect data in transit. This means that the information you send to us through the app or website (for example, during login or when making a payment) is encrypted via SSL/TLS protocols. You can verify this on the web by seeing the “https” and lock icon in your browser. For sensitive communications between our app and servers, encryption ensures that third parties cannot easily intercept and read your data. We also employ encryption for certain data at rest (stored data) where appropriate, especially for particularly sensitive information. For instance, passwords are stored in hashed form (never in plain text), and any payment tokens or keys are stored securely.
  • Access Controls: We limit access to personal information to authorized employees, contractors, and agents who need such access to operate, develop, or improve our Services. These personnel are bound by confidentiality obligations. Our internal databases are protected by access controls, so that only specific, necessary information is accessible to staff for designated purposes. For example, customer support agents may have access to your profile and transaction history to help with an issue, but they would not be able to retrieve your full payment card details (those are with Stripe) or your password. Administrative access to systems requires authentication and is logged for security auditing.
  • Network and System Security: We maintain firewalls and intrusion detection systems to guard against external attacks. Our servers are kept updated with security patches, and we utilize secure network architectures (including the isolation of database servers from direct internet access). We conduct regular security assessments and vulnerability scans. Where possible, we employ techniques like rate limiting (to prevent brute force attacks) and automated blocking of suspicious activity (e.g., repeated failed login attempts).
  • Testing and Auditing: We periodically test our applications for security vulnerabilities, both internally and sometimes through third-party penetration testing. We also monitor our systems for potential threats or anomalies in real-time. Audit logs are maintained to track access and changes to sensitive systems. We follow best practices for software development to minimize bugs that could compromise security, including code reviews and using established frameworks.
  • Physical Security: The data centers and cloud infrastructure we use (via our providers) employ robust physical security measures, such as 24/7 monitoring, access badge controls, biometric scanners, and redundant power and cooling. While we don’t have our own physical servers (we use cloud providers), we rely on their certifications (like SOC 2, ISO 27001) to ensure physical security of the hardware storing our data.
  • Backup and Recovery: We regularly back up critical data to ensure that it can be recovered in case of an accident or technical issue. Backups are encrypted and stored securely. This protects against data loss and also provides resilience against ransomware attacks, as we maintain copies of data offline or in secure archives.
  • Training and Policies: We train our employees about the importance of privacy and security. We have internal policies governing how data is handled (for example, we limit the use of production data in testing environments and sanitize personal info where not needed). Employees are trained to recognize social engineering or phishing attempts, and we have measures to prevent unauthorized internal access (like requiring two-factor authentication for administrative access to systems).

Your Responsibility: Despite our efforts, the security of your account also depends on you. We urge you to keep your Pebbo account credentials confidential and secure. Do not share your password with others, and use a unique, strong password for Pebbo. Pebbo staff will never ask you for your password. If you suspect that your account has been compromised (for example, you notice unauthorized activity or you lose access to your login), please notify us immediately. We also recommend enabling any additional security features we offer, such as two-factor authentication (if available), which can provide an extra layer of protection.

Be careful when using Pebbo on public or untrusted networks (like public Wi-Fi). Avoid logging in through phishing links – always use the official app or website. Check for the secure lock symbol in your browser for the correct domain (pebbo.com or our official domain). If someone contacts you pretending to be from Pebbo support and asks for sensitive info, double-check by reaching out to us directly at our official contact.

Incident Response: In the unfortunate event of a data breach or security incident that affects your personal information, we will act promptly to contain and investigate the incident. We will notify affected users and relevant authorities as required by law. Our incident response plan includes steps to mitigate harm and prevent similar incidents in the future. We appreciate your understanding that while we cannot guarantee perfect security, we are continuously working to bolster our defenses.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account or personal information has been compromised), please contact us immediately using the information in Contact Us so that we can take appropriate steps.

8. Children’s Privacy

Pebbo is not intended for anyone under the age of 18. We do not knowingly solicit or collect personal information from individuals under 18 years of age. Our Terms of Service explicitly prohibit minors (persons under 18) from using the Services. If you are under 18, you are not permitted to create an account or use Pebbo, and you should not provide any personal information to us.

Parents or guardians: If you become aware that a minor (under 18) in your care has created a Pebbo account or otherwise provided us with personal information, please contact us immediately. We will take steps to terminate the minor’s account and delete or anonymize any personal data to the extent required by applicable law. We may ask for proof of guardianship or identity to process such requests, for the protection of the minor’s privacy.

Though our platform is 18+, we still include this section to address the Children’s Online Privacy Protection Act (COPPA) and other youth privacy laws. We do not knowingly collect information from children under 13. We do not direct any of our content specifically at children. All users, by agreeing to the Terms and this Policy, represent that they are 18 or older, or otherwise not a minor as defined by their local law if higher (some states might treat under 18 as minors regardless, but 18 is our minimum universally).

In the event we discover that we have inadvertently collected personal information from someone under 18 (for instance, if a user lies about their age), we will promptly delete that information as soon as we are aware. We reserve the right to ask for age verification information if we suspect a user is underage, and to suspend accounts that cannot verify they are at least 18.

We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to use Pebbo or share personal data without permission. Various device and software solutions also exist to help ensure minors do not access certain content online—consider using these tools if relevant.

If you have questions about our practices with respect to children’s personal information, or if you believe a minor has provided us information, please contact us at the email address in Contact Us below. We will address the issue promptly.

9. International Users and Data Transfers

Pebbo is intended for use within the United States only. We do not market or provide our Services to individuals outside the U.S., and our systems are designed with U.S. users in mind. If you choose to use Pebbo from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States (and potentially in other countries where our service providers are located, such as data centers). The data protection laws in these countries (including the U.S.) may not be as comprehensive or protective as the laws in your country of residence.

