Privacy Policy

Last updated: April 20, 2026

In Plain English

  • Pedla collects your activity data (doors, pitches, closes), profile info, and — if you enable it — location, health, and wellness data.
  • Your location is recorded only when you log an activity (door, contact, pitch, close). Pedla does not track you continuously or in real time.
  • If you enable location and join a team, your team manager (and enterprise administrators, when enterprise launches) can see your individual event-level location data. You’re shown an explicit notice and must acknowledge it when joining a team.
  • Your location is never used in industry benchmarks and never sold. If your team or enterprise has opted into geographic analysis, location data generates territory intelligence (close rates by area, heatmaps) within your organisation only — never published externally. If your team uses CRM or other integrations, activity data including location may sync to those platforms — covered in the acknowledgement you make when joining.
  • Wellness, journal, and health data is private and never visible to managers or included in benchmarks.
  • We publish anonymous industry benchmarks (e.g. “D2D solar reps average a 4% close rate”) from pooled data, with strict thresholds. We never publish your location, company, or anything identifying. You can opt out.
  • We don’t collect or infer your employer.
  • Team, region, enterprise, and business tiers are coming soon via a web dashboard at pedla.us.
  • Questions or rights requests: [email protected]

1. Introduction

Pedla, Inc. (“Pedla,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the “Service”).

Pedla, Inc. is incorporated in Delaware, United States, and currently serves users in the United States only. We comply with applicable US privacy laws including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

By using Pedla, you agree to the collection and use of information in accordance with this policy.

2. Data Controller

Pedla, Inc. Email: [email protected] Website: https://pedla.us

3. Information We Collect

3.1 Account & Profile Information

  • Email address (for account creation and authentication)
  • Password (hashed with bcrypt, never stored in plain text)
  • Display name, username, and optional legal name
  • Date of birth (optional)
  • Profile photo and banner image (optional)
  • Self-reported industry category (e.g. solar, security, telecom, pest control) and role
  • Timezone and locale settings
  • Apple ID (if using Sign in with Apple)

We do not collect, store, or infer the specific company or employer you work for. You may optionally enter a company or role description for your own reference, but this information is treated as personal profile data and is never used in Aggregate Sales Intelligence products (see Section 12).

3.2 Sales Activity Data

  • Counter metrics you track (e.g. doors knocked, contacts made, pitches, demos, sales closed)
  • Timestamps of when activities are logged
  • Daily rollup totals and aggregated statistics
  • Session data (start, pause, end times)
  • Custom counter definitions and labels
  • Goals and target metrics

3.3 Wellness & Mindset Data

If you use our wellness features, we collect:

  • Daily survey responses (AM/PM check-ins) including mood, energy, stress, and focus ratings on a 0–5 scale
  • Journal entries and personal reflections (free-text)
  • Custom habit tracking data
  • Mindset check-in responses
  • Affirmation and reading activity

This data is treated as sensitive personal information and is processed on the basis of your explicit consent. It is never used in Aggregate Sales Intelligence products and is not visible to team managers or enterprise administrators.

3.4 Health & Fitness Data (Apple HealthKit / Google Fit)

If you grant permission, we may read data from Apple HealthKit (iOS) or Google Fit (Android):

  • Workout data (type, duration, calories burned)
  • Step count (daily totals)
  • Sleep data (duration)
  • Activity recognition data

Health data access is entirely optional and requires your explicit device-level permission. Health data is used solely to auto-complete habits and display wellness insights within the app. Health data is stored locally on your device and synced to your Pedla account for cross-device access. We never sell, share with third parties, use for advertising, or include in Aggregate Sales Intelligence products. Health data is never visible to team managers or enterprise administrators. You can disconnect health access at any time via your device settings, and synced health data will be deleted when you delete your account.

3.5 Location Data (Optional)

If you enable location permissions, Pedla captures:

  • GPS coordinates at the moment you log a counter event (door, contact, pitch, demo, close, or other custom counter)
  • Location accuracy data

Pedla does not track your location continuously, in the background, or in real time. Location is captured only at the point of each logged event and associated with that specific event. Pedla uses “when-in-use” permission only.

Location tracking is disabled by default and can be turned off at any time in your device settings. You can use Pedla’s core features without enabling location.

