Privacy Notice

The Company known as SF Software Limited trading as Pebble is hereafter referred to as the Company.

The Purpose of the Privacy Notice

We are SF Software Limited trading as Pebble. In this privacy notice we explain how we will process your personal information obtained through your use of our website,, and through other interactions with you, for example, when you interact with us professionally or purchase our products as the account holder.

We also provide cloud based software solutions, Tali, Trac and Till systems, for schools and other organisations (our Customers). This involves processing personal data of individuals (pupils, parents, guardians and employees of our Customers) on behalf of our Customers. Our processing of personal data obtained in connection with the provision of our systems to our Customers is not covered in this privacy notice. If you wish to learn about it, please read our Data Protection Statement.

It is important that you read this privacy notice, together with any other privacy notice we may provide on specific occasions, so that you are fully aware of how and why we are using your data, and what data protection rights you have.

What does this notice cover?

  • Data Protection Legislation
  • Who we are and how to contact us
  • Personal data we collect
  • How we collect personal data
  • How and why we use personal data
  • Who we share personal data with
  • How long we keep personal data
  • Your rights
  • Keeping personal data secure
  • Complaints
  • Changes to this Privacy Notice

Data Protection Legislation

We are committed to protecting your privacy and safeguarding your personal data. Our use of your personal data is subject to the data protection laws applicable in the United Kingdom, which on the date of the publication of this notice includes the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 and other relevant UK and EU legislation concerning personal data (together Data Protection Legislation).

Who we are and how to contact us

When we say we, us, our or software in this privacy notice, we mean SF Software Limited, a company incorporated and registered in England and Wales with company number 05580540 and whose registered office is: Spaceworks, Benton Park Road, Newcastle Upon Tyne, England, NE7 7LX

For the purposes of the Data Protection Legislation, we are the controller of your personal data. This means that we are responsible for deciding how we hold and use personal information about you.

If you have any questions about this privacy notice, (including any requests to exercise your legal rights) please contact us either by:

  1. email at
  2. our online contact us form at;
  3. post to: Pebble, Data Protection, PO Box 119, Stocksfield, NE43 7YH

Personal data we collect

Personal data means information which relates to an identified or an identifiable individual. Types of personal data we may collect including examples

  • Identity data: title; first name; last name.
  • Contact data: address; email; telephone number.
  • Financial and transactional data: details of sales transactions; payment history.
  • Profile data: interests; preferences (including marketing preferences); allergens, dietary preferences, feedback, survey responses and comments.
  • Usage data: products/services requested/provided; details of our contracts with you; details and your usage of the services/products you subscribe to (e.g. newsletters); events you attended or expressed interest in.
  • Communication data: details and records of our communication with you.
  • IT data: logins and usernames to our portals; encrypted passwords.
  • Technical data: browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, identification numbers associated with your devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your files, and other interactions with our website.

We may also collect, use and share anonymised, aggregated data such as statistical or demographic data for any purpose. Anonymised data may be derived from your personal data but is not considered personal information in law as this information does not directly or indirectly reveal your identity. For example, we may aggregate information on how you use our website to calculate the percentage of users accessing a specific website feature.

How we collect personal data

We collect most of this information from you direct. However, we may also collect information from other sources.

  • Your use of our website and services: when you sign up to or use our services; sign up to our mailing list; submit an online enquiry; subscribe to our blogs, complete a contact form; complete a survey; submit feedback; or purchase our products/services.
  • Direct interactions with you: when you first contact us (e.g. by phone or email); when you register interest in our services; when you give us your business card.
  • From publicly accessible sources: your website; your profiles on social media platforms (e.g. LinkedIn, Facebook, Twitter); professional networking groups and databases.
  • Directly from a third party: another organisation or professional who told us that you would like to hear from us.
  • Automated technologies or interactions: as you interact with our website, app and advertisements, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. For further details, please see our Cookies Notice.

How and why we use personal data

Under the Data Protection Legislation, we can only use your personal data if we have a proper reason for doing so.

1.) Consent. Generally, we do not rely on consent as a legal basis for processing your personal data other than to:

  • place cookies and similar tracking technologies on your device (please see our Cookies Notice for further details);
  • send you our blogs, newsletters or other electronic marketing communication, if you are not our customer, or if you requested or expressly agreed to receive such communication; and
  • respond to your enquiries.

Where your permission is required, we will ask you for such consent separately and clearly.

You have the right to withdraw consent or object to marketing at any time by emailing us at or using the ‘unsubscribe’ link in our marketing emails. Even if we are not required to obtain your consent for marketing purposes, you can still opt-out of receiving marketing communications at any time, so you are still in control.

2.) Contract. We will use your personal data if we need to do it to perform our obligations under a contract with you, or if it is necessary for a contract which we are about to enter with you. For example, if we need to:

  • register you as a new customer or administer your account (e.g. set up your subscription and administer invoicing and payments);
  • provide our services to you;
  • manage our relationship with you (e.g. to respond to your enquires or to notify you about changes to our services and to inform you about updating preferences); or provide after sale care services (e.g. technical support).