By using the Services or providing us with your information, you acknowledge that your information will be processed in the United States as described in this Privacy Policy. We rely on this disclosure and your consent (where applicable) to transfer information to the U.S. If you do not want your data transferred to or processed in the U.S., you should not use Pebbo.

For clarity:

  • Our company, XYSOFT LLC, is based in California, USA, and all data we collect is generally stored on servers located in the U.S. (or in cloud infrastructure that is primarily U.S.-based).
  • We do not currently accommodate non-U.S. regions in terms of localization, currency, or legal compliance (aside from basic GDPR alignment for transparency). We make no representation that our Services are appropriate or available in other locations.
  • If you access Pebbo from outside the U.S., you do so on your own initiative and are responsible for compliance with any local laws. We consider it an “at your own risk” situation, as noted in our Terms. We reserve the right to restrict or deactivate accounts that appear to be outside the U.S., in line with our geographic scope policy.

That said, if our user base expands internationally in the future, we will update our privacy practices to comply with relevant international laws (for example, implementing GDPR-compliant measures for the EU or UK if we ever officially launch there, or addressing cross-border transfer requirements like Standard Contractual Clauses). For now, our policy remains U.S.-centric.

If you are an international user who for whatever reason is using Pebbo, please be aware of the following:

  • You should not provide personal information if it’s illegal in your country to do so for a U.S. service.
  • We treat all users as subject to U.S. law. This means, for example, that we will handle data access requests primarily under U.S. legal standards (and those of states like California if applicable). We will try to respect rights like GDPR rights, but our ability might be limited since we do not have infrastructure or representatives in other countries.
  • The U.S. government or courts could potentially access your information through legal processes, and privacy protections might differ from those in your country.

If you do not agree with the above or are uncomfortable with your data being in the U.S., please discontinue use of Pebbo. Our Terms also explicitly mention that we make no guarantees about availability outside the U.S. and that using from elsewhere is at your own risk.

For all users, any international transfer of your data (e.g., between us and a service provider in another country) will be done with appropriate safeguards in place to protect your information, as required by law. For example, if we transfer data to a European service provider, we would ensure Standard Contractual Clauses or another transfer mechanism is in place.

In summary: Pebbo is a U.S.-only service. If you happen to use it internationally, understand that U.S. laws apply and your data will be processed here. We are committed to protecting your privacy globally but can only practically do so within the scope of U.S. law and our current operations.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make material changes to how we collect, use, or share your personal information, we will provide you with prominent notice. We may notify you by email (sent to the email address specified in your account), by in-app notification, or by posting an updated notice within the Pebbo app or on our website.

The notice will explain the key changes and, if required by law, we will obtain your consent or give you the opportunity to opt out of certain changes. Minor updates (such as clarifications, language tweaks, or changes that do not materially affect your rights) may be simply updated on our website with a new effective date.

At the top of this Policy, we indicate when it was “Last Updated.” The updated Privacy Policy will be effective as of that date unless otherwise noted. Your continued use of Pebbo after any changes to this Policy constitutes your acceptance of the updated terms, to the extent permitted by law. If you do not agree with a change, you should stop using the Services and may close your account. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

For significant changes, especially those that involve new ways of handling personal data that differ from the original purpose when collected, we will endeavor to give advance notice so that you can review the changes and make any necessary decisions (like whether to continue using the Service).

If you have any questions about any changes or want to understand a previous version of the Policy, please contact us. We may keep prior versions of this Privacy Policy in an archive (and will make those available as required by law, such as upon request by regulators or users in some jurisdictions).

11. Contact Us

If you have any questions, concerns, or comments about this Privacy Policy or our privacy practices, please contact us. We take your privacy inquiries seriously and will do our best to address them promptly and thoroughly.

You can reach us by email at xiao.tan@xysoft.co (Attn: Privacy). This is our primary contact for privacy and data protection matters. Please include your contact information and a detailed description of your question or concern.

You may also contact us by mail at the following address:

XYSOFT LLC

Attn: Privacy / Legal Department

3400 Cottage Way, Ste G2 #30277

Sacramento, CA 95825, USA

Please note that this mailing address is provided for legal correspondence; email will generally result in a faster response for user inquiries.

If you are contacting us to exercise a privacy right (such as requesting access or deletion), please state the specific request and include enough information for us to verify your identity (for example, the email associated with your Pebbo account, and perhaps a recent transaction or other identifier). If an authorized agent is contacting us on your behalf, we may require additional verification or documentation as described in Section 6.

We will respond to legitimate inquiries without undue delay, and in any event within the timeframes provided by applicable law. For California residents or other jurisdictions with specific timelines, we will comply accordingly (typically within 45 days for access/deletion requests, with an extension if necessary).

Additionally, if you ever have a security concern or suspect a vulnerability related to Pebbo, you can contact us at the above email (preferably with “Security” in the subject line). We appreciate feedback and will act on credible security reports.

Governing Law: As noted, this Privacy Policy and any related disputes are subject to the laws of the State of California and applicable U.S. federal law. By contacting us or using Pebbo, you agree that any issue arising out of this Policy not resolved informally will be handled in accordance with the dispute resolution and governing law clauses of our Terms of Service (which generally provide for arbitration and California law jurisdiction). We mention this here to be clear that privacy issues are encompassed by those terms.

Thank you for reading our Privacy Policy. We are committed to protecting your personal information and providing a safe, trusted marketplace experience. Your privacy and security are important to us, and we will continue to evolve our practices to keep your data secure and handle it with care.