Location data is used within the Service at four levels:

  1. Personal: Your own heatmaps, route history, and performance-by-area within your account
  2. Team (current): If you are part of a managed team, your team manager can view your individual logged-event locations, activity heatmaps, and territory analysis within the team context. This includes rep-level, event-level location data for coaching and performance management purposes. When you accept a team invitation, you are shown a single acknowledgement notice covering the full data access scope of the organisational hierarchy that team belongs to — including your manager, any regional manager, any enterprise administrator, and any authorised integrations configured by the organisation. You must acknowledge this before joining.
  3. Regional (coming soon): If your team is part of a region, your regional manager has the same individual location visibility as your team manager, across all teams in the region. Reps will be shown an updated notice disclosing regional manager visibility when this tier launches.
  4. Enterprise (coming soon): If you are part of an enterprise deployment, authorised enterprise administrators can view individual and aggregated location data across all regions and teams within their organisation.

Location data is excluded from Aggregate Sales Intelligence products. If your team or enterprise has opted into geographic performance analysis, your location data is used to generate territory intelligence within your organisational context only — it is never published externally or contributed to industry benchmarks. Location data is never sold to or shared with third parties for their own purposes. Location data may be transmitted to authorised integrations configured by your manager or enterprise administrator — see Section 7.

3.6 Journal and Activity Data

  • Journal entries and activity notes (text you write about your day)
  • Selfie photos (optional, taken via in-app camera for daily activity cards)
  • Activity timestamps and session metadata

Journal entries are private by default. Selfie photos are stored locally on your device and synced to your account for cross-device access. You can delete individual entries at any time.

3.7 Camera, Photos & Media

  • Camera: Used for QR code scanning (team invites), profile photo capture, and selfie sharing with stats overlays
  • Photo Library (read): Used to select profile photos, banner images, and message attachments
  • Photo Library (write): Used to save images to your device
  • Microphone: Available for audio features (requires separate permission)

Each permission is requested individually and can be revoked at any time via your device settings.

3.8 Communication Data

  • Direct messages sent to other users (content, timestamps, read receipts)
  • Message attachments (images, files)
  • Message reactions

3.9 Social & Community Data

  • Follow/follower relationships
  • Feed posts, comments, and reactions
  • Saved collections and bookmarks
  • Block and report actions

3.10 Team, Enterprise & Organisational Data

  • Team membership and role (rep, team leader, co-manager, manager, regional manager)
  • Team hierarchy relationships
  • Leaderboard rankings and performance ratings
  • Badges, achievements, and accolades
  • Contact information shared within your team (phone number, if provided)
  • Enterprise membership and role (coming soon) for users who are part of an enterprise-tier deployment

Team and enterprise structure data is used only within the Service to operate team and enterprise features. It is never used in Aggregate Sales Intelligence products.

3.11 Gamification & Competitive Data

  • XP points, levels, and streaks
  • Challenge participation and results
  • Battle records and rankings (when available)
  • Achievement progress

3.12 Subscription & Payment Data

  • Subscription tier and status (free, trial, premium)
  • Trial type and dates
  • Transaction identifiers (for receipt validation)
  • Subscription billing period and renewal status
  • Trial eligibility status
  • We do not store your credit card or payment method details — all individual payment processing is handled by Apple App Store or Google Play Store. Enterprise billing (when available) will be handled under separate contractual arrangements.

3.13 How We Use Subscription Data

  • Verify your entitlement to premium features
  • Sync subscription status across your devices
  • Provide customer support for billing-related inquiries
  • Detect and prevent subscription fraud

Subscription records are retained for the duration of your account. If you delete your account, subscription records are permanently deleted immediately. Deleting your Pedla account does not cancel your subscription with Apple or Google — you must cancel separately.

3.14 Technical & Device Data

  • Device type, model, and operating system version
  • App version and build number
  • Crash reports, error logs, and performance data (via Sentry)
  • Timezone and locale information
  • IP address (collected automatically by our cloud services)
  • Push notification tokens (for delivering notifications)
  • Unique device identifiers

3.15 Information We Do NOT Collect

  • We do not collect contacts from your address book
  • We do not collect financial account details (bank accounts, SSN)
  • We do not use the Apple Advertising Identifier (IDFA) for tracking
  • We do not track you across other apps or websites
  • We do not collect or infer the specific company or employer you work for
  • We do not track your location continuously, in the background, or in real time

