Privacy Policy

1. Introduction

The Marble Jar BV ("we," "us," or "our") operates Pebls, an AI-powered personal assistant service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. The Marble Jar BV is the data controller for the personal data processed through Pebls.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, company name, job title
• Payment Information: Billing address, payment method details (processed securely through our payment providers)
• Profile Information: Preferences, settings, and customization choices
• Communication Data: Messages you send to our support team

2.2 Information from Integrated Services

• Email Data: Email content, metadata, attachments from Gmail and Outlook
• Calendar Data: Events, meetings, schedules from integrated calendar services
• Task Data: Tasks and projects from integrated productivity tools
• Document Data: Files and documents from Google Drive, OneDrive (if integrated)

2.3 Automatically Collected Information

• Usage Data: Features used, actions taken, time spent, frequency of use
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, access times, pages viewed, click patterns
• Location Data: Country and region for pricing localization (IP-based)
• Cookies: Session cookies and preference cookies for functionality

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: To provide the Service you've subscribed to
• Legitimate Interests: To improve our Service, ensure security, and prevent fraud
• Consent: For optional features and marketing communications
• Legal Obligations: To comply with applicable laws and regulations

You may withdraw your consent at any time by contacting us at [email protected]or through your account settings. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

4. How We Use Your Information

4.1 Service Provision

• Process and organize your emails intelligently
• Manage and optimize your calendar and schedules
• Prioritize tasks and provide productivity insights
• Generate AI-powered recommendations and responses
• Sync data across integrated platforms

4.2 Service Improvement

• Analyze usage patterns to enhance features
• Train and improve our AI models (using anonymized data)
• Develop new features based on user needs
• Optimize performance and user experience

4.3 Communication

• Send service updates and notifications
• Respond to support requests
• Provide account and billing information
• Send marketing communications (with consent)

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your information only in these circumstances:

5.1 Service Providers

We work with trusted third-party providers who assist in operating our Service:

• Cloud hosting providers (data storage and processing)
• Payment processors (billing and subscriptions)
• Analytics providers (service improvement)
• Customer support tools

5.2 Integrated Services

When you connect third-party services (Gmail, Outlook, etc.), data is shared according to:

• The permissions you grant during OAuth authentication
• The functionality required for the integration
• The privacy policies of those third-party services

5.3 Legal Requirements

We may disclose information if required by law, court order, or government regulation, or if necessary to protect our rights, property, or safety.

5.4 No Sale of Personal Data

We do not sell, rent, or share your personal data for monetary or other valuable consideration as defined under applicable privacy laws.

6. Email and Calendar Data Processing

Your email and calendar data requires special care. Here's how we handle it:

6.1 Email Content

• Emails are processed in real-time and not permanently stored unless you save them
• Attachments are scanned for security but not retained after processing
• We never read your emails for advertising or profiling purposes
• Email processing happens only with your explicit permission via OAuth

6.2 Sensitive Information

Our AI is designed to recognize and protect sensitive information such as:

• Financial information (credit cards, bank accounts)
• Health records and medical information
• Passwords and authentication credentials
• Government identification numbers

This information is automatically excluded from analytics and AI training data.

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

• End-to-end encryption for data in transit
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• Access controls and authentication requirements
• Employee training on data protection
• Incident response procedures
• Regular backups and disaster recovery plans

7. Data Retention

We retain your personal data only as long as necessary:

• Account Data: Retained while your account is active
• Email/Calendar Data: Processed in real-time, cached for 7-90 days based on plan
• Usage Analytics: Anonymized after 24 months
• Billing Records: Retained for 7 years for tax compliance
• Support Communications: Retained for 2 years

Upon account deletion, we delete or anonymize your data within 30 days, except where retention is required by law.

8. Your Privacy Rights

Depending on your location, you may have the following rights under applicable privacy laws:

8.1 Access and Portability

You can request a copy of your personal data in a structured, commonly used format.

8.2 Rectification

You can request correction of inaccurate or incomplete personal data.

8.3 Erasure ("Right to be Forgotten")

You can request deletion of your personal data, subject to legal obligations.

8.4 Restriction and Objection

You can request we limit processing or object to certain uses of your data.

8.5 Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

8.6 Opt-Out of Sale/Sharing

You may opt-out of any sale or sharing of your personal data for cross-context behavioral advertising.

8.7 Non-Discrimination

You will not be discriminated against for exercising your privacy rights.

8.8 Lodge a Complaint

You have the right to file a complaint with your local data protection authority.

9. International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with sufficient data protection
• Your explicit consent for specific transfers

10. Children's Privacy

Pebls is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will promptly delete such information.

11. Cookies and Tracking

We use cookies and similar technologies to:

• Essential Cookies: Required for Service functionality
• Analytics Cookies: Help us understand usage patterns (with consent)
• Preference Cookies: Remember your settings and choices

Depending on your location, we will request your consent before placing non-essential cookies. You can control cookies through your browser settings. Disabling essential cookies may impact Service functionality.

We honor Global Privacy Control (GPC) signals where legally required. If your browser sends a GPC signal, we will treat it as a valid request to opt-out of data sharing.

12. AI and Automated Processing

Pebls uses AI and machine learning to provide its services. This includes:

• Automated email categorization and prioritization
• Smart scheduling recommendations
• Task priority scoring
• Productivity insights generation
• Response and action suggestions

12.1 AI Model Training

Important: We do not use your personal data to train general AI models. Your email content and personal information are processed solely to provide services to you. Any improvements to our AI are made using anonymized, aggregated data with your consent.

12.2 Third-Party AI Providers

We may use third-party AI providers to enhance our services. These providers:

• Do not retain your data beyond processing
• Cannot use your data to train their models
• Are bound by strict data processing agreements
• Process data only for immediate service delivery

You have the right to request human review of automated decisions that significantly affect you. AI processing can be disabled in your account settings, though this may limit Service functionality.

13. Data Processing Agreement

For business customers, we offer a Data Processing Agreement (DPA) that outlines our commitments as a data processor. Please contact us to request a DPA for your organization.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service. The "Last updated" date at the top indicates the most recent revision. Your continued use after changes constitutes acceptance of the updated policy.

15. Contact Information

For privacy-related questions, complaints, grievances, or to exercise your rights, contact our Data Protection Officer:

Response time: Within 30 days or as required by applicable law. We are committed to addressing your concerns and resolving any privacy issues promptly.