We believe in straightforward privacy. This policy explains exactly what data Pigeon collects, why, and what you can do about it. We do not sell your data to anyone.
Pigeon is operated by Pigeon ("Pigeon", "we", "us", "our"), registered at United Kingdom.
For the purposes of the UK GDPR and Data Protection Act 2018 (or other applicable data protection law), we are the data controller of your personal data.
If you have any questions about how we handle your data, contact us at hello@pigeon.app.
We collect only the data needed to provide the Service. Here is a full breakdown:
| Category | Data collected | Source |
|---|---|---|
| Account data | Email address, encrypted password (managed by Supabase Auth) | Provided by you at registration |
| Configuration data | Gemini API key, speech recognition language preference, UI theme and font size preferences | Provided by you in Settings |
| Session content | Training guides you create (titles, sections, bullet points, scripts, walkthroughs), session run reports, timestamps | Created by you within the Service |
| Uploaded materials | Text content extracted from files you upload (PDFs, Word documents, transcripts) for AI processing | Uploaded by you; processed via Google Gemini API |
| Technical data | IP address, browser type, session tokens (managed by Supabase Auth) | Automatically collected on access |
We use the data we collect for the following purposes:
We do not use your data for advertising, profiling, or any purpose other than those listed above.
Where UK GDPR or EU GDPR applies, our legal basis for processing your personal data is:
The Service relies on the following third-party processors. By using the Service, you acknowledge that your data may be processed by these providers in accordance with their own privacy policies:
We use Supabase (Supabase Inc., USA) for user authentication and cloud database storage. All user account data, session content, and configuration data is stored on Supabase's infrastructure. Supabase is SOC 2 Type II certified. Data may be stored in data centres within the EU (EU West region) or the USA depending on project configuration. For details, see supabase.com/privacy.
When you use the AI guide building feature, the text content of your uploaded files is transmitted to Google's Gemini API for processing. This feature is entirely opt-in — you choose when to upload materials. Google's use of this data is governed by the Google AI Terms of Service and Google Privacy Policy. We do not retain uploaded file content on our servers beyond the immediate processing request.
Live session speech recognition uses your browser's built-in Web Speech API. Audio is processed by your browser and/or your browser vendor's servers (e.g. Google Chrome, Apple Safari) according to the browser's own privacy policy. We never receive or store audio data.
The Service loads fonts from Google Fonts, which may collect your IP address as a technical necessity of font delivery. See Google's Privacy Policy.
All account and session data is stored on Supabase's infrastructure with the following protections in place:
While we implement reasonable technical and organisational measures to protect your data, no system is completely secure. You are responsible for maintaining the security of your account credentials.
We retain your data for as long as your account is active or as necessary to provide the Service. Specifically:
When you close your account, we will delete your personal data within 30 days, except where retention is required by law.
Under applicable data protection law (including UK GDPR), you have the following rights regarding your personal data:
To exercise any of these rights, contact us at hello@pigeon.app. We will respond within 30 days. We may need to verify your identity before processing your request.
Most of your data (guides, sessions, settings) can be managed directly within the Service without needing to contact us.
Pigeon uses browser local storage (not traditional cookies) for the following purposes:
We do not use any advertising cookies, tracking pixels, or third-party analytics cookies. The local storage entries used by the Service can be cleared at any time by clearing your browser data or signing out.
The Service is intended for use by adults aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us with personal data, please contact us and we will promptly delete it.
Your data may be transferred to and processed in countries outside the UK or European Economic Area (EEA), including the United States, where Supabase Inc. is headquartered. Where such transfers occur, we ensure appropriate safeguards are in place in accordance with applicable data protection law, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will make reasonable efforts to notify you by email. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:
If you are located in the UK and are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. If you are in the EU, you may contact your local supervisory authority.