4. How We Use Your Information

  • Provide core services: Counter tracking, statistics, analytics, funnel visualisation, and cloud sync
  • Team and enterprise features: Enable manager dashboards, leaderboards, team performance views, team communication, and (coming soon) enterprise administration dashboards, including individual and aggregated location-based analysis within the team or enterprise context
  • Authorised integrations: Transmit activity data (including location, if enabled) to third-party platforms such as CRMs configured by your manager or enterprise administrator within your organisational context
  • Wellness features: Display survey insights, journal history, habit tracking, and health correlations
  • Social features: Enable feed posts, direct messages, follows, and community interactions
  • Gamification: Calculate XP, levels, streaks, achievements, and challenge results
  • Notifications: Send check-in reminders, performance summaries, team updates, and milestone celebrations
  • Subscriptions: Process free trials, manage premium features, and handle billing
  • Internal service analytics: Analyse usage patterns, identify and fix bugs, and develop new features
  • Security: Detect fraud, prevent abuse, and protect against unauthorised access
  • Legal compliance: Comply with applicable laws and respond to lawful requests
  • Aggregate Sales Intelligence: Develop and offer industry-level benchmarking products derived from anonymised, aggregated platform activity (see Section 12)

We Do NOT Use Your Data For

  • Selling your personal data to third parties or data brokers
  • Targeted advertising
  • AI/ML model training without your explicit consent
  • Sharing individual performance data outside your team or enterprise
  • Publishing any data point below the anonymisation thresholds in Section 12

5. Data Visibility Within Teams and Enterprises

If you are part of a managed team or enterprise, the following visibility rules apply.

What Managers Can See (Team Context)

  • Your daily activity counts and counter metrics within the team context
  • Real-time performance data and leaderboard position
  • Goal progress
  • Last activity timestamp
  • Your legal name (if provided)
  • Contact information shared within the team
  • Your individual event-level location data, if you have enabled location permissions — this includes the GPS coordinates captured at each counter event you log (door, contact, pitch, demo, close), presented as a map, heatmap, or territory analysis. You are shown an explicit notice disclosing this visibility when you accept the team invitation, and you must acknowledge it before joining.

What Regional Managers Can See (Coming Soon)

When the regional tier launches, regional managers will have the same data visibility as team managers for all teams within their region:

  • Performance metrics, activity data, leaderboard position, and goals for all reps across their region’s teams
  • Individual event-level location data for all reps in their region who have enabled location permissions
  • Territory and coverage analysis across all teams in their region

Reps will be shown an updated acknowledgement notice disclosing regional manager visibility when this tier launches.

What Enterprise Administrators Can See (Coming Soon)

When the enterprise tier launches, authorised enterprise administrators will see:

  • Aggregated and individual performance data across all regions and teams within their organisation
  • Individual and aggregated territory and location analysis at team, regional, and enterprise levels within their organisation
  • Role, team, and regional assignments of users who are part of their enterprise deployment

Visibility is limited to the enterprise context and does not extend to users’ activity outside the enterprise (for example, personal Pedla use before joining or after leaving the enterprise).

What Managers, Regional Managers, and Enterprise Administrators Cannot See

  • Your personal journal entries (unless you explicitly share them)
  • Your wellness survey free-text responses
  • Your direct messages with other users
  • Your health or fitness data from HealthKit or Google Fit
  • Your location data logged outside the team or enterprise context (e.g. events you logged before joining the team, after leaving, or while part of a different team)
  • Your activity in other teams, enterprises, or in your personal account outside their administrative scope
  • Your real-time or background location (Pedla does not collect this)

Reps can only view their own data. You may leave a team or enterprise at any time and your personal data remains with you; upon departure, managers and administrators immediately and entirely lose access to all of your data, including any historical data from the period of membership.

Employer Monitoring Laws

If you are a manager or enterprise administrator, you are responsible for complying with any applicable state or federal laws that require you to notify employees before monitoring their location or activity (for example, New York’s electronic monitoring notice law, Connecticut, Delaware, California, and other state-specific requirements). Pedla provides the in-app disclosure and acknowledgement flow described above; however, this does not replace your obligations as an employer under applicable employment law.

6. Data Storage & Security

Where Your Data Is Stored

  • On your device: SQLite database encrypted with AES-256 via SQLCipher; sensitive tokens stored in Keychain/Secure Store
  • In the cloud: Supabase (PostgreSQL) hosted in the United States (AWS us-east-1), with encryption at rest

Security Measures

  • HTTPS/TLS 1.2+ encryption for all data in transit
  • Row-Level Security (RLS) policies ensuring you can only access authorised data
  • Passwords hashed with bcrypt (never stored in plain text)
  • AES-256 encryption for local device storage
  • Regular security audits and updates

While we implement strong security measures, no method of transmission or storage is 100% secure.

