Legal

Privacy Policy

Last updated: June 2026  ·  Effective: June 2026
Contents
  1. Who We Are
  2. What Data We Collect
  3. How We Use Your Data
  4. Legal Basis for Processing (GDPR)
  5. Third-Party Services
  6. Data Storage and Security
  7. Data Retention
  8. Your Rights
  9. Cookies and Local Storage
  10. Children's Privacy
  11. International Transfers
  12. Changes to This Policy
  13. Contact and Complaints

We believe in straightforward privacy. This policy explains exactly what data Pigeon collects, why, and what you can do about it. We do not sell your data to anyone.

1. Who We Are

Pigeon is operated by Pigeon ("Pigeon", "we", "us", "our"), registered at United Kingdom.

For the purposes of the UK GDPR and Data Protection Act 2018 (or other applicable data protection law), we are the data controller of your personal data.

If you have any questions about how we handle your data, contact us at hello@pigeon.app.

2. What Data We Collect

We collect only the data needed to provide the Service. Here is a full breakdown:

Category Data collected Source
Account data Email address, encrypted password (managed by Supabase Auth) Provided by you at registration
Configuration data Gemini API key, speech recognition language preference, UI theme and font size preferences Provided by you in Settings
Session content Training guides you create (titles, sections, bullet points, scripts, walkthroughs), session run reports, timestamps Created by you within the Service
Uploaded materials Text content extracted from files you upload (PDFs, Word documents, transcripts) for AI processing Uploaded by you; processed via Google Gemini API
Technical data IP address, browser type, session tokens (managed by Supabase Auth) Automatically collected on access

What we do NOT collect

3. How We Use Your Data

We use the data we collect for the following purposes:

We do not use your data for advertising, profiling, or any purpose other than those listed above.

4. Legal Basis for Processing (GDPR)

Where UK GDPR or EU GDPR applies, our legal basis for processing your personal data is:

5. Third-Party Services

The Service relies on the following third-party processors. By using the Service, you acknowledge that your data may be processed by these providers in accordance with their own privacy policies:

Supabase

We use Supabase (Supabase Inc., USA) for user authentication and cloud database storage. All user account data, session content, and configuration data is stored on Supabase's infrastructure. Supabase is SOC 2 Type II certified. Data may be stored in data centres within the EU (EU West region) or the USA depending on project configuration. For details, see supabase.com/privacy.

Google Gemini API

When you use the AI guide building feature, the text content of your uploaded files is transmitted to Google's Gemini API for processing. This feature is entirely opt-in — you choose when to upload materials. Google's use of this data is governed by the Google AI Terms of Service and Google Privacy Policy. We do not retain uploaded file content on our servers beyond the immediate processing request.

Web Speech API

Live session speech recognition uses your browser's built-in Web Speech API. Audio is processed by your browser and/or your browser vendor's servers (e.g. Google Chrome, Apple Safari) according to the browser's own privacy policy. We never receive or store audio data.

Google Fonts

The Service loads fonts from Google Fonts, which may collect your IP address as a technical necessity of font delivery. See Google's Privacy Policy.

6. Data Storage and Security

All account and session data is stored on Supabase's infrastructure with the following protections in place:

While we implement reasonable technical and organisational measures to protect your data, no system is completely secure. You are responsible for maintaining the security of your account credentials.

7. Data Retention

We retain your data for as long as your account is active or as necessary to provide the Service. Specifically:

When you close your account, we will delete your personal data within 30 days, except where retention is required by law.

8. Your Rights

Under applicable data protection law (including UK GDPR), you have the following rights regarding your personal data:

Right of access
You can request a copy of the personal data we hold about you.
Right to rectification
You can ask us to correct inaccurate or incomplete data.
Right to erasure
You can ask us to delete your personal data ("right to be forgotten").
Right to portability
You can request your data in a structured, machine-readable format.
Right to restrict processing
You can ask us to limit how we process your data in certain circumstances.
Right to object
You can object to processing based on legitimate interests.

To exercise any of these rights, contact us at hello@pigeon.app. We will respond within 30 days. We may need to verify your identity before processing your request.

Most of your data (guides, sessions, settings) can be managed directly within the Service without needing to contact us.

9. Cookies and Local Storage

Pigeon uses browser local storage (not traditional cookies) for the following purposes:

We do not use any advertising cookies, tracking pixels, or third-party analytics cookies. The local storage entries used by the Service can be cleared at any time by clearing your browser data or signing out.

10. Children's Privacy

The Service is intended for use by adults aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us with personal data, please contact us and we will promptly delete it.

11. International Data Transfers

Your data may be transferred to and processed in countries outside the UK or European Economic Area (EEA), including the United States, where Supabase Inc. is headquartered. Where such transfers occur, we ensure appropriate safeguards are in place in accordance with applicable data protection law, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will make reasonable efforts to notify you by email. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

13. Contact and Complaints

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

If you are located in the UK and are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. If you are in the EU, you may contact your local supervisory authority.