How Pear Handles Your Data

A plain-language overview β€” no legal jargon. For the formal version see our Privacy Policy.

Your full chat transcript never reaches Pear

Pear is an MCP (Model Context Protocol) server. Your conversation stays entirely inside your AI client (Claude, ChatGPT, Poke, Cursor, etc.). The client only sends Pear the structured tool call and arguments it decides to execute β€” for example create_event {title: "Team Standup"}. Pear does not receive your full chat history, system prompts, or the full conversation context.

Credentials & encryption

We never store or see your main Apple ID password. Pear requires an App-Specific Password that you generate from appleid.apple.com and can revoke at any time.

  • Your app-specific password is encrypted at rest with AES-256-GCM using a server-side key
  • It is only decrypted in memory for the duration of a single request
  • Revoking the password from Apple instantly cuts off all access

Pear does not keep a database copy of your iCloud data

When your AI calls a tool like β€œlist my events tomorrow”, Pear fetches data from Apple's servers in real time using CalDAV (Calendar & Reminders), CardDAV (Contacts), and IMAP/SMTP (Mail). The response is processed in memory, returned to your AI client, and immediately discarded.

  • Pear does not store a separate database copy of your calendars, reminders, contacts, or emails
  • Full iCloud records are fetched live from Apple and returned to your AI client
  • The only caching is for Apple's server endpoint URLs (a standard performance optimization), not your data
  • Pear does retain limited operational metadata such as usage counts, anonymized tool analytics, and Pro activity history

Usage analytics and activity history

Pear records a small amount of metadata per tool call for billing, abuse prevention, product analytics, and the Pro activity page:

  • Billing and limits: monthly API call counts per user
  • Analytics: tool name (e.g. list_events), response time, success/failure, error type, and timestamp
  • User identity: analytics are keyed with HMAC-SHA256 hashes of user and session identifiers rather than plain user IDs
  • Pro dashboard activity: tool name, status, response time, and timestamp
  • Not retained as analytics: full chat transcripts, full request payloads, or full iCloud response bodies

Third parties

Pear does not sell your data. We share data only with:

  • Apple iCloud β€” your credentials are sent to Apple's CalDAV, CardDAV, IMAP, and SMTP servers to fulfil requests
  • Stripe β€” for payment processing (we never see card numbers)
  • Supabase β€” database hosting (AWS, Sydney region)
  • Resend β€” transactional email delivery for product emails such as receipts and onboarding messages
  • Vercel β€” application hosting

You're always in control

  • Revoke access: delete the App-Specific Password from appleid.apple.com at any time
  • Regenerate API key: rotate your Pear API key instantly from Settings
  • Disconnect iCloud: removes your encrypted credentials immediately
  • Delete account: all personal data removed within 30 days

Questions about data handling? Email support@pearmcp.com.