3. ) Legitimate interests. We may process your personal data when we (or third party) have a legitimate reason to use it, so long as this is not overridden by your own rights and interests. For example:

  • to provide our products and services to, and manage our relationship with our Customer or prospective Customer whom you represent;
  • to administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
  • to manage your account and our relationship with you;
  • to manage payments, fees, charges, and to collect debts which you may owe to us;
  • to interact with you professionally (e.g. if you represent our Customer, supplier or business partner);
  • to deal with your enquiry unrelated to a contract which we may have with you;
  • to provide you with a free service (e.g. a free trial);
  • to ask you to leave a review or complete a survey;
  • to send you our updates or other electronic marketing communications in respect of similar products or services to those which we had previously supplied to you or which you had previously enquired about;
  • to increase our business or promote our brand through delivering relevant website content and advertisements to you and marketing communication;
  • to measure or understand the effectiveness of the advertising we provide to you;
  • to improve our website, products, services, marketing, and customer relationships and understanding;
  • to conduct web and app analytics;
  • for the prevention and detection of fraud and spam; and
  • for the establishment, exercise or defence of legal claims.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or structure of our business.

4.) Legal obligation. We may process your personal data to comply with our legal obligation. For example, to:

  • notify you about changes to our terms or privacy notice;
  • address your complaint; and
  • comply with a request from a competent authority.

Who we share personal data with

We may share your information with third parties for the purposes set out in this notice.

We may share your data with service providers, which we use to operate our business. For example:

  • Amazon Web Services, a US company, who provide data hosting services to us. See their privacy policy. AWS holds our data in a secure data centre in the UK;
  • Isotoma Limited, based in the UK, who provide IT services to us. See their privacy notice;
  • Google, based in the USA, who provide Google Analytics web and app analytics services to us. See their privacy notice; and
  • Apple, based in the USA who provide app analytics services to us, See their privacy notice.

We have contracts in place with the above providers to ensure that your personal data is protected. Please note that we may from time to time engage new providers or stop using providers included in the list above.

Transfers of data outside the European Economic Area (EEA) are subject to special rules under the Data Protection Legislation. Those of our providers, who are based in the USA, subscribe to the EU-US Privacy Shield framework. Transfers of personal data under the Privacy Shield framework are deemed by the European Commission to provide an appropriate level of protection.

Some of our providers may transfer your data outside the EEA but only to countries that have been identified by the European Commission as providing adequate protection (such as New Zealand), or a third party using an appropriate safeguard mechanism (for example, by entering into the European Commission’s standard contractual clauses, or, for transfers to US-based third parties, by ensuring that the entity subscribes to the EU-US Privacy Shield).

We may also:

  • disclose your personal data to professional advisers (e.g. lawyers, accountants, auditors or insurers) who provide professional services to us;
  • disclose your personal data to certain third parties if specifically requested or agreed with you (e.g. if you ask us to introduce you to a third party);
  • disclose and exchange certain information with law enforcement agencies and regulatory bodies to comply with our legal obligations; and
  • share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring.

The recipients of the information will be bound by confidentiality obligations.

How long we keep personal data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. For example:

  • we are required to keep accounting records for 7 years for tax audit purposes;
  • if you have a contract with us, we will keep your data for up to seven years after the end of that contract;
  • if you subscribe to our updates, we will hold your data for that purpose until you unsubscribe or otherwise tell us that you no longer wish to receive such communications;
  • if you enquire or purchase our business-to-business services, we will keep your personal data for marketing purposes for [two years from when we last heard from you], unless you earlier opt-out from receiving marketing communications;
  • if you represent our prospective customer, we will generally keep your data for [six months from when we obtained your data or our last interaction with you]; and

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Your rights

You have a number of rights in relation to your personal data, which allow you to access and control your information in certain circumstances. You can exercise these rights free of charge, unless your request is manifestly unfounded or excessive (in which case we may charge a reasonable administrative fee or refuse to respond to such request).

  • Access: This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Rectification: The right to require us to correct any inaccuracies in your personal data.
  • Erasure (to be forgotten): The right to require us to delete your personal data in certain situations.
  • Restriction of processing: The right to require us to restrict processing of your personal data in certain circumstances (e.g. if you contest the accuracy of the data we hold).
  • Data portability: The right to receive, in certain situations, the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party.
  • To object: The right to object at any time to your personal data being processed for direct marketing (including profiling) or, in certain other situations, to our continued processing of your personal data (e.g. processing carried out for the purpose of our legitimate interests).
  • Not to be subject to automated individual decision-making: The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you, or similarly significantly affects you.
    If you would like to exercise any of those rights, please contact us using any of the contact methods set out in the Who we are and how to contact us section of this notice. Please let us know what right you want to exercise and the information to which your request relates.

Keeping personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.


We hope that we can resolve any query or concern you may raise about our use of your information. You may contact us by using the contact methods set out in the How we are and how to contact us section of this policy.

The Data Protection Legislation also gives you a right to lodge a complaint with a supervisory authority, in particular in the European Union (or the European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws has occurred. The supervisory authority in the UK is the Information Commissioner, who may be contacted at, telephone on 0303 123 1113, or by post to: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office, so please contact us in the first instance.

Changes to this privacy policy

This privacy policy was last updated on 29th October 2021.

We may change this privacy notice from time to time. When we do, we will publish the new version of the policy on our website. We may also inform you via email or post.

Ready to get started? Ready to get started?

Ready to get started?

Take the first step on your journey to having a seamlessly integrated finance and payment management system.

Book a Demo