This is a draft for a final review before launch. It is written to reflect the finished product. We are confirming each technical claim is live and tested, and having counsel confirm the Canadian and EU/UK wording, before it goes into effect.

Privacy Policy

Effective date: on publication

The short version

Our Pear Tree is a private family keepsake. Your family's photos, videos, and notes are yours. We do not show ads, we do not sell or share your data for advertising, and we do not use your photos or the things you write to train any model. Nothing you add is public, and only the people you invite can see it. You can export everything, at full quality, for free, at any time.

Who we are

Our Pear Tree is operated by 17576528 Canada Inc., based in Surrey, British Columbia, Canada. We are the controller of your personal information.

Privacy Officer: Gurtej Arora, Founder. Contact: privacy@ourpeartree.com.
General contact: hello@ourpeartree.com.
EU and UK representative (Article 27): [to be appointed before EU/UK marketing].

What we collect

Account data: your email address and authentication records. Sign-in is handled by Supabase Auth.
Family content you create: the photos, videos, and notes you add about your family, the people and pets you tag, dates, and optional place labels. This is private to your family and the viewers you invite.
Photo and video metadata (EXIF): we read embedded metadata (such as the capture date and any device or location data your camera saved) to place a photo correctly on the timeline. Your originals are kept exactly as you uploaded them, so any metadata they contain stays in the original and is included if you export. Location is never shown on a shared link unless you turn that on.
Optional health-category entries: if you use pregnancy or medical entry types, we collect them only after you give explicit consent the first time you open such a feature, and we record that consent. Sensitive medical identifiers (such as medication names and doses, and vaccine identifiers) are additionally encrypted at the field level and kept out of search and out of any printed book.
Notification token: if you turn on reminders, we store a push token for your device so we can send the prompts you asked for. You can turn reminders off at any time.
Anonymous, counts-only usage data: we measure product events (for example, "an entry was created") in an anonymized form using PostHog. These carry no user identifier, no email, no names, and none of your photos or text, and we use them only in aggregate to improve the product.
Diagnostics: crash and performance data (via Sentry) to keep the app working. It is scrubbed of personal content and is not linked to your identity.
Operational and security records: limited records such as sign-in events and share-link activity, kept 13 months for security and abuse prevention, with IP addresses stored only as a salted hash.

We do not use third-party advertising SDKs. We do not access your device contacts. There is no public feed, no public profiles, and no public comments. We do not run face recognition, automatic tagging, content-reading AI, or optical character recognition on your photos or text.

The private vault (zero-knowledge)

You may opt specific content (typically trying-to-conceive and pregnancy moments) into a private vault. Vault content is encrypted on your device with a key derived from a password only you know. We only ever hold the encrypted, unreadable version, so we cannot read vault content and cannot reset a forgotten vault password. Your 24-word recovery phrase is the only way to recover a vault, so keep it safe. Because vault content is unreadable to us, it is excluded from thumbnails, search, printed books, and shared links. Vault protection cannot prevent someone who has your unlocked device, your screenshots, your device backups, your exported files, or your recovery phrase from seeing that content.

How we use your information

To provide the service: store, organize, encrypt, back up, display, and export your family's content for you and the people you invite, and render the books and exports you request.
To send the emails and reminders you ask for.
To keep the service secure and prevent abuse.
To understand and improve the product using anonymous, aggregate usage data only. We never use your photos, videos, or words to train any model or to build features beyond serving your content back to your family.

Children's data

The content is about children, but the account holders are parents and guardians documenting their own children. The service is directed to adults. Children may not create accounts, log in, upload content, submit information, or use the service directly. There are no child accounts and no child login, and we require an "I am a parent or guardian, 18 or older" confirmation at sign-up. We collect children's information from the parent or guardian acting on the child's behalf, not from children. If we learn that a child has created an account, we will delete it or place it under verified parent or guardian control. When a child reaches the age of majority, they may request a full export of, and exercise rights over, the record about them; we will publish that process before the first cohort reaches the age of majority.

Your privacy rights (Canada)

We handle personal information in accordance with British Columbia's Personal Information Protection Act (PIPA) and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). You may ask to access or correct your personal information, withdraw consent, or ask questions about how we handle it, by contacting our Privacy Officer at privacy@ourpeartree.com. If you are not satisfied with our response, you may contact the Office of the Information and Privacy Commissioner for British Columbia (OIPC) or the Office of the Privacy Commissioner of Canada (OPC).

