Privacy Policy
01Who we are and scope
PearFare LLC ("PearFare", "we", "us") is a Wisconsin, USA limited liability company. We run a batch data-extraction service. Clients upload pages they have already collected, and we convert those pages into schema-validated JSON on GPU servers we own, at a single private facility in Wisconsin. We use no public-cloud compute.
This policy covers three properties and one service:
- trypearfare.com and app.trypearfare.com: static websites hosted on Cloudflare Pages.
- api.trypearfare.com: our batch API, authenticated by API key.
- The PearFare extraction service itself, governed also by our Terms of Service.
We handle information in three distinct contexts, and this policy keeps them separate throughout:
- Website visitors. People who browse our sites. We collect very little information in this context.
- Clients and account holders. Businesses that open an account and use the service. We collect the account and billing information described below.
- Client Data. The pages our clients upload for processing, and the JSON we extract from them. Those pages may contain personal information about other people. For that data we act only as a service provider on our client's instructions. Section 4 explains this in full.
Questions about anything in this policy go to [email protected].
02The short version
Plain language summary. Our websites set no cookies and run no analytics or trackers. We do not sell personal information, and we show no ads. The pages you upload for processing are used only to do your job and to tune your own dedicated extractor. They are purged 14 days after delivery, or immediately if you choose the zero-retention option. One exception applies: our sites load fonts from Google Fonts, so your browser sends your IP address and user agent to Google when a page loads. The rest of this policy explains these points in more detail.
03Information we collect
The table below lists everything, grouped by the three contexts from Section 1. If a category is not listed here, we do not collect it.
| Category | Source | Purpose | Retention |
|---|---|---|---|
| A. Website visitors (trypearfare.com, app.trypearfare.com). We set no cookies and run no analytics or trackers. | |||
| Cloudflare edge logs: traffic metadata such as IP address, user agent, requested URLs, and timestamps | Generated automatically when you visit. Held by Cloudflare, which hosts our sites and routes our traffic | Serving the sites, network security, abuse prevention | Cloudflare's standard edge-log retention. We run no analytics on this data |
| Google Fonts requests: your IP address and user agent, disclosed to Google | Your browser requests font files from fonts.googleapis.com and fonts.gstatic.com when a page loads | Font delivery | Governed by Google's privacy policy. We never receive this data |
| B. Clients and account holders | |||
| Account details: work email, password (stored only as a hash), company name | You, when you open an account | Authentication, account management, service communication | Life of the account |
| Billing details: billing email, business address (optional), invoices | You, plus invoices we generate | Billing and invoicing | Life of the account, plus records we must keep for tax and accounting |
| Payment card details | Collected directly by Stripe when payments go live | Payment processing | Held by Stripe. We never store card numbers |
| Usage records: batch counts, page counts, timestamps | Generated when you use the service | Billing, capacity planning, support | Life of the account, plus tax and accounting records |
| Access logs: API and portal access events | Generated when you call the API or sign in | Security and troubleshooting | About 90 days |
| C. Client Data (processed as a service provider; see Section 4) | |||
| Pages you upload and the JSON we extract from them. These may contain personal information about third parties, such as names, job titles, and phone numbers in a directory | Uploaded by you through the batch API | Running the extraction you ordered and tuning your own dedicated extractor; no other purpose | Purged 14 days after delivery, or immediately on delivery confirmation with the zero-retention option |
04Client Data: our role as processor
Plain language. When you upload pages, you stay in charge of the personal information inside them. You are the controller. We are your processor, or in US state-law terms, your service provider. We touch that data only to do the job you ordered, on your documented instructions. We do not decide what to do with it, we do not use it for ourselves, and we delete it on schedule.
Pages that clients upload often contain personal information about people who are not our clients: names, titles, phone numbers, and similar details found in directories and public listings. For that information:
- The client is the controller. The client is responsible for having a lawful basis to collect and process the data, for giving any required notices to the individuals in it, and for responding to those individuals' privacy rights requests.
- We are the processor. We process Client Data solely to provide the service and to tune that client's own dedicated extractor, on the client's documented instructions. We never use one client's data for any other client or any other purpose, and we never use it to train models for any other party.
- We assist with individual rights. If someone contacts us about personal information contained in Client Data, we will refer them to the relevant client where we can, notify that client, and honor deletion through our retention system on the client's instruction. Our short retention windows mean most Client Data is already gone.
- Clients must upload lawfully. By uploading pages, a client represents that it collected them lawfully and has the right to have us process them. Our Terms of Service set out these obligations in full.
05How we use information
We use information for these purposes and no others:
- Providing the service. Running batch extractions, delivering JSON output, and operating the API and client portal.
- Tuning your extractor. Client Data is used to tune that client's own dedicated extractor. It is never used to train or tune anything for any other party.
- Accounts and authentication. Verifying API keys and portal logins, and managing your account.
- Billing. Metering usage, issuing invoices, and processing payments through Stripe when payments are live.
- Communication. Answering support requests and sending service notices to the email on your account.
- Security and abuse prevention. Reviewing access logs and traffic metadata to keep the service safe.
- Legal compliance. Keeping the tax and accounting records the law requires, and responding to valid legal process as described in Section 6.
