Beta-service disclaimer
Pengon is currently in open beta. We’re proud of what it does, but we’re also being honest about what that means while we’re still growing:
- No uptime SLA. We aim for the same edge-deployed reliability you’d expect from any Cloudflare-hosted service, but if Pengon ever becomes unreachable, your contact form keeps working - submissions fail open and reach you the same way they did before you installed Pengon.
- Classifier mistakes happen. AI spam detection is a probability game,
not a perfect science. We catch the vast majority of AI-written spam, but
the occasional real message will land in the Spam tab. Use
Recover (not spam)to put it back in your inbox; it takes one click. - The product is still evolving. Features may change, ship, or be removed based on what beta customers actually need. We’ll keep you in the loop by email before anything that affects you.
What we collect
When a visitor submits a form on your Squarespace site, our worker receives the same data Squarespace already forwards to your inbox: the visitor’s name, email, phone (if present), the message text, and the page they submitted from. We classify it and store it so you can view it in your dashboard.
We also store the minimum needed to run your account: your Clerk user ID, your sign-up email, and the domain(s) of the site(s) you’ve connected.
If you become a Founding Member, your $50 one-time payment is processed by Stripe. We do not store your card details - Stripe handles all card data on their PCI-compliant infrastructure. What we store on our end is the Stripe checkout session ID, the customer email and (optional) name you provided at checkout, the amount paid, and a timestamp. This is the minimum we need to grant lifetime access, issue refunds, and remit Swiss VAT.
How we use it
Your submission data is yours. We use it for exactly three things:
- Showing you your dashboard. Submissions you receive, their classification, the AI’s reasoning, the score.
- Sending recovery emails. When you click
Recover (not spam), we send the original message as an email to the address on your Pengon account - this is a separate email from us, not a message put back into your Squarespace form inbox. - Anonymised training of our spam classifier - opt-in, on Recoveries only. See the section below.
We never sell, share, or transfer your submission data to third parties. We don’t use it for advertising. We don’t train other people’s models on it.
The training corpus
Pengon’s spam detection runs on Cloudflare Workers AI using Mistral Small 3.1 24B Instruct. The base model itself is frozen and doesn’t learn from your submissions on its own. What we do do is build an anonymised training corpus that we use to fine-tune a specialised LoRA adapter on top of Mistral at each milestone (50 / 100 / 250 / 500 / 1000 training rows) - so the classifier gets sharper on the spam patterns Pengon customers actually see, but only with very specific, consensual data.
When you click Recover (not spam) on a flagged message
- or Report spam on a message the AI let through
- that disagreement triggers a training-corpus entry. The corpus row contains:
-
The message text, with email addresses, URLs and phone-number patterns
automatically replaced with
[email],[url]and[phone]tokens before storage; - The AI’s original classification and reasoning;
- Your verdict (in this case: “clean”);
- A timestamp.
What the corpus does not contain: no name, no email, no phone number, no site domain, no user ID, no IP, no country, no link back to your account or anyone else’s. Once a row is in the corpus it’s genuinely de-linked - even we can’t tell which Pengon customer it came from.
Why we do this. A spam classifier is only as good as the examples it’s seen. The recoveries you give us are the highest-quality signal we have - cases where the AI got it wrong - and they’re what will eventually make Pengon catch more spam without misfiring on real clients. It’s the single biggest long-term investment we’re making in classifier quality.
Don’t want to contribute? Don’t click Recover or Report spam. Use the Delete button on the row instead - the submission is removed from your dashboard with no training-corpus entry created. You can also delete submissions in bulk via the checkboxes.
Cookies & analytics on this site
pengon.dev uses one privacy-friendly analytics tool:
PostHog (EU). PostHog
requests are routed through Cloudflare via a managed reverse
proxy at p.pengon.dev, so analytics traffic
looks like first-party calls to our own domain. Cloudflare
is already listed in our sub-processor list above; the proxy
adds no new third party to our data flow. We use PostHog to
understand which sections of the landing actually help
people decide - not to build ad profiles or sell
anything.
