Privacy Policy

Last updated: April 2026

Overview

Pledgely is designed with privacy as a core principle. Unlike other services, we collect zero browsing data. Our blocker operates entirely on your device—no domains, URLs, or browsing history ever leave your phone.

Data Controller

The data controller for your personal data is Mandrilla Ltd, a company registered in England and Wales, which operates the Pledgely service. Mandrilla Ltd is registered with the UK Information Commissioner's Office (ICO) under the Data Protection Act 2018.

For any privacy-related enquiries, contact [email protected].

What We Collect

Account Information

Name, email address, and password (hashed) for authentication.

Session Information

When you sign in, we record your IP address and user-agent string against your active session. This is used to secure your account (rate limiting, fraud prevention) and is deleted when your session expires.

Payment Information

Pledge payment details are processed securely by Stripe. We store only the last 4 digits of your card and its expiry, plus a Stripe customer reference. We do not store your full card number. Subscription payments are processed by Apple or Google through their respective stores; we do not see your card details for those.

Device Information

For each device you register with the blocker we store a device identifier, name, type (phone/tablet/computer), operating system, and model. This is used to associate your blocker installation with your account.

Blocker Status

What we collect: Only whether the blocker is active or has been deactivated/paused. This is a simple on/off status.

What we don't collect: Any browsing data whatsoever. No domains, no URLs, no page content, no browsing history. The blocker operates entirely on your device.

How it works: The blocker runs on-device using a locally-stored blacklist. Blocked content never loads. We are only notified when the blocker is deactivated, which triggers your pledge charge.

We do not treat blocker status as special category data under Article 9 of UK/EU GDPR. We record only an on/off state and never the content, category, or destination of any blocked request.

Diagnostics (Android)

The Android app uses Firebase Crashlytics and Firebase Analytics (provided by Google) to collect crash reports and basic usage events so we can fix bugs and improve the app. This may include device model, OS version, app version, a Firebase installation identifier, and crash stack traces. It does not include your browsing activity or the contents of your blocker blacklist.

How We Use Your Data and Lawful Basis

Under UK and EU GDPR we must tell you the lawful basis on which we process your data. The bases we rely on are:

  • Performance of a contract (Art. 6(1)(b)): authenticating your account, running the blocker service, processing pledge charges and subscription state, sending transactional emails (verification, password reset, billing).
  • Legal obligation (Art. 6(1)(c)): retaining financial transaction records for 7 years to comply with UK and EU tax and accounting law.
  • Legitimate interests (Art. 6(1)(f)): securing accounts (session IP/user-agent, rate limiting), preventing fraud and abuse, resolving billing disputes and chargebacks, and diagnosing crashes via Firebase. You can object to processing based on legitimate interests at any time.

Who We Share Data With

We do not sell your data. We share the minimum data necessary with the following service providers (sub-processors) who act on our instructions:

  • Stripe (USA / Ireland): processes pledge authorisations and charges. Receives your name, email, and card details entered at checkout.
  • Apple and Google (USA): process App Store / Play Store subscription purchases. They handle their own payment data under their own privacy policies.
  • Adapty (USA): manages our subscription state (which Apple/Google subscription is active for which user). Receives your Pledgely user identifier.
  • Resend (USA): sends transactional email (verification, password reset, billing notices). Receives your email address and name.
  • Google (Firebase Analytics & Crashlytics, USA): collects diagnostic and crash data from the Android app. See the "Diagnostics (Android)" section above for what is included.
  • Cloudflare (USA / global): provides our CDN, DDoS protection, and TLS termination. Sees connection metadata such as IP address and request URL for traffic to our domains.
  • Hetzner (USA): hosts our application servers and databases.

We may also disclose data where required by law, court order, or to protect our legal rights.

International Transfers

Our application servers and databases are hosted by Hetzner in the United States. Our sub-processors (Stripe, Adapty, Resend, Google, Apple, Cloudflare) are also based in the United States or operate globally. This means your personal data is transferred to and stored outside the UK and the European Economic Area.

For these transfers we rely on appropriate safeguards required under UK and EU GDPR: the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, and (where applicable) the UK Extension to the EU–US Data Privacy Framework. Copies of the relevant safeguards are available on request from [email protected].

Data Retention

We retain data for the following periods:

During Active Use

  • Account information: While your account is active
  • Deactivation records: Duration of active pledge plus 120 days (to resolve billing disputes)
  • Device information: While devices are registered to your account

Financial Records

We are legally required to retain billing and transaction records for 7 years to comply with tax and financial regulations in the UK and EU. This data may be anonymized after account deletion (removing name and email while retaining transaction amounts and dates).

Automatic Deletion

Activity records from closed billing cycles are automatically deleted 120 days after the billing cycle ends, unless required for active disputes or legal obligations.

Account Deletion

You can request deletion of your account and associated data at any time. Visit our account deletion page for instructions.

What Gets Deleted

  • Your account and login credentials
  • Blocker deactivation records (after billing disputes are resolved)
  • Device associations
  • Personal information (name, email)

What We Must Retain

Financial transaction records must be retained for 7 years to comply with UK and EU tax regulations. This data will be anonymized (name and email removed) after your account deletion, retaining only transaction amounts and dates for regulatory compliance.

Deletion Timeline

Account deletion requests are processed within 30 days. Some data may be retained longer where we have a legal obligation or legitimate interest (such as resolving active billing disputes).

Your Rights

Under GDPR and UK data protection laws, you have the right to:

  • Access your data: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your account and data (subject to legal retention requirements)
  • Data portability: Request your data in a machine-readable format
  • Restriction: Request temporary restriction of processing
  • Objection: Object to processing based on legitimate interests

To exercise these rights, visit our account deletion page or contact us at [email protected]. We will respond to verified requests within one month.

You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ico.org.uk). If you are based elsewhere in the EEA, you can contact your local data protection authority.

Security

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords, and secure payment processing through Stripe.

Changes to This Policy

We may update this policy. Significant changes will be communicated via email.

Contact

Questions? Email us at [email protected]