// Trust & Security Report
Pebblely Pte Ltd
AI product photography SaaS: a web app that generates AI backgrounds/lifestyle scenes for product photos (marketplace listings, social, ads, email), plus a bulk-generation mode for producing multiple background variants at scale. Single product line, no separate enterprise/API tier evidenced.
Certifications held
0
Maturity
Startup
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 10 unconfirmed / not-held certifications
source: pebblely.comNo public evidence. No trust center, security page, or mention of SOC 2 exists on pebblely.com; /security and /trust return no compliance content and were not linked from the site footer (only Privacy and Terms are linked).
source: pebblely.comNo public evidence. Full-text search of the Privacy Policy for "ISO" returned no matches.
source: pebblely.comNo public evidence of an explicit GDPR compliance claim. Full-text search of the Privacy Policy for "GDPR" and "General Data Protection Regulation" returned no matches; the policy describes access/deletion rights generically ("We take measures to delete your Personal Information... when this information is no longer necessary") but never invokes GDPR by name, names no EU representative, and does not describe an international-transfer mechanism.
source: pebblely.comNo public evidence and not applicable; product handles product-photography images, not health data. No mention of HIPAA anywhere on the site.
source: pebblely.com"Payment information provided by you via our Sites will be stored and processed by Stripe." Card-data handling is fully delegated to Stripe; this is Stripe's PCI DSS certification, not a Pebblely-held certification.
source: pebblely.comNo public evidence. No AI-governance certification or program is referenced anywhere on the site.
source: pebblely.comNo public evidence. No CSA STAR registry entry or reference found.
source: pebblely.comNo public evidence. Not referenced anywhere on the site.
source: pebblely.comNo public evidence; not applicable to a consumer/SMB SaaS product with no US government customer base indicated.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
Not publicly disclosed on the site (no data-residency or hosting-region statement found). The operating entity is Singapore-incorporated (Pebblely Pte Ltd, UEN 202310640R, registered 2023-03-21, per Singapore's ACRA-sourced business registry).
The Privacy Policy states Pebblely collects "product images, custom descriptions, negative prompts, and reference images in order to provide and improve our Services" but does not explicitly disclose whether uploaded product images are used to train AI models, does not describe a retention period tied to training, and offers no opt-out toggle or tier-based distinction. A full-text search of the policy for "train", "training", and "machine learning" returned no matches. This should be treated as unconfirmed, not as an absence of training use.
// Security controls
Encryption in transit/at rest
Not disclosed. Full-text search of the Privacy Policy for "encrypt" returned no matches.
pebblely.comPayment security
Card data processing delegated to Stripe: "Payment information provided by you via our Sites will be stored and processed by Stripe."
pebblely.comData retention
"We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period."
pebblely.comAccount security responsibility
"You are responsible for maintaining the security of your account and password. Pebblely cannot and will not be liable for any loss or damage from your failure to comply with this security obligation."
pebblely.comData subject requests
Access/deletion/portability requests handled via direct email contact (hello@pebblely.com); no self-serve privacy portal found.
pebblely.com// Products & data scope
data: Uploaded product photos, optional reference images, text prompts/descriptions, account/billing info (billing handled by Stripe).
Consumer/SMB-facing self-serve SaaS; sign-up via 'Get started', no enterprise/SSO tier or API product evidenced in captured pages.
data: Same as web app; batch-processes multiple product images against templates.
Marketed as part of the same app for higher-volume users, not a separately governed product or data scope.
// What to watch
- No public trust center, security page, or compliance certifications of any kind (SOC2/ISO27001/HIPAA/GDPR/PCI/ISO42001/CSA STAR) — consistent with an early-stage, unfunded startup (Pebblely Pte Ltd, Singapore, incorporated 2023-03-21) rather than a withheld or over-claimed cert.
- AI-training use of uploaded product images is not addressed in the Privacy Policy or Terms — no opt-out, no tier distinction, no retention-for-training statement. Flag for buyers uploading proprietary/sensitive product imagery.
- No DPA (Data Processing Agreement) publicly available, and GDPR is never named in the Privacy Policy despite testimonials suggesting an international/EU-adjacent customer base.
- PCI DSS scope is Stripe's (payment processor), not Pebblely's own — do not list PCI DSS as a Pebblely-held certification.
// At a glance
Pricing model
Self-serve subscription SaaS (paid plans referenced via a 'Pricing' nav link; specific tier/pricing details were not captured in evidence).
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Pebblely Pte Ltd's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
pebblely.com