Rights and legal bases for EU and UK users

For users in the EU and UK, we also provide the rights of access, rectification, erasure, restriction, objection, and portability, and we rely on these legal bases: performance of our contract with you for the core service (Art. 6(1)(b)); your explicit consent for health-category entries (Art. 9(2)(a)), recorded separately and withdrawable; and our legitimate interests for security, abuse prevention, and product improvement via anonymous aggregate data (Art. 6(1)(f)). You may lodge a complaint with your local supervisory authority. Our EU and UK representative is listed above.

International data transfers

Your data is stored and processed in Canada and the United States. Where we transfer personal information across borders, we use appropriate safeguards such as Standard Contractual Clauses or the UK International Data Transfer Addendum, and we remain responsible for it under PIPEDA and PIPA.

How your data is stored and protected

Encryption in transit (TLS) and at rest.
Recoverable server-side encryption for the general archive, field-level encryption for sensitive medical identifiers, and the zero-knowledge vault described above.
Durability: every photo is kept as its untouched original across two independent providers (Backblaze B2 plus an AWS cold backup), and is integrity-checked.
Portability: you can export your entire archive (originals plus an open metadata manifest) at full quality, for free, at any time. If we ever wind the service down, we will give at least 90 days' notice and a one-click full export.

Who can see your data

The family members and viewers you invite. Viewers are read-only.
Anyone you give a share link to. Links are scoped, expiring, and revocable, are not indexed by search engines, and serve display-quality media (and never your embedded location) unless you opt in.
Our staff cannot routinely access your media or the text of your entries. Support tools expose only account and membership details. Access to family content requires a narrow, logged "break-glass" action for a specific legal or safety reason, justified per incident and recorded in an audit log. We can never read vault content.
We do not proactively scan private family photos.

Law-enforcement and legal requests

We require valid legal process before disclosing personal information to law enforcement, we limit any disclosure to what the law requires, and we will notify you where we are legally permitted to. We comply with mandatory Canadian and United States child-safety reporting obligations on actual knowledge.

Email and notifications

Transactional and optional digest emails are sent via SendGrid from mail.ourpeartree.com. Push reminders, if you enable them, are sent through Apple and Google push services. You can turn off non-essential emails and reminders in settings.

Payments

Subscriptions are processed by Apple, Google, or Stripe, unified by RevenueCat. We do not receive or store your full payment card details.

Retention and deletion

We keep your archive while your subscription is active, with a 30-day grace period after cancellation before deletion, and reminders to export.
Inactivity never triggers deletion. A bereavement archive remains free to access and export.
You can delete your account or family at any time. Family deletion is a 30-day soft delete, followed by a verified hard delete of database rows, hot storage (Backblaze B2), and cold backups (AWS).

Security incidents

If a breach of security safeguards creates a real risk of significant harm, we will notify affected users and the appropriate regulators (including the Office of the Privacy Commissioner of Canada, and EU/UK authorities where required) without undue delay, consistent with PIPEDA, GDPR, and UK GDPR.

Sub-processors

We use the following service providers, acting on our behalf, to run the service. We do not sell or share data with them for advertising or cross-context tracking. We post changes to this list here and notify you of material changes.

Provider	Purpose
Supabase	Database and authentication
Backblaze B2	Primary media storage (your photos and videos)
Amazon Web Services	Encrypted cold backup of media
Cloudflare	Content delivery (serving media)
Fly.io	Application and API compute
Vercel	Web app hosting
SendGrid (Twilio)	Transactional and digest email
PostHog	Anonymous, counts-only product analytics
Sentry	Error and performance diagnostics
RevenueCat, Apple, Google, Stripe	Subscription billing and entitlements
Lulu	Print-on-demand, only if you order a printed book

Changes that require renewed consent

If we ever propose to use your information in a materially new way (for example, advertising, cross-context tracking, or any use of your content to train a model), we will ask for your consent first. Material changes to health-data handling will also be subject to fresh consent.

Changes to this policy

We will post changes here and, for material changes, notify you in the app or by email.

Contact

Privacy Officer, Gurtej Arora: privacy@ourpeartree.com. General: hello@ourpeartree.com. Our Pear Tree, 17576528 Canada Inc., Surrey, British Columbia, Canada.

See also our Terms of Service. Back to ourpeartree.com.