Privacy Policy

Last updated: March 25, 2026

1. Introduction

Pedla, Inc. ("Pedla," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

Pedla is operated from the United Kingdom and primarily serves users in the United States. We comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and applicable US privacy laws including the California Consumer Privacy Act (CCPA).

By using Pedla, you agree to the collection and use of information in accordance with this policy.

2. Data Controller

For the purposes of data protection law, the data controller is:

Pedla, Inc.
Email: privacy@pedla.us
Website: https://pedla.us

3. Information We Collect

3.1 Account & Profile Information

  • Email address (for account creation and authentication)
  • Password (hashed with bcrypt, never stored in plain text)
  • Display name, username, and optional legal name
  • Date of birth (optional)
  • Profile photo and banner image (optional)
  • Company name and role (optional)
  • Timezone and locale settings
  • Apple ID (if using Sign in with Apple)

3.2 Sales Activity Data

  • Counter metrics you track (e.g. doors knocked, contacts made, pitches, demos, sales closed)
  • Timestamps of when activities are logged
  • Daily rollup totals and aggregated statistics
  • Session data (start, pause, end times)
  • Custom counter definitions and labels
  • Goals and target metrics

3.3 Wellness & Mindset Data

If you use our wellness features, we collect:

  • Daily survey responses (AM/PM check-ins) including mood, energy, stress, and focus ratings on a 0–5 scale
  • Journal entries and personal reflections (free-text)
  • Custom habit tracking data
  • Mindset check-in responses
  • Affirmation and reading activity

This data is classified as special category data under GDPR Article 9 and is processed on the basis of your explicit consent.

3.4 Health & Fitness Data (Apple HealthKit / Google Fit)

If you grant permission, we may read data from Apple HealthKit (iOS) or Google Fit (Android):

  • Workout data (type, duration, calories burned)
  • Step count (daily totals)
  • Sleep data (duration)
  • Activity recognition data

Health data access is entirely optional and requires your explicit device-level permission. Health data is used solely to auto-complete habits and display wellness insights within the app. Health data is stored locally on your device and synced to your Pedla account for cross-device access. We never sell, share with third parties, or use health data for advertising. You can disconnect health access at any time via your device settings, and synced health data will be deleted when you delete your account.

3.5 Location Data (Optional)

If you enable location permissions:

  • GPS coordinates when logging counter activities
  • Location is cached for 30 seconds and used to analyse sales performance by area
  • Location accuracy data

Location tracking is disabled by default, uses "when-in-use" permission only (no background tracking), and can be turned off at any time in your device settings.

3.6 Journal and Activity Data

  • Journal entries and activity notes (text you write about your day)
  • Selfie photos (optional, taken via in-app camera for daily activity cards)
  • Activity timestamps and session metadata

Journal entries are private by default. Selfie photos are stored locally on your device and synced to your account for cross-device access. You can delete individual entries at any time.

3.7 Camera, Photos & Media

  • Camera: Used for QR code scanning (team invites), profile photo capture, and selfie sharing with stats overlays
  • Photo Library (read): Used to select profile photos, banner images, and message attachments
  • Photo Library (write): Used to save images to your device
  • Microphone: Available for audio features (requires separate permission)

Each permission is requested individually and can be revoked at any time via your device settings.

3.8 Biometric Data

  • Face ID / Touch ID: Used for app unlock and authentication on supported devices
  • Biometric data is processed entirely on your device by the operating system — Pedla never receives, stores, or transmits your biometric data

3.9 Communication Data

  • Direct messages sent to other users (content, timestamps, read receipts)
  • Message attachments (images, files)
  • Message reactions

3.10 Social & Community Data

  • Follow/follower relationships
  • Feed posts, comments, and reactions
  • Saved collections and bookmarks
  • Block and report actions

3.11 Team & Organisational Data

  • Team membership and role (rep, team leader, co-manager, manager, regional)
  • Team hierarchy relationships
  • Leaderboard rankings and performance ratings
  • Badges, achievements, and accolades
  • Contact information shared within your team (phone number, if provided)

