Data Residency & Security

Pebblhub's infrastructure is hosted on AWS (Amazon Web Services). By default, all customer data is stored in the EU (Ireland — eu-west-1 region), which ensures compliance with UK GDPR and EU GDPR data residency requirements.

For nurseries in the UAE, we offer optional data residency in the AWS Middle East (Bahrain — me-south-1) region on Enterprise plans, allowing data to remain within the region.

We do not store data in the United States by default. Any cross-border transfers are governed by appropriate safeguards (Standard Contractual Clauses or equivalent).

All data in Pebblhub is protected by encryption at every stage:

•In transit — all communication between clients (browser, mobile apps) and Pebblhub servers uses TLS 1.2 or higher. Older protocols are disabled.

•At rest — all data stored in our databases and file storage is encrypted using AES-256, the industry standard for data-at-rest encryption.

•Backups — all database backups are encrypted using the same AES-256 standard before being written to storage.

•Keys — encryption keys are managed using AWS Key Management Service (KMS) with automatic key rotation.

Pebblhub performs automated backups of all customer data on the following schedule:

•Frequency — daily full backups, with incremental backups every 6 hours.

•Retention — backups are retained for 30 days. After 30 days, backups are permanently deleted.

•Geographic redundancy — backups are replicated to a secondary AWS region for disaster recovery.

•Restoration testing — backup restoration is tested quarterly to verify integrity.

In the event of data loss, our recovery time objective (RTO) is 4 hours and our recovery point objective (RPO) is 6 hours.

Pebblhub targets 99.9% uptime for the platform, measured monthly. This equates to a maximum of approximately 44 minutes of downtime per month.

Enterprise customers receive a formal SLA with uptime guarantees, incident response commitments, and service credit provisions in the event of downtime exceeding the agreed threshold.

Planned maintenance is scheduled outside peak hours (typically 02:00–04:00 UTC on weekdays) and communicated to customers at least 48 hours in advance via email and our status page.

Pebblhub undergoes regular security assessments:

•Penetration testing — conducted annually by an independent third-party security firm. Results are reviewed by engineering leadership and critical findings are remediated within 30 days.

•Vulnerability scanning — automated scanning of all infrastructure and dependencies runs continuously. Critical vulnerabilities trigger immediate response.

•Code review — all code changes undergo peer review before deployment to production. Security-sensitive changes require a dedicated security review.

•Dependency auditing — all third-party libraries are audited for known vulnerabilities on every deployment.

Access to Pebblhub's production infrastructure is strictly controlled:

•All production access requires multi-factor authentication.

•Access is granted on a least-privilege basis — engineers only have access to systems required for their role.

•All infrastructure access is logged and reviewed monthly.

•Departing employees have access revoked within one hour of their end date.

•Remote access to production systems is restricted to approved VPN connections only.

In the event of a security incident or data breach:

•Our security team is on-call 24/7 to respond to incidents.

•Affected customers are notified within 72 hours of our becoming aware of a breach, as required by UK GDPR and EU GDPR.

•Notifications include the nature of the breach, data affected, likely consequences, and measures taken.

•Major incidents are documented in a post-incident report shared with affected customers within 14 days.

Pebblhub is currently working towards SOC 2 Type II certification. Our target date for completing the audit process is Q4 2026.

In the interim, we are happy to complete security questionnaires and provide our internal security documentation to enterprise customers under NDA. Contact sales@pebblhub.com to request this.