How Pear Handles Your Data

Your full chat transcript never reaches Pear

Pear is an MCP (Model Context Protocol) server. Your conversation stays entirely inside your AI client (Claude, ChatGPT, Poke, Cursor, etc.). The client only sends Pear the structured tool call and arguments it decides to execute — for example create_event {title: "Team Standup"}. Pear does not receive your full chat history, system prompts, or the full conversation context. If you include personal details in a tool call argument, that specific argument is sent to Pear so the tool can run.

Credentials & encryption

We never store or see your main Apple ID password. Pear requires an App-Specific Password that you generate from appleid.apple.com and can revoke at any time.

• Your app-specific password is encrypted at rest with AES-256-GCM using a server-side key
• It is only decrypted in memory for the duration of a single request
• Revoking the password from Apple instantly cuts off all access

Pear does not keep a database copy of your iCloud data

When your AI calls a tool like “list my events tomorrow”, Pear fetches data from Apple's servers in real time using CalDAV (Calendar & Reminders), CardDAV (Contacts), and IMAP/SMTP (Mail). The response is processed in memory, returned to your AI client, and immediately discarded.

• Pear does not store a separate database copy of your calendars, reminders, contacts, or emails
• Full iCloud records are fetched live from Apple and returned to your AI client
• The only caching is for Apple's server endpoint URLs (a standard performance optimization), not your data
• Pear does retain limited operational metadata such as usage counts, anonymised tool analytics, and Pro activity history

Usage analytics and activity history

Pear records a small amount of metadata per tool call for billing, abuse prevention, product analytics, and the Pro activity page:

• Billing and limits: monthly API call counts per user
• Analytics: tool name (e.g. list_events), response time, success/failure, error type, and timestamp
• User identity: analytics are keyed with HMAC-SHA256 hashes of user and session identifiers rather than plain user IDs
• Pro dashboard activity: tool name, status, response time, and timestamp. The dashboard may show only part of this metadata, but Pear still stores the operational fields needed for reliability and analytics
• Not retained as analytics: full chat transcripts, full request payloads, or full iCloud response bodies

Third parties

Pear does not sell your data. We share data only with:

• Apple iCloud — your credentials are sent to Apple's CalDAV, CardDAV, IMAP, and SMTP servers to fulfil requests
• Your connected AI client — tool results are returned to the client you chose to connect to Pear
• Stripe — for payment processing (we never see card numbers)
• Supabase — database hosting (AWS, Sydney region)
• Resend — transactional email delivery for product emails such as receipts and onboarding messages
• Vercel — application hosting

Some providers may process data outside Australia. Pear limits those disclosures to the information needed to run the service.

You're always in control

• Revoke access: delete the App-Specific Password from appleid.apple.com at any time
• Regenerate API key: rotate your Pear API key instantly from Settings
• Disconnect iCloud: removes the active encrypted credential values and marks the connection as disconnected
• Delete account: all personal data removed within 30 days