06How we share information
We share information only with the service providers below, each for a single narrow job, and in the limited legal circumstances that follow. We do not sell or rent information to anyone.
| Provider | What they do for us | What they receive |
|---|---|---|
| Cloudflare | Hosting, CDN, and email routing | Traffic metadata for our sites and API, standard edge logs, and email routed to our address |
| Stripe | Payment processing, when payments go live | Billing contact details and payment card information, which Stripe collects directly. We never see or store card numbers |
| Google Fonts | Font delivery on our websites | Your IP address and user agent when your browser loads font files |
| GitHub | Source code hosting | Our source code only; no account data and no Client Data |
GPU marketplace tenants and Client Data
Outside our processing windows, we rent spare GPU capacity to third-party marketplace tenants. Those tenants never receive Client Data and cannot access it. Client Data lives on encrypted volumes that are unmounted outside processing windows. See our Security page for how this isolation works.
Legal process
We disclose information in response to legal process only when we are required to. When a demand covers a client's data, we notify that client before disclosing, unless the law prohibits notice. We push back on requests that are overbroad and disclose only what the process compels.
07What we never do
- We never sell personal information, and we never have.
- We never share personal information for cross-context behavioral advertising.
- We run no advertising, no ad networks, and no ad tech of any kind.
- We never give or sell data to data brokers.
- We never use one client's data to train or tune models for any other party. Client Data is used only to tune the uploading client's own extractor.
- We set no cookies and run no analytics or trackers on our websites.
The statements in this section are binding commitments. The Federal Trade Commission treats broken privacy promises as deceptive practices under Section 5 of the FTC Act.
08Retention and deletion
- Client Data, standard: purged 14 days after we deliver your results. The window exists so you can verify output and request re-runs.
- Client Data, zero-retention option: purged immediately on delivery confirmation. Choose this per account or per batch if you do not want a verification window.
- Account and billing data: kept for the life of the account. After closure, we keep only the records we are required to retain for tax and accounting, then delete them.
- Access logs: kept about 90 days, then deleted.
- Payment card data: never stored by us. Stripe holds it under its own retention rules.
You can request deletion of your account data at any time by emailing [email protected]. Deletion of Client Data flows through the retention system above, and clients can instruct earlier deletion of any batch.
09Security
Processing happens on GPU servers we own, at a single private facility in Wisconsin. We use no public-cloud compute. Client Data sits on encrypted volumes that are unmounted outside processing windows, which is also what keeps GPU marketplace tenants away from it. The API requires key authentication, connections to our sites and API use HTTPS, and passwords are stored only as hashes.
No security measure is perfect. We describe our controls in detail, including the isolation model for rented GPU time, on our Security page.
10Your rights and choices
If you are in the United States, we honor these rights regardless of which state you live in. Some state privacy laws apply only to businesses above certain size thresholds. We do not condition your rights on whether a given law technically applies to us.
- Access: ask what information we hold about you.
- Correction: ask us to fix inaccurate information.
- Deletion: ask us to delete your information, subject to records we must keep for tax and accounting.
- Portability: ask for a copy of your information in a usable format.
How to exercise them
Email [email protected]. We verify requests with reasonable steps: usually by asking you to write from the email address on your account, or by asking for enough information to match you to our records. We never ask for more than we need to verify you. We will not discriminate against you for exercising any right. If we decline a request, we will tell you why, and you can ask us to reconsider.
If your request concerns personal information inside Client Data, the client that uploaded it is the controller. We will refer you to that client where we can and notify them, as described in Section 4.
Global Privacy Control and Do Not Track
Global Privacy Control is a browser signal that tells businesses not to sell or share your data. Because we do not sell or share data or track visitors, the signal does not change how we handle a visit. Visits with GPC enabled are treated the same as all other visits and are not tracked. We treat Do Not Track signals the same way.
11Data breach notification
Wisconsin's breach notification statute, Wis. Stat. § 134.98, requires an entity to make reasonable efforts to notify each affected person within a reasonable time, not to exceed 45 days after the entity learns that personal information has been acquired by someone unauthorized to have it. Notice may be delayed at the request of law enforcement, and if a single incident affects 1,000 or more people, the statute also requires notice to the nationwide consumer reporting agencies. We will comply with this statute, and with the breach notification law of any other state whose residents are affected.
We also commit to more than the statute requires. If we confirm a security incident affecting your Client Data or your account information, we will notify you without unreasonable delay and no later than 72 hours after confirmation. We will tell you what happened, what data was involved, and what we are doing about it. The statute excuses individual notice where the acquisition creates no material risk of identity theft or fraud. Even in that case, we will still tell affected clients.
12Children
PearFare is a business-to-business service. Our sites and service are not directed to children, and you must be at least 18 to open an account. We do not knowingly collect personal information from anyone under 18. If you believe we have, email [email protected] and we will delete it.
13International use
All processing happens in the United States, at our single Wisconsin facility and with the US service providers listed in Section 6. We have no establishment in the EU or UK. If you access the service from outside the United States, your information will be transferred to and processed in the United States.
EU or UK clients who need a data-processing addendum can request one by email at [email protected].
14Changes to this policy
When we change this policy, we will post the new version at this page and update the effective date at the top. If a change is material, we will email account holders before it takes effect. We will never change this policy to permit selling personal information or to weaken the Client Data commitments in Section 4 retroactively.
15Contact
PearFare LLC, Wisconsin, USA.
Email [email protected] for privacy questions, rights requests, data-processing addendum requests, or anything else in this policy. Our Terms of Service and Security page cover the rest.