Privacy Policy

Who This Is

Peb App is built and maintained by Daniel Sylva, an individual developer based in Connecticut, United States. It is not a company. There is no advertising business, no data brokerage, and no venture funding. This is a passion project.

If you have questions about this policy, contact privacy@pebapp.com.

The Short Version

Peb App is designed to keep your data on your device and out of reach of anyone who is not in your co-op. Your messages and ledger history are end-to-end encrypted. The relay server that routes messages between devices cannot read any of it.

The longer version below explains exactly what is stored where and by whom.

What Stays on Your Device

Everything meaningful about your co-op life lives on your device and nowhere else.

Your co-op history -- every Peb transfer, membership event, board post, and charter change -- is stored locally in an encrypted database. This is the ledger. It never lives on a server in readable form.

Your messages and group conversations are stored locally. They are end-to-end encrypted in transit and at rest.

Your identity -- your device ID, your cryptographic keys, your display name -- is generated on your device and stored in your device's secure storage (Android Keystore on Android, Secure Enclave on iOS). The private keys never leave your device.

Your skills, resources, and profile information are stored locally and shared only with members of your co-op.

What the Relay Server Stores

Peb App uses a relay server (peb-relay.fly.dev) to route encrypted messages between devices. The relay is operated by Daniel Sylva and hosted on Fly.io in the United States.

The relay stores:

• Your device ID and public key. These are needed to route messages to your device. Your device ID is a random identifier generated on first launch -- it is not your name, email address, or any other personal identifier.
• Your last active timestamp. Updated each time your device communicates with the relay. Used to show other members an approximate "last seen" time in conversations.
• Your MLS key package. A cryptographic package used to add your device to encrypted group conversations. This is a public key -- it contains no private information.
• Pending messages addressed to your device. These are encrypted payloads the relay cannot read. They are deleted as soon as your device acknowledges receipt, or after seven days if unacknowledged.
• Invite bundles you generate. Encrypted with a key embedded in the invite link. The relay cannot read the contents. Deleted when claimed or after 72 hours, whichever comes first.

The relay does not store your name, your co-op memberships, your message content, your ledger history, or any information about what co-ops exist.

What the Relay Can Infer

The relay knows which device IDs communicate with each other. It cannot read the content of those communications, but it can observe that device A sent something to device B. Over time this reveals a social graph -- which devices are in contact with which other devices.

The relay is operated by a single individual (Daniel Sylva) and is not shared with any third party. The social graph information is not analyzed, sold, or used for any purpose beyond routing messages.

This is the same privacy posture as Signal: the server cannot read your messages, but the operator can observe communication patterns. Peb App makes the same tradeoff for the same reasons.

Encryption

All messages, ledger entries, and board posts transmitted between devices are encrypted using the MLS protocol (RFC 9420) with the ciphersuite MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519. This provides forward secrecy and post-compromise security.

Invite bundles are encrypted with AES-256-GCM using a one-time key embedded in the invite link.

The local database on your device is encrypted using SQLCipher (AES-256). The encryption key is stored in your device's secure storage.

The relay communicates over HTTPS (TLS 1.2 or higher).

Permissions

Peb App requests the following device permissions:

• Camera -- used only for scanning QR code invite links. No images are stored or transmitted.
• Notifications -- used to alert you to new messages, Peb transfers, and co-op activity. Notification content is generated locally on your device. No message content is sent to any notification service.

No other permissions are requested or required.

Third Parties

Peb App does not share your data with any third party for advertising, analytics, or any other commercial purpose.

The relay server is hosted on Fly.io (fly.io). Fly.io has access to server infrastructure metrics (CPU, memory, network traffic) but does not have access to message content, which is encrypted end-to-end.

The app uses no advertising SDKs, no analytics SDKs, and no third-party tracking of any kind.

Children

Peb App is not directed at children under 13. If you are under 13, please do not use this app.

Your Data and How to Delete It

Your local data (ledger, messages, profile) can be deleted from within the app. Go to Me > Delete account and data. This wipes all local data and removes your device from the relay server.

Uninstalling the app also removes all local data from your device.

Your relay data (device ID, public key, last active timestamp, key package) can also be deleted by contacting privacy@pebapp.com with your device ID. Your device ID is visible in the app under Me > Device Info. Relay data is deleted within 30 days of a verified request.

Your activity in co-ops (Peb transfers, board posts) will remain on other members' devices as part of the shared co-op history. This is a consequence of the distributed design -- there is no central server holding a copy to delete.

Changes to This Policy

If this policy changes in a material way, the updated version will be posted at pebapp.com/privacy with a revised date at the top. Continued use of the app after a policy change constitutes acceptance of the new policy.

Contact

• Privacy questions: privacy@pebapp.com
• General questions: hello@pebapp.com
• Bug reports: hello@pebapp.com (subject: Bug Report)
• Source code: github.com/danielbsylva/peb_app