3.12 Gamification & Competitive Data

  • XP points, levels, and streaks
  • Challenge participation and results
  • Battle records and rankings (when available)
  • Achievement progress

3.13 Subscription & Payment Data

  • Subscription tier and status (free, trial, premium)
  • Trial type and dates
  • Transaction identifiers (for receipt validation)
  • Subscription billing period and renewal status
  • Trial eligibility status
  • We do not store your credit card or payment method details — all payment processing is handled by Apple App Store or Google Play Store

3.14 How We Use Subscription Data

  • Verify your entitlement to premium features
  • Sync subscription status across your devices
  • Provide customer support for billing-related inquiries
  • Detect and prevent subscription fraud

Subscription records are retained for the duration of your account. If you delete your account, subscription records are permanently deleted immediately. Note: deleting your Pedla account does not cancel your subscription with Apple or Google — you must cancel separately.

3.15 Referral & Ambassador Data

  • Referral codes and links
  • Referred user tracking
  • Earnings and payout information
  • Device fingerprint data (for fraud detection only)

3.16 Technical & Device Data

  • Device type, model, and operating system version
  • App version and build number
  • Crash reports, error logs, and performance data (via Sentry)
  • Timezone and locale information
  • IP address (collected automatically by our cloud services)
  • Push notification tokens (for delivering notifications)
  • Unique device identifiers

3.17 Information We Do NOT Collect

  • We do not collect contacts from your address book
  • We do not collect financial account details (bank accounts, SSN)
  • We do not use the Apple Advertising Identifier (IDFA) for tracking
  • We do not track you across other apps or websites

4. How We Use Your Information

  • Provide core services: Counter tracking, statistics, analytics, funnel visualisation, and cloud sync
  • Team features: Enable manager dashboards, leaderboards, team performance views, and team communication
  • Wellness features: Display survey insights, journal history, habit tracking, and health correlations
  • Social features: Enable feed posts, direct messages, follows, and community interactions
  • Gamification: Calculate XP, levels, streaks, achievements, and challenge results
  • Notifications: Send check-in reminders, performance summaries, team updates, and milestone celebrations
  • Subscriptions: Process free trials, manage premium features, and handle billing
  • Improve the service: Analyse usage patterns, identify and fix bugs, and develop new features
  • Security: Detect fraud, prevent abuse, and protect against unauthorised access
  • Legal compliance: Comply with applicable laws and respond to lawful requests

We Do NOT Use Your Data For

  • Selling to third parties or data brokers
  • Targeted advertising
  • AI/ML model training without your explicit consent
  • Sharing individual performance data outside your team

5. Data Visibility Within Teams

If you are part of a managed team, the following data visibility rules apply:

What Managers Can See

  • Your daily activity counts and counter metrics
  • Real-time performance data and leaderboard position
  • Goal progress
  • Last activity timestamp
  • Your legal name (if provided)
  • Contact information shared within the team

What Managers Cannot See

  • Your personal journal entries (unless you explicitly share them)
  • Your wellness survey free-text responses
  • Your direct messages with other users
  • Your health/fitness data from HealthKit or Google Fit

Reps can only view their own data. You may leave a team at any time and your data remains with you.

6. Data Storage & Security

Where Your Data Is Stored

  • On your device: SQLite database encrypted with AES-256 via SQLCipher; sensitive tokens stored in Keychain/Secure Store
  • In the cloud: Supabase (PostgreSQL) hosted in the United States (AWS us-east-1), with encryption at rest

Security Measures

  • HTTPS/TLS 1.2+ encryption for all data in transit
  • Row-Level Security (RLS) policies ensuring you can only access authorised data
  • Passwords hashed with bcrypt (never stored in plain text)
  • AES-256 encryption for local device storage
  • Regular security audits and updates

While we implement strong security measures, no method of transmission or storage is 100% secure.

