Privacy Policy

Last updated: 26 February 2026

1. Who We Are

Pear MCP is operated by Ashton Turner, based in Australia. For privacy enquiries, contact support@pearmcp.com.

2. Information We Collect

Account Information

When you sign up, we collect your email address (used for authentication via magic link). You may optionally set a display name.

Apple iCloud Credentials

To provide the Service, we store your Apple ID email and an app-specific password. The app-specific password is encrypted at rest using AES-256 encryption with a server-side key. We never store your main Apple ID password.

Usage Data

We track API call counts per user per calendar month for billing and rate-limiting purposes. We also collect anonymised tool usage analytics (tool name, response time, success/failure) to improve the Service. Anonymised analytics use HMAC-SHA256 hashing — we cannot reverse these to identify individual users.

Payment Information

Payments are processed by Stripe. We do not store credit card numbers or bank details. We store your Stripe customer ID and subscription ID to manage your subscription. See Stripe's Privacy Policy for how they handle payment data.

iCloud Data

When you or your AI assistant makes a request, we access your iCloud Calendar, Reminders, and/or Contacts data in real-time via CalDAV/CardDAV. This data is processed in memory to fulfil the request and returned to your AI client. We do not store, cache, or log the contents of your calendars, reminders, or contacts.

3. How We Use Your Information

  • To authenticate you and provide access to the Service
  • To connect to your iCloud account on your behalf
  • To process subscription payments via Stripe
  • To enforce usage limits (free tier: 200 calls/month)
  • To improve the Service through anonymised analytics
  • To send important service-related communications (e.g. security issues, billing problems)

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Apple iCloud — your credentials are sent to Apple's CalDAV/CardDAV servers to fulfil requests
  • Stripe — for payment processing
  • Supabase — for database hosting and authentication (hosted in AWS, Sydney region)
  • Vercel — for application hosting

We may disclose information if required by law or to protect our rights and the safety of our users.

5. Data Security

  • iCloud passwords are encrypted at rest with AES-256
  • All connections use HTTPS/TLS
  • API keys use cryptographically secure random generation
  • Billing columns are protected by database-level triggers
  • Rate limiting is enforced on all API endpoints

No system is 100% secure. If you believe your account has been compromised, contact us immediately and regenerate your API key in Settings.

6. Data Retention

Your account data and encrypted credentials are retained while your account is active. If you disconnect your iCloud account, your encrypted credentials are deleted immediately. Anonymised usage analytics are retained indefinitely. If you delete your account, all personal data is removed within 30 days.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict processing of your data

To exercise these rights, email support@pearmcp.com.

8. Cookies

We use essential cookies for authentication (Supabase session tokens). We do not use advertising or third-party tracking cookies. No cookie consent banner is required as we only use strictly necessary cookies.

9. Children

The Service is not intended for users under 16. We do not knowingly collect data from children.

10. Changes

We may update this policy from time to time. We will notify users of material changes via email or an in-app notice.

11. Contact

For privacy enquiries, contact support@pearmcp.com.