Skip to content

Privacy Policy

Last updated: 28 April 2026

1. Who We Are

Pear MCP is operated by Ashton Turner, based in Australia. For privacy enquiries, contact support@pearmcp.com.

2. Information We Collect

Account Information

When you sign up, we collect your email address and use magic links for authentication. We also store the account and session information needed to keep you signed in, manage your subscription, and operate the dashboard.

Apple iCloud Credentials

To provide the Service, we store your Apple Account email, optional iCloud Mail address, and an app-specific password. The app-specific password is encrypted at rest using AES-256-GCM with a server-side key. We never store your main Apple ID password.

API Keys and OAuth Access

Pear stores API key hashes and limited key metadata, such as the last four characters, so keys can be verified and rotated without storing the raw key. For OAuth-compatible clients, Pear issues authorization codes and access tokens tied to your account and current API key state.

Usage Data

We track API call counts per user per calendar month for billing and rate-limiting purposes. We also collect anonymised tool usage metadata (tool name, response time, success/failure, error type, and timestamp) to improve the Service, and Pro users can view this metadata in the Activity page. Anonymised analytics use HMAC-SHA256 hashing for user and session identifiers rather than storing plain IDs.

Payment Information

Payments are processed by Stripe. We do not store credit card numbers or bank details. We store your Stripe customer ID and subscription ID to manage your subscription. See Stripe's Privacy Policy for how they handle payment data.

iCloud Data

When you or your AI assistant makes a request, we access your iCloud Calendar, Reminders, Contacts, and Mail data in real-time via CalDAV/CardDAV/IMAP/SMTP. This data is processed in memory to fulfil the request and returned to your AI client. We do not keep a separate database copy of your iCloud content, and we do not retain full request payloads or full iCloud response bodies in logs or analytics.

Support Communications

If you email support, we collect the information you choose to send so we can investigate and respond to the request.

3. How We Use Your Information

  • To authenticate you and provide access to the Service
  • To connect to your iCloud account on your behalf
  • To issue, verify, rotate, and revoke Pear API keys and OAuth access
  • To process subscription payments via Stripe
  • To enforce usage limits (free tier: 50 calls/month)
  • To improve the Service through anonymised analytics and the Activity page
  • To send important service-related communications (e.g. security issues, billing problems)
  • To prevent abuse, debug failures, and keep the Service reliable

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Apple iCloud — your credentials are sent to Apple's CalDAV, CardDAV, IMAP, and SMTP servers to fulfil requests
  • Your selected AI or MCP client — tool results are returned to the client you connected to Pear
  • Stripe — for payment processing
  • Supabase — for database hosting and authentication (hosted in AWS, Sydney region)
  • Resend — for transactional product emails such as onboarding and receipts
  • Vercel — for application hosting

We may disclose information if required by law or to protect our rights and the safety of our users.

Some service providers may process data outside Australia. Where that happens, we use reputable providers and limit the information shared to what is needed to provide the Service.

5. Data Security

  • iCloud app-specific passwords are encrypted at rest with AES-256-GCM
  • All connections use HTTPS/TLS
  • API keys use cryptographically secure random generation and are stored as hashes
  • Billing columns are protected by database-level triggers
  • Rate limiting is enforced on all API endpoints

No system is 100% secure. If you believe your account has been compromised, contact us immediately and regenerate your API key in Settings.

6. Data Retention

Your account data and encrypted credentials are retained while your account is active. If you disconnect your iCloud account, the encrypted credential values are removed or replaced with a disconnected marker. Usage analytics and operational metadata may be retained to protect the Service, understand reliability, and maintain billing records. If you delete your account, personal data is removed within 30 days unless we need to retain limited records for legal, tax, billing, security, or dispute-resolution reasons.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict processing of your data

To exercise these rights, email support@pearmcp.com.

8. Cookies

We use essential cookies for authentication (Supabase session tokens). We do not use advertising or third-party tracking cookies. No cookie consent banner is required as we only use strictly necessary cookies.

9. Children

The Service is not intended for users under 16. We do not knowingly collect data from children.

10. Privacy Complaints

If you have a privacy concern, email support@pearmcp.com and we will review it. If you are in Australia and remain dissatisfied, you may also be able to contact the Office of the Australian Information Commissioner.

11. Changes

We may update this policy from time to time. We will notify users of material changes via email or an in-app notice.

12. Contact

For privacy enquiries, contact support@pearmcp.com.