Legal · Privacy

Privacy.

Plain-language explanation of how Pearpin handles personal data on pearpin.com. This policy covers the marketing site only — product terms will publish here when the product launches.

Last updated: 29 April 2026

Who we are

Pearpin is operated by UO Tech Pvt Ltd, an Indian private company. References to "Pearpin", "we", "us" or "our" in this policy mean UO Tech Pvt Ltd.

For any privacy question, write to hello@pearpin.com.

What this policy covers

This policy applies to pearpin.com and the contact form on it. It does not yet cover the Pearpin product platform — when that launches, separate product-side terms will be published.

What we collect

The marketing site collects personal data only through the contact form. The fields are:

  • Required: name, work email.
  • Optional: company, role, plan you're considering, primary use case, approximate monthly volume, free-text message.
  • Automatic: the IP address and User-Agent of the submitting browser, plus the timestamp. We use these for spam protection and rate limiting only.
  • UTM parameters from the URL you arrived on (utm_source, utm_medium, utm_campaign, utm_content, utm_term). These are stored in your browser's sessionStorage (per-tab, cleared on tab close) and attached to the contact form submission so we know which campaign or referral the lead came from.

We do not run third-party analytics or advertising trackers on this site, and we do not place cookies for tracking purposes. UTM persistence uses sessionStorage, not cookies.

Why we use it

We process the data above for these purposes only:

  • To respond to your inquiry, schedule walkthroughs or add you to the early-access cohort.
  • To send you a one-time confirmation email and any directly-related follow-up about your inquiry.
  • To prevent abuse of the contact form (rate limits, captcha, basic logs).

We do not use contact-form data for advertising. We do not send marketing emails from this dataset. We do not sell, rent or trade contact details to anyone.

Who processes the data on our behalf

We rely on a small set of categorized service providers to operate the site, protect the contact form from abuse, deliver emails and help us respond to inquiries. Each provider processes data only as needed for the function below, under their own contractual and legal data-protection terms.

  • Website hosting and serverless infrastructure — serves pearpin.com and runs the contact form's API endpoint at /api/contact. May see request metadata (IP, User-Agent) for routing and abuse prevention.
  • Spam-prevention and abuse-protection — verifies that the form was submitted by a human, not a bot. Receives a short-lived challenge token and your IP at the moment of submission.
  • Rate-limiting infrastructure — stores per-IP submission counters (one entry per IP, expiring within an hour) used to prevent abuse of the contact form.
  • Transactional email delivery — delivers your confirmation email and the lead-notification email to our internal mailbox. Receives the form contents and your email address only for that purpose.
  • Business email and lead-response workflows — hosts the mailbox where lead notifications land and our team replies from. This is the canonical record of your inquiry.
  • Optional internal lead-notification tools — when enabled, an internal team channel receives a brief notification per submission so we can respond quickly. These tools are a mirror only; the canonical lead record lives in business email or our lead-management system.

We do not use contact-form data for advertising. We do not sell, rent or trade contact details. We do not currently use a CRM or marketing-automation platform for this form. If that changes, this section will be updated and you can ask us for the current sub-processor list at any time.

How long we keep it

  • Lead notification emails in our business mailbox: retained while we are still in conversation with you, then archived with the rest of our business correspondence. You can ask us to delete the thread at any time.
  • Rate-limit counters (IP + timestamp) held by the rate-limiting service: expire automatically within one hour of the last submission.
  • Server logs (request metadata, no form contents in plain text): retained for up to 30 days for abuse investigation, then purged.
  • Provider-side delivery logs for transactional email: retained per the provider's own policy and not under Pearpin's direct control beyond requesting deletion.

Where it's stored

The marketing site is global by hosting; data may be processed in any region where our service providers operate. Where personal data crosses borders to reach a provider, appropriate contractual and legal safeguards apply between Pearpin and that provider.

Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or port the personal data we hold about you. To exercise any of those rights, email hello@pearpin.com from the address you used on the form. We aim to acknowledge within one business day and to action within 30 days.

We support the rights described in India's DPDP Act (2023) and the EU/UK GDPR equivalents. You may also lodge a complaint with your local data-protection regulator.

Children

The marketing site is not directed at children under 18. We do not knowingly collect data from minors. If you believe we have, write to us and we will delete it.

Changes to this policy

We will update this page when our practices change, and refresh the "last updated" date at the top. Material changes will be flagged in a banner on the site for at least 30 days.

Contact

For privacy questions, data-rights requests, or complaints, write to hello@pearpin.com. For our broader trust posture (security controls, retention defaults, incident response), see /security.