7. Third-Party Services

We share limited data with the following trusted service providers:

Supabase

Cloud database, authentication, and real-time sync. Stores account information, activity data, team data, and messages. Supabase Privacy Policy

Sentry

Crash reporting and error monitoring. Receives device information, error logs, and app performance data (anonymised). Sentry Privacy Policy

RevenueCat

Subscription management and in-app purchase processing. Receives subscription status, purchase history, and transaction identifiers. RevenueCat Privacy Policy

Apple & Google

App distribution, in-app purchases, and optional sign-in (Sign in with Apple). Receives Apple/Google account ID and email if you choose these sign-in methods. Subscription billing and payment processing. Subject to Apple and Google privacy policies.

Expo Push Notification Service

Delivers push notifications. Receives device push tokens and notification content.

We do not sell your personal data to any third party.

8. International Data Transfers

Your data may be transferred to and processed in the United States. For UK and EU users, we ensure adequate protection through Standard Contractual Clauses (SCCs) with our service providers and Data Processing Agreements (DPAs) where required.

9. Your Rights

For All Users

  • Access: View all your data within the app or request a full data export
  • Export: Export your data as JSON or CSV from Settings (counter events, daily totals, location history, wellness data, habits, badges, team membership)
  • Delete: Delete your account and all associated data via Settings > Delete Account
  • Correct: Update your profile information at any time
  • Withdraw consent: Revoke permissions (location, health data, notifications, camera) via your device settings at any time

Additional Rights for UK/EU Users (GDPR)

  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion ("right to be forgotten")
  • Restriction: Request restriction of processing
  • Portability: Receive your data in a machine-readable format (JSON, CSV)
  • Object: Object to processing based on legitimate interests
  • Automated decisions: Not be subject to decisions based solely on automated processing
  • Lodge a complaint: File a complaint with the ICO (UK) at ico.org.uk or your national Data Protection Authority (EU)

To exercise GDPR rights, email privacy@pedla.us with "GDPR Request" in the subject. We will respond within 30 days.

California Privacy Rights (CCPA)

  • Right to Know: Request disclosure of data collected about you
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of sale of personal information (we do not sell data)
  • Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise CCPA rights, email privacy@pedla.us with "CCPA Request" in the subject.

10. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal information on the following bases:

  • Performance of contract: Core app functionality (counters, sync, team management, subscriptions)
  • Explicit consent: Health/fitness data, wellness/mood data, location data, push notifications
  • Legitimate interest: Crash reporting (service stability), fraud detection, security
  • Legal obligation: Compliance with applicable laws, responding to lawful requests

11. Data Retention

  • Active accounts: Your data is retained as long as your account is active
  • Deleted accounts: Your personal data is immediately and permanently deleted upon account deletion. Your profile is anonymised and all associated data (activity metrics, journal entries, messages, preferences, health data, location data) is removed. An anonymised record (e.g. "Deleted User") is retained for referential integrity in team and social contexts
  • Crash reports: Retained by Sentry for 90 days
  • API/security logs: Retained for 30 days
  • Account deletion audit records: Retained for 90 days for legal compliance, then permanently purged
  • Subscription history: Retained per RevenueCat and app store policies for billing audit purposes; deleted within 30 days of account deletion

12. Children's Privacy

Pedla is intended for users aged 13 and older (16 and older in the UK/EU). We do not knowingly collect personal data from children under these ages. If you are under 18 and part of a managed team, please be aware that your team manager can view your performance data. If we become aware that we have collected data from a child under the applicable age, we will delete the account promptly.

13. Push Notifications

With your permission, we send push notifications including:

  • Morning and evening check-in reminders
  • Daily performance summaries
  • Team activity updates and invitations
  • Milestone and achievement celebrations
  • Streak maintenance reminders
  • Subscription and trial status updates

You can customise or disable notifications at any time in the app's notification settings or via your device settings.

14. Security Incident Response

If we become aware of a security breach involving personal data:

  • Affected users will be notified within 72 hours
  • We will provide a description of the breach, what data was affected, and steps taken
  • We will report the breach to relevant regulatory authorities (e.g. ICO for UK users)
  • We will take steps to remediate the breach and prevent recurrence

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via in-app notification or email and give you 30 days to review changes before they take effect. Continued use of the service after that period constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights:

We aim to respond to all privacy requests within 30 days.