Privacy Policy

Last updated: June 2026

Overview

Pledgely is designed with privacy as a core principle. Unlike other services, we collect zero browsing data. Our blocker operates entirely on your device—no domains, URLs, or browsing history ever leave your phone.

Data Controller

The data controller for your personal data is Mandrilla Ltd, a company registered in England and Wales, which operates the Pledgely service. Mandrilla Ltd is registered with the UK Information Commissioner's Office (ICO) under the Data Protection Act 2018.

For any privacy-related enquiries, contact [email protected].

What We Collect

Account Information

Name, email address, and password (hashed) for authentication.

Session Information

When you sign in, we record your IP address and user-agent string against your active session. This is used to secure your account (rate limiting, fraud prevention) and is deleted when your session expires.

Payment Information

Pledge payment details are processed securely by Stripe. We store only the last 4 digits of your card and its expiry, plus a Stripe customer reference. We do not store your full card number. Subscription payments are processed by Apple or Google through their respective stores; we do not see your card details for those.

Device Information

For each device you register with the blocker we store a device identifier, name, type (phone/tablet/computer), operating system, and model. This is used to associate your blocker installation with your account.

Blocker Status

What we collect: Only whether the blocker is active or has been deactivated/paused. This is a simple on/off status.

What we don't collect: Any browsing data whatsoever. No domains, no URLs, no page content, no browsing history. The blocker operates entirely on your device.

How it works: The blocker runs on-device using a locally-stored blacklist. Blocked content never loads. We are only notified when the blocker is deactivated, which triggers your pledge charge.

We do not treat blocker status as special category data under Article 9 of UK/EU GDPR. We record only an on/off state and never the content, category, or destination of any blocked request.

Diagnostics

Our iOS and Android apps use Firebase Crashlytics and Firebase Analytics (provided by Google) to collect crash reports and basic usage events so we can fix bugs and improve the app. This may include device model, OS version, app version, a Firebase installation identifier, and crash stack traces. It does not include your browsing activity or the contents of your blocker blacklist.

Attribution

To understand which marketing campaigns lead to app installs, we use AppsFlyer (a mobile attribution provider). When you install or open the app, AppsFlyer collects an AppsFlyer install identifier, your IP address, device type, operating system, and install and attribution data. On iOS we do not request App Tracking Transparency permission and do not use Apple's advertising identifier (IDFA); attribution relies on Apple's SKAdNetwork and AppsFlyer's own identifier. We link the AppsFlyer identifier to our subscription provider (Adapty) so a subscription can be attributed to the campaign that drove the install. This does not include any browsing activity or blocker data.

How We Use Your Data and Lawful Basis

Under UK and EU GDPR we must tell you the lawful basis on which we process your data. The bases we rely on are:

  • Performance of a contract (Art. 6(1)(b)): authenticating your account, running the blocker service, processing pledge charges and subscription state, sending transactional emails (verification, password reset, billing).
  • Legal obligation (Art. 6(1)(c)): meeting tax and accounting record-keeping requirements. Records of completed payments are retained by our payment processor (Stripe) to satisfy these obligations.
  • Legitimate interests (Art. 6(1)(f)): securing accounts (session IP/user-agent, rate limiting), preventing fraud and abuse, resolving billing disputes and chargebacks, measuring the effectiveness of our marketing (install attribution via AppsFlyer), and diagnosing crashes via Firebase. You can object to processing based on legitimate interests at any time.

Who We Share Data With

We do not sell your data. We share the minimum data necessary with the following service providers (sub-processors) who act on our instructions:

  • Stripe (USA / Ireland): processes pledge authorisations and charges. Receives your name, email, and card details entered at checkout.
  • Apple and Google (USA): process App Store / Play Store subscription purchases. They handle their own payment data under their own privacy policies.
  • Adapty (USA): manages our subscription state (which Apple/Google subscription is active for which user). Receives your Pledgely user identifier.
  • AppsFlyer (USA / global): mobile install attribution. Receives an AppsFlyer install identifier, IP address, and device/install metadata, used to attribute installs and subscriptions to marketing campaigns.
  • Resend (USA): sends transactional email (verification, password reset, billing notices). Receives your email address and name.
  • Google (Firebase Analytics & Crashlytics, USA): collects diagnostic and crash data from our iOS and Android apps. See the "Diagnostics" section above for what is included.
  • Cloudflare (USA / global): provides our CDN, DDoS protection, and TLS termination. Sees connection metadata such as IP address and request URL for traffic to our domains.
  • Hetzner (USA): hosts our application servers and databases.

We may also disclose data where required by law, court order, or to protect our legal rights.

International Transfers

Our application servers and databases are hosted by Hetzner in the United States. Our sub-processors (Stripe, Adapty, AppsFlyer, Resend, Google, Apple, Cloudflare) are also based in the United States or operate globally. This means your personal data is transferred to and stored outside the UK and the European Economic Area.

For these transfers we rely on appropriate safeguards required under UK and EU GDPR: the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, and (where applicable) the UK Extension to the EU–US Data Privacy Framework. Copies of the relevant safeguards are available on request from [email protected].

Data Retention

We retain data for the following periods:

During Active Use

  • Account information: While your account is active
  • Deactivation records: Duration of active pledge plus 120 days (to resolve billing disputes)
  • Device information: While devices are registered to your account

Financial Records

Records of completed payments are held by our payment processor (Stripe) to meet tax and financial record-keeping obligations in the UK and EU. Pledgely's own copy of your data is erased in full within 120 days of an account-deletion request (see Account Deletion below).

Automatic Deletion

Activity records from closed billing cycles are automatically deleted 120 days after the billing cycle ends, unless required for active disputes or legal obligations.

Account Deletion

You can request deletion of your account and associated data at any time. On iOS you can delete your account directly in the app under Account → Delete Account; on Android, see our account deletion page for instructions. Both follow the same process.

What Gets Deleted

  • Your account and login credentials
  • Blocker deactivation records (after billing disputes are resolved)
  • Device associations
  • Personal information (name, email)

What We Keep, and For How Long

After a deletion request we keep your records — including blocker-deactivation logs, name, and email — for up to 120 days to defend against payment disputes and chargebacks, then erase them permanently. Records of completed payments remain with our payment processor (Stripe) under their own retention obligations.

Deletion Timeline

When you request deletion you are signed out immediately and can no longer sign in. Any active pledge cycle settles first (within 24 hours), and your account and data are permanently erased within 120 days of your request.

Your Rights

Under GDPR and UK data protection laws, you have the right to:

  • Access your data: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your account and data (subject to legal retention requirements)
  • Data portability: Request your data in a machine-readable format
  • Restriction: Request temporary restriction of processing
  • Objection: Object to processing based on legitimate interests

To exercise these rights, visit our account deletion page or contact us at [email protected]. We will respond to verified requests within one month.

You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ico.org.uk). If you are based elsewhere in the EEA, you can contact your local data protection authority.

Security

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords, and secure payment processing through Stripe.

Changes to This Policy

We may update this policy. Significant changes will be communicated via email.

Contact

Questions? Email us at [email protected]