Privacy Policy
Last updated: April 29, 2026
1. Data controller
Julien Pipard, sole proprietor (auto-entrepreneur)
SIRET: 851 981 365 00022
Appartement B306, Résidence La Citta
245 Rue Neil Armstrong, La Duranne
13100 Aix-en-Provence, France
Email: contact@allkemix.com
Peeble has not appointed a Data Protection Officer (DPO), as the conditions of GDPR Article 37 are not met. For any question relating to the protection of your data, please contact us at the address above.
2. Data collected and purposes
We collect and process the following data for the operation of the Service:
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| Email address | Account creation and management | Performance of contract (Art. 6.1.b) |
| Name / pseudonym | Profile display | Performance of contract (Art. 6.1.b) |
| Avatar, cover photo | Profile personalization | Consent (Art. 6.1.a) |
| Created content (guides, places, media) | Display and sharing between users | Performance of contract (Art. 6.1.b) |
| Photos and videos | Place illustration | Consent (Art. 6.1.a) |
| Voice recordings (voice notes) | Audio notes associated with places | Consent (Art. 6.1.a) |
| Coordinates of saved places | Map display | Performance of contract (Art. 6.1.b) |
| Device GPS position | Map, nearby places, adding places, Peeble Guide queries | Consent (Art. 6.1.a) |
| Push notification token (FCM) | Sending push notifications | Consent (Art. 6.1.a) |
| Login identifier (Google OAuth, Apple Sign In) | Social authentication | Performance of contract (Art. 6.1.b) |
| Import files (Mapstr, Google Maps) | Importing places from other services | Consent (Art. 6.1.a) |
| Subscription identifier, Peeble+ status | Managing the paid subscription | Performance of contract (Art. 6.1.b) |
| Peeble Guide conversation history | Conversational continuity, Service improvement | Performance of contract + Legitimate interest (Art. 6.1.b and f) |
| Product usage events (visited screens, key actions, monetization events) | Audience measurement, product improvement | Legitimate interest (Art. 6.1.f) |
| Technical logs (IP, user-agent, timestamps) | Security, abuse detection, debugging | Legitimate interest (Art. 6.1.f) |
Location data: When you grant location access, Peeble uses your GPS position to display your location on the map, suggest nearby places, and feed queries to Peeble Guide. Your position is not durably stored on our servers beyond the processing required for the request.
Voice recordings: Peeble allows you to record voice notes associated with your places, as well as voice messages in Peeble Guide. Microphone access is only triggered by a voluntary action on your part. Recordings are stored on our self-hosted servers in Europe (OVH, France) and deleted with the associated place, conversation or account.
Data import: If you choose to import your data from Mapstr or Google Maps, the uploaded files are processed server-side to extract places, then deleted after processing.
Photo metadata (EXIF): When you add a place via a geolocated photo, Peeble reads the EXIF metadata (GPS coordinates) from the photo locally on your device. This metadata is not transmitted to our servers.
Sensitive data: Peeble does not collect any sensitive data as defined by GDPR Article 9 (racial origin, political opinions, health data, etc.).
3. Sub-processors and data transfers
We use the following sub-processors:
| Sub-processor | Role | Location | Safeguards |
|---|---|---|---|
| OVH SAS | API hosting, database, media storage | 🇫🇷 France (Roubaix) | Data in EU |
| Supabase Inc. | Authentication | 🇪🇺 EU / 🇺🇸 USA | DPA available, EU-US Data Privacy Framework |
| Google LLC | Places API (place search), OAuth, Firebase Cloud Messaging (notifications), Firebase Analytics (anonymized audience measurement) | 🇺🇸 USA | Standard Contractual Clauses (SCC), DPF |
| Mapbox Inc. | Map display | 🇺🇸 USA | Standard Contractual Clauses (SCC) |
| RevenueCat Inc. | Subscription management (Peeble+ status, transactions, webhooks) | 🇺🇸 USA | Standard Contractual Clauses (SCC), DPA |
| OpenRouter (HelloPipeline, Inc.) | Gateway to generative AI models for Peeble Guide | 🇺🇸 USA | Standard Contractual Clauses (SCC) |
| Google LLC (Gemini API) | Generative AI model powering Peeble Guide (content generation, audio transcription) | 🇺🇸 USA | Standard Contractual Clauses (SCC), DPF |
| PostHog Inc. | Product analytics (anonymized usage events) | 🇪🇺 EU (EU instance) / 🇺🇸 USA | Standard Contractual Clauses (SCC), DPA |
Some data may be transferred outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V (Standard Contractual Clauses, EU-US Data Privacy Framework).
