Pebble mascotpebblejoin the waitlist

effective 17 May 2026 · updated 25 May 2026

privacy policy

Pebble is built on a single principle: your health data stays on your phone. This policy explains exactly what that means, what does leave your device, and what doesn't. Short version below, full detail beneath.

Pebble has no server. Your symptom logs, voice notes, photos and Brief PDFs live on your phone in a local database. We can’t see them, because there is nowhere for them to go.

who we are

Pebble is built and operated by johnnybuildstech (a sole trader based in the United Kingdom). Contact: pebble.symptom.app@gmail.com.

For UK GDPR purposes, johnnybuildstech is the data controller for the small amount of personal data described below. There is no data processor for your symptom data because that data never leaves your device.

what stays on your device (almost everything)

The following data is stored onlyin Pebble’s local database on your phone. It is never transmitted to us or to any third party:

  • symptom logs, severity ratings, mood
  • factor entries (sleep, stress, food, medication, cycle, weather)
  • voice notes (audio files) and their transcripts
  • photos you attach to entries
  • notes, tags, and free-text journalling
  • reminders, settings, and customisations
  • Brief PDFs you generate for appointments
  • correlation results and pattern analyses

This data is included in your phone’s standard backup (iCloud Backup on iOS, Google One backup on Android) only if you have enabled those backups yourself. Pebble does not control those backups, which are operated by Apple or Google under their respective privacy policies. When you uninstall Pebble, this data is deleted from your phone along with the app.

Apple HealthKit (iOS only, optional)

On iOS, if you turn on health data sync in Pebble’s settings, the app reads a small set of values from Apple HealthKit to add context to your daily log and Brief:

  • sleep duration
  • step count
  • resting heart rate
  • cycle / period data, only if you turn on the cycle sub-toggle

This data is read into Pebble’s local database on your device. It is not transmitted off your device, not shared with any third party, and not used for any purpose other than displaying context inside the app.

If you turn on the period write-back option in Settings, Pebble writes the period days you log back to HealthKit so other health apps on your phone can see them. Nothing else is written. You can turn write-back off at any time.

You can revoke Pebble’s HealthKit access entirely from iOS Settings → Health → Data Access & Devices → Pebble without breaking the rest of Pebble.

Apple HealthKit is a local API operated by Apple under their own privacy policy for the Health app. It does not transmit your health data to a server.

Android note: the Android version of Pebble does not connect to any platform health store (such as Health Connect). Sleep, steps, resting heart rate, and cycle data on Android are manual-entry only. Nothing about your health is read from or written to a third-party app on Android.

what leaves your device (and only this)

Pebble makes outbound network requests in exactly two situations:

1. Weather lookup (optional, only if enabled)

If you turn on the Weather factor and grant location permission, Pebble sends your approximate (coarse) location (accurate to roughly your town, not your address) to Open-Meteo to fetch local barometric pressure, temperature, and humidity. These values can correlate with flare patterns for some people.

  • we do not send your name, email, device ID, or any symptom data
  • Open-Meteo’s privacy policy: open-meteo.com/en/terms. they state they do not log personal data
  • you can disable this at any time by turning off the Weather factor or revoking location permission in your phone settings

2. Purchase verification

If you subscribe to Pebble’s paid tier, the App Store (Apple) or Play Store (Google) handles the payment. To know whether your subscription is active, Pebble uses RevenueCat to verify your purchase receipt. RevenueCat receives:

  • an anonymous user ID generated by Pebble (not linked to your name or email)
  • your purchase receipt from Apple or Google
  • basic device information (model, OS version, country)

RevenueCat cannot see your symptom data, voice notes, photos, or anything else in the app. Their privacy policy: revenuecat.com/privacy.

what Pebble does NOT do

We’ll be specific, because vague “we respect your privacy” claims are how privacy policies usually mislead. Pebble:

  • does not use any analytics SDK (no Google Analytics, Firebase Analytics, Amplitude, Mixpanel, PostHog)
  • does not use any crash-reporting SDK (no Sentry, Bugsnag, Crashlytics)
  • does not have user accounts. There is no login.
  • does not sync your data to a cloud server. There is no server.
  • does not sell or share your data. There is nothing to sell.
  • does not show advertising
  • does not contain third-party tracking SDKs of any kind
  • does not read your contacts, photo library (beyond images you explicitly attach), or messages

permissions Pebble requests, and why

permissionwhywhat happens to the data
microphoneto record voice notesaudio files saved locally on your device. Never uploaded.
speech recognitionto transcribe voice notesiOS:Apple’s on-device speech recognition. Audio is not sent to Apple. Android:uses Google’s speech recognition service, which transmits short audio clips to Google for transcription under Google’s privacy policy. The resulting text is stored locally. If you do not want this, leave voice notes untranscribed.
location (approximate)optional, only if you enable the Weather factorcoarse location sent to Open-Meteo (above). Never stored by us.
calendar (read-only)optional, to spot upcoming appointments and pre-warm your Briefread once per day from your phone’s calendar. Appointment text is not stored beyond a local cache of upcoming entries. Never uploaded.
notificationsto send local reminders to loglocal-only. Pebble does not have a push notification server.
Apple HealthKit (iOS only)optional, to read sleep, steps, resting heart rate, and cycle data for contextread into Pebble’s local database on your device. Period write-back is opt-in. Never transmitted off your device. Android has no equivalent integration in Pebble.

Every permission can be revoked from your phone’s settings at any time without breaking the rest of the app.

children

Pebble is not directed at children under 16. If you believe a child has installed Pebble and you are their parent or guardian, simply uninstall the app. There is no account or server-side data to delete.

your rights (UK / EU GDPR, CCPA)

Because Pebble does not collect or store your personal data on any server, most data-subject rights are satisfied directly on your device:

  • access: all your data is visible inside the app, and exportable via Brief PDF / share
  • deletion: uninstall the app, or use Settings → “delete all data”
  • portability: the Brief PDF + share function provides a portable copy
  • rectification: edit or delete any entry from inside the app

For the small categories of data we do handle off-device (Open-Meteo weather lookups, RevenueCat purchase records, support emails) you may contact pebble.symptom.app@gmail.com to request access, correction, or deletion. We will respond within 30 days.

If you believe we have mishandled your data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk).

the marketing website

This privacy policy covers the Pebble mobile app. The marketing site you are reading this on (johnnybuildstech.com) is operated by the same developer and uses:

  • Vercel for hosting and page-view analytics (no cookies, no cross-site tracking)
  • Resend to handle the waitlist signup form and contact form. If you submit your email, it is stored in Resend’s audience list to send you one launch update. You can unsubscribe at any time using the link in any email we send.

That’s the full list. No Google Analytics on the Pebble pages, no Facebook Pixel, no ad networks.

changes to this policy

If we change this policy, we’ll update the “last updated” date at the top. For material changes (e.g. adding a new third-party service), we will note it on the page for at least 30 days.

contact

Questions, concerns, data requests: pebble.symptom.app@gmail.com. Postal address available on request.

Looking for the support page or Pebble itself?