For Squarespace
Privacy & Disclaimer

The honest version.

Pengon is a small, independently-built service. Here’s what we collect, what we do with it, and the limits of what we’re promising while the product is in open beta. Last updated 14 June 2026.

Beta-service disclaimer

Pengon is currently in open beta. We’re proud of what it does, but we’re also being honest about what that means while we’re still growing:

What we collect

When a visitor submits a form on your Squarespace site, our worker receives the same data Squarespace already forwards to your inbox: the visitor’s name, email, phone (if present), the message text, and the page they submitted from. We classify it and store it so you can view it in your dashboard.

We also store the minimum needed to run your account: your Clerk user ID, your sign-up email, and the domain(s) of the site(s) you’ve connected.

If you become a Founding Member, your $50 one-time payment is processed by Stripe. We do not store your card details - Stripe handles all card data on their PCI-compliant infrastructure. What we store on our end is the Stripe checkout session ID, the customer email and (optional) name you provided at checkout, the amount paid, and a timestamp. This is the minimum we need to grant lifetime access, issue refunds, and remit Swiss VAT.

How we use it

Your submission data is yours. We use it for exactly three things:

We never sell, share, or transfer your submission data to third parties. We don’t use it for advertising. We don’t train other people’s models on it.

The training corpus

Pengon’s spam detection runs on Cloudflare Workers AI using Mistral Small 3.1 24B Instruct. The base model itself is frozen and doesn’t learn from your submissions on its own. What we do do is build an anonymised training corpus that we use to fine-tune a specialised LoRA adapter on top of Mistral at each milestone (50 / 100 / 250 / 500 / 1000 training rows) - so the classifier gets sharper on the spam patterns Pengon customers actually see, but only with very specific, consensual data.

When you click Recover (not spam) on a flagged message - or Report spam on a message the AI let through - that disagreement triggers a training-corpus entry. The corpus row contains:

What the corpus does not contain: no name, no email, no phone number, no site domain, no user ID, no IP, no country, no link back to your account or anyone else’s. Once a row is in the corpus it’s genuinely de-linked - even we can’t tell which Pengon customer it came from.

Why we do this. A spam classifier is only as good as the examples it’s seen. The recoveries you give us are the highest-quality signal we have - cases where the AI got it wrong - and they’re what will eventually make Pengon catch more spam without misfiring on real clients. It’s the single biggest long-term investment we’re making in classifier quality.

Don’t want to contribute? Don’t click Recover or Report spam. Use the Delete button on the row instead - the submission is removed from your dashboard with no training-corpus entry created. You can also delete submissions in bulk via the checkboxes.

Cookies & analytics on this site

pengon.dev uses one privacy-friendly analytics tool: PostHog (EU). PostHog requests are routed through Cloudflare via a managed reverse proxy at p.pengon.dev, so analytics traffic looks like first-party calls to our own domain. Cloudflare is already listed in our sub-processor list above; the proxy adds no new third party to our data flow. We use PostHog to understand which sections of the landing actually help people decide - not to build ad profiles or sell anything.

Our cookie banner is provided by Cookie-Script, a managed consent platform. PostHog does not load until you accept the “Performance” category (or click Accept All). If you reject, no PostHog script is loaded and no analytics cookies are set. Your choice is stored by Cookie-Script in a small first-party cookie (CookieScriptConsent); clear it to see the banner again.

We’ve configured PostHog with person_profiles: "identified_only" - no person profile is created for anonymous visitors. PostHog itself is GDPR-compliant under EU hosting; see their privacy policy for details.

How long we keep things

Third-party services we use

Pengon runs on Cloudflare (Workers, D1, Workers AI, Pages). Auth is handled by Clerk. Transactional emails (recovery notices) are sent by Resend. Founding Member payments are processed by Stripe. Form classification runs on Cloudflare Workers AI using Mistral Small 3.1 24B, optionally augmented with a Pengon-trained LoRA adapter. Each of these processes data on our behalf under their own data-processing terms; we don’t share data with anyone else.

Sub-processors at a glance:

B2B customers who need a signed Data Processing Agreement (DPA) can find ours at /dpa.

Your rights

You can ask us at any time to:

Just email hello@pengon.dev. We answer same-day during the work week. We can’t un-mix training-corpus rows from the corpus - they’re anonymised and don’t reference you anymore - but everything else we’ll delete on request.

Plain-language disclaimer

This page is a friendly explanation of what we actually do, not a legal contract. It doesn’t replace the formal Terms of Service we’ll publish before opening public signup. If something here is unclear or you’d like a specific question answered, please reach out.

Published in accordance with Swiss e-commerce disclosure requirements (UWG Art. 3 lit. s) and the equivalent EU/EEA transparency expectations.

Operator

Pengon is operated by:
Quad Studio
Zürich, Switzerland

Quad Studio is a Swiss sole proprietorship. The proprietor is responsible for the content of pengon.dev and the operation of the Pengon service.

Contact

Product, support, refunds, data requests: hello@pengon.dev
Business, billing, legal: info@quadstudio.ch

Postal address available on written request to either address above.

VAT & tax

Quad Studio is currently below the Swiss VAT registration threshold (CHF 100,000 annual turnover) and is therefore not registered for Swiss VAT. For Founding Member payments, Stripe Tax determines any applicable destination-country VAT/GST at checkout and itemises it on the receipt.

Liability for content & links

We take reasonable care that the information on pengon.dev is accurate, but make no warranty as to its completeness or fitness for any particular purpose. Liability is excluded to the maximum extent permitted by Swiss law, except in cases of intent or gross negligence.

pengon.dev contains links to third-party websites (Squarespace, Cloudflare, Stripe, Clerk, Resend and others). We have no control over their content and accept no liability for them.

Copyright & trademarks

All content on pengon.dev - text, code samples, screenshots, logos, the Pengon name and visual identity - is copyrighted by Quad Studio unless otherwise indicated. Reproduction, adaptation, or commercial use requires our prior written consent.

Squarespace is a trademark of Squarespace, Inc., used here for descriptive purposes only. Pengon is not affiliated with, sponsored by, or endorsed by Squarespace.

Governing law & jurisdiction

This notice, the website, and the Pengon service are governed by Swiss law. Place of jurisdiction: Zürich, Switzerland, subject to mandatory consumer-protection law in the buyer’s country of residence.

EU online dispute resolution

The European Commission provides an online dispute-resolution platform at ec.europa.eu/consumers/odr. Quad Studio is not obligated and does not participate in dispute-resolution proceedings before a consumer arbitration board.