4. Audience measurement and product analytics
Peeble uses Firebase Analytics and PostHog to measure Service usage and improve user experience. These tools record usage events (screens visited, key actions, subscription-related events) in an anonymized form, without using this data for advertising purposes.
Peeble does not use any targeted advertising tool, advertising tracker, or third-party marketing SDK (no AdMob, no Meta Audience Network, no Facebook Pixel). Your data is never resold.
On iOS, Peeble does not request App Tracking Transparency (ATT) authorization, as no cross-app tracking for advertising purposes is performed.
5. Automated decisions and generative AI
The Peeble Guide feature relies on generative AI models (Google Gemini via OpenRouter). When you interact with Peeble Guide, your GPS position, the name of the place consulted, and the content of your messages may be transmitted to these sub-processors to generate the response.
Content generated by Peeble Guide is provided for informational purposes and may contain inaccuracies. No decision producing legal effects or significantly affecting Users is made on a fully automated basis within the meaning of GDPR Article 22.
6. Data retention
- Account data: retained throughout the use of the Service, then deleted upon user request or account deletion (immediate).
- User content (guides, places, media): retained for the duration of the account.
- Peeble Guide conversations: retained for the duration of the account, individually deletable.
- Subscription data: retained for the duration of the subscription and 5 years thereafter (accounting and tax obligations).
- Technical logs: maximum 90 days.
- Anonymized analytics events: maximum 14 months.
- FCM tokens: deleted upon logout or account deletion.
7. Your rights
Under the GDPR and applicable data protection laws, you have the following rights:
- Right of access (Art. 15): obtain a copy of your personal data.
- Right to rectification (Art. 16): correct inaccurate data.
- Right to erasure (Art. 17): request deletion of your account and data. You can delete your account directly from the app settings.
- Right to data portability (Art. 20): receive your data in a structured, machine-readable format. You can export your data directly from the app settings.
- Right to restriction (Art. 18): temporarily restrict processing.
- Right to object (Art. 21): object to processing based on legitimate interest.
- Right to define post-mortem directives on what happens to your data after your death.
To exercise these rights, contact us at: contact@allkemix.com. We aim to respond within the legal deadline of one month (extendable by two months in case of complexity).
You also have the right to lodge a complaint with a supervisory authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL):
www.cnil.fr
8. Cookies and local storage
Peeble is a mobile application. It does not use cookies in the sense applicable to websites. It locally stores on your device a technical cache (preferences, offline-consulted content, authentication tokens) necessary to operate the Service. You can purge this cache by uninstalling the application.
The associated website (peeble.app) uses cookies strictly necessary for proper operation and does not use any advertising or third-party audience-measurement cookie.
9. Security
We implement appropriate technical and organizational measures to protect your data:
- Encrypted communications (HTTPS/TLS)
- Secure token authentication (Sanctum, JWT)
- Rate limiting to prevent abuse
- Automatic database backups
- No plaintext password storage (bcrypt hashing + Supabase Auth delegation)
- Sovereign hosting in France (OVH)
In the event of a data breach likely to result in a risk to your rights and freedoms, we will notify the CNIL within 72 hours and inform you as soon as possible, in accordance with GDPR Articles 33 and 34.
10. Children
Peeble is not intended for children under 15 years of age, in accordance with French data protection law. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at contact@allkemix.com so we can delete it.
11. Changes
We reserve the right to modify this privacy policy at any time. In case of substantial changes, Users will be informed via in-app notification or email at least 30 days before changes take effect.