7. Third-Party Services

We share limited data with the following service providers:

Supabase

Cloud database, authentication, and real-time sync. Stores account information, activity data, team data, and messages. Supabase Privacy Policy

Sentry

Crash reporting and error monitoring. Receives device information, error logs, and app performance data (anonymised). Sentry Privacy Policy

Apple & Google

App distribution, in-app purchases, and optional sign-in (Sign in with Apple). Receives Apple/Google account ID and email if you choose these sign-in methods. Subscription billing and payment processing. Subject to Apple and Google privacy policies.

Expo Push Notification Service

Delivers push notifications. Receives device push tokens and notification content.

Authorised Integrations (Manager / Enterprise Configured)

Managers and enterprise administrators may connect Pedla to authorised third-party platforms — such as CRM tools (e.g. Salesforce, HubSpot) — to sync rep activity data within their organisational context. When active, these integrations may receive:

  • Counter event data (event type, timestamp, session metadata)
  • GPS coordinates of logged events, if the rep has enabled location permissions
  • Rep profile information (display name, role) as required to match records in the connected platform

These integrations act as data processors on behalf of the manager or enterprise. Configuring integrations is an organisational decision — it does not require individual rep approval beyond the acknowledgement made at team or enterprise join, which covers the full scope of organisational data access including authorised integrations. Data transmitted to integrations is governed by the privacy policies of those platforms. Managers and enterprise administrators are responsible for ensuring their chosen integrations comply with applicable law. Reps can view active integrations for their team or enterprise within the app.

We do not sell your personal data to any third party.

8. Data Location

Your data is stored and processed in the United States. The Service is currently offered to US users only.

9. Your Rights

For All Users

  • Access: View all your data within the app or request a full data export
  • Export: Export your data as JSON or CSV from Settings (counter events, daily totals, location history, wellness data, habits, badges, team membership)
  • Delete: Delete your account and all associated data via Settings > Delete Account
  • Correct: Update your profile information at any time
  • Withdraw consent: Revoke permissions (location, health data, notifications, camera) via your device settings at any time. Revoking location permission stops future location capture; previously captured location data remains visible to your team manager for past events while you remain on the team. To remove manager access entirely, leave the team — upon departure, all your data (including historical location) becomes immediately inaccessible to the former manager.
  • Leave a team: You may leave a team at any time via Settings; after departure, your manager’s visibility into your future activity ends immediately
  • Object to Aggregate Sales Intelligence: Object to your anonymised data being included in Aggregate Sales Intelligence products at any time by emailing [email protected] with subject line “Intelligence Opt-Out”. We will action objections within 30 days, after which your data will be excluded from all future aggregate outputs.

California Privacy Rights (CCPA / CPRA)

California residents have the following rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information as those terms are defined under the CCPA/CPRA
  • Right to Limit Use of Sensitive Personal Information: You may limit our use of sensitive personal information (wellness data, precise location) to what is necessary to provide the Service
  • Right of Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise CCPA rights, email [email protected] with subject line “CCPA Request”. We will respond within 45 days.

How to Exercise Your Rights

For any rights request, email [email protected] with a clear subject line describing your request. We will verify your identity before actioning the request and respond within 30 days (45 days for CCPA requests).

We process your personal information on the following bases:

  • Performance of contract: Core app functionality — counters, sync, team management, subscriptions
  • Explicit consent: Health/fitness data, wellness and mood data, location data, push notifications, and visibility of individual location data to team managers (acknowledged at team join)
  • Legitimate business interests: Crash reporting, fraud detection, security, and Aggregate Sales Intelligence products (see Section 12). We have assessed that these interests do not override the fundamental rights of individual users, given the strict anonymisation thresholds applied and the industry-benchmarking nature of the output.
  • Legal obligation: Compliance with applicable laws and responding to lawful requests

We do not make decisions about you that produce legal or similarly significant effects based solely on automated processing. Aggregate Sales Intelligence products are population-level statistics and do not constitute profiling of individual users.

Providing your data is required for core features. Optional data (location, health, wellness) can be withheld without losing access to core functionality.

11. Data Retention

  • Active accounts: Your data is retained as long as your account is active
  • Deleted accounts: Your personal data is immediately and permanently deleted upon account deletion. Your profile is anonymised and all associated data (activity metrics, journal entries, messages, preferences, health data, location data) is removed. An anonymised record (e.g. “Deleted User”) is retained for referential integrity in team and social contexts
  • Aggregate outputs: Aggregate intelligence outputs, once produced, are retained as published products. Because these outputs contain no personal data (per the anonymisation thresholds in Section 12), they are not subject to individual deletion requests. Your underlying data will be excluded from all future outputs upon opt-out or account deletion
  • Crash reports: Retained by Sentry for 90 days
  • API/security logs: Retained for 30 days
  • Account deletion audit records: Retained for 90 days for legal compliance, then permanently purged
  • Subscription history: Retained per RevenueCat and app store policies for billing audit purposes; deleted within 30 days of account deletion

12. Aggregate Sales Intelligence Products

Pedla develops and offers aggregate sales benchmarking products derived from anonymised, aggregated platform data. These products report on industry-level patterns such as conversion benchmarks, seasonal performance trends, and activity averages across self-reported industry categories.

What these products contain

  • Industry-level aggregated metrics only (e.g. average conversion rates by self-reported industry category, seasonal activity patterns, funnel benchmarks)
  • Cross-industry pooled aggregates
  • No names, email addresses, user identifiers, or any individually identifiable information

These benchmarks are made available to managers within their team reporting dashboards, enabling direct comparison between their team’s performance and industry averages for their category.

What these products never contain

  • Individual user or rep performance records
  • Location data of any kind. Geographic performance analysis is a separate opt-in feature that operates entirely within the organisational context — see Section 5
  • Company or employer identifiers (Pedla does not collect these)
  • Team, enterprise, or manager structure
  • Wellness, mood, journal, or health data
  • Any data point below the anonymisation thresholds below

Anonymisation standard

We apply the following minimum thresholds before any metric is published:

  • Industry-wide aggregates with no additional dimensions: at least 10 unique user accounts
  • Industry-level aggregates with one additional dimension (e.g. season, product category): at least 25 unique user accounts
  • Industry-level aggregates with two or more additional dimensions: at least 50 unique user accounts
  • Cross-industry pooled aggregates: at least 10 unique user accounts

Each user account counts as one contributor regardless of the number of data points submitted. No single user’s data is weighted in a way that disproportionately influences the aggregate output. Any metric falling below the applicable threshold is suppressed before publication. Once data meets this standard, it is no longer considered personal data.

Processing for aggregate intelligence purposes is based on our legitimate business interest in developing industry-benchmarking products. We have assessed that this interest does not override the fundamental rights of individual users, given the strict anonymisation thresholds, the exclusion of location, company, and sensitive data categories, and the industry-level nature of the output.

Your right to object

You may object to your anonymised data being included in Aggregate Sales Intelligence products at any time by emailing [email protected] with subject line “Intelligence Opt-Out”. We will action objections within 30 days. Data already incorporated into published aggregate outputs cannot be retroactively removed, as it is genuinely anonymised and no longer personal data. Your data will be excluded from all future outputs from the date of objection.

Enterprise-wide opt-out (Coming Soon)

When enterprise features launch, authorised enterprise administrators will be able to configure organisation-wide opt-out from Aggregate Sales Intelligence on behalf of all users in their deployment.

What we are not doing

We do not sell leads, contact lists, or identifiable rep or company data. We do not identify which company a rep works for — we do not collect this information. We do not publish location-based cuts of the data at any granularity. This is industry-level benchmarking intelligence: the same product category as workforce and industry benchmarking tools already established in adjacent markets.

13. Children’s Privacy

Pedla is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If you are under 18 and part of a managed team or enterprise, please be aware that your team manager or enterprise administrator can view your performance data (and individual location data, if you have enabled location) within the team or enterprise context. If we become aware that we have collected data from a child under 13, we will delete the account promptly.

14. Push Notifications

With your permission, we send push notifications including:

  • Morning and evening check-in reminders
  • Daily performance summaries
  • Team activity updates and invitations
  • Milestone and achievement celebrations
  • Streak maintenance reminders
  • Subscription and trial status updates

You can customise or disable notifications at any time in the app’s notification settings or via your device settings.

15. Security Incident Response

If we become aware of a security breach involving personal data:

  • Affected users will be notified without undue delay where the breach is likely to result in a high risk to their rights
  • We will provide a description of the breach, what data was affected, and steps taken
  • We will report the breach to relevant regulatory authorities within legally required timeframes
  • We will take steps to remediate the breach and prevent recurrence

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification (requiring confirmation of acceptance) or email and give you 30 days to review changes before they take effect. Continued use of the Service after that period constitutes acceptance of the updated policy.

17. Contact Us

For questions about this Privacy Policy or to exercise your data rights:

We aim to respond to all privacy requests within 30 days (45 days for CCPA requests).

© 2026 Pedla, Inc. All rights reserved.