Our cookie banner is provided by
Cookie-Script, a managed
consent platform. PostHog does not load until you accept
the “Performance” category (or click Accept All). If
you reject, no PostHog script is loaded and no analytics cookies
are set. Your choice is stored by Cookie-Script in a small
first-party cookie (CookieScriptConsent); clear it
to see the banner again.
We’ve configured PostHog with
person_profiles: "identified_only" - no
person profile is created for anonymous visitors. PostHog itself
is GDPR-compliant under EU hosting; see their
privacy policy for
details.
How long we keep things
- Submissions in your dashboard: stored in our database until you delete them. Bulk deletion is one click away.
- Account info: kept while your account is active. On request we delete everything.
- Training-corpus rows (anonymised): retained indefinitely once anonymised. Because they no longer reference any individual, we treat them as fully de-identified data per the EU GDPR § Recital 26.
Third-party services we use
Pengon runs on Cloudflare (Workers, D1, Workers AI, Pages). Auth is handled by Clerk. Transactional emails (recovery notices) are sent by Resend. Founding Member payments are processed by Stripe. Form classification runs on Cloudflare Workers AI using Mistral Small 3.1 24B, optionally augmented with a Pengon-trained LoRA adapter. Each of these processes data on our behalf under their own data-processing terms; we don’t share data with anyone else.
Sub-processors at a glance:
- Cloudflare - hosting, database, AI inference (US/EU/global edge).
- Clerk - authentication, user records (US).
- Stripe - payment processing, Founding Member payments (US/IE).
- Resend - transactional email delivery (US).
B2B customers who need a signed Data Processing Agreement (DPA) can find ours at /dpa.
Your rights
You can ask us at any time to:
- Export everything we have on you (submissions, account info);
- Delete your account and all associated submissions;
- Correct anything we’ve recorded inaccurately.
Just email hello@pengon.dev. We answer same-day during the work week. We can’t un-mix training-corpus rows from the corpus - they’re anonymised and don’t reference you anymore - but everything else we’ll delete on request.
Plain-language disclaimer
This page is a friendly explanation of what we actually do, not a legal contract. It doesn’t replace the formal Terms of Service we’ll publish before opening public signup. If something here is unclear or you’d like a specific question answered, please reach out.
Legal notice - who runs Pengon
Published in accordance with Swiss e-commerce disclosure requirements (UWG Art. 3 lit. s) and the equivalent EU/EEA transparency expectations.
Operator
Pengon is operated by:
Quad Studio
Zürich, Switzerland
Quad Studio is a Swiss sole proprietorship. The proprietor is responsible for the content of pengon.dev and the operation of the Pengon service.
Contact
Product, support, refunds, data requests:
hello@pengon.dev
Business, billing, legal:
info@quadstudio.ch
Postal address available on written request to either address above.
VAT & tax
Quad Studio is currently below the Swiss VAT registration threshold (CHF 100,000 annual turnover) and is therefore not registered for Swiss VAT. For Founding Member payments, Stripe Tax determines any applicable destination-country VAT/GST at checkout and itemises it on the receipt.
Liability for content & links
We take reasonable care that the information on pengon.dev is accurate, but make no warranty as to its completeness or fitness for any particular purpose. Liability is excluded to the maximum extent permitted by Swiss law, except in cases of intent or gross negligence.
pengon.dev contains links to third-party websites (Squarespace, Cloudflare, Stripe, Clerk, Resend and others). We have no control over their content and accept no liability for them.
Copyright & trademarks
All content on pengon.dev - text, code samples, screenshots, logos, the Pengon name and visual identity - is copyrighted by Quad Studio unless otherwise indicated. Reproduction, adaptation, or commercial use requires our prior written consent.
Squarespace is a trademark of Squarespace, Inc., used here for descriptive purposes only. Pengon is not affiliated with, sponsored by, or endorsed by Squarespace.
Governing law & jurisdiction
This notice, the website, and the Pengon service are governed by Swiss law. Place of jurisdiction: Zürich, Switzerland, subject to mandatory consumer-protection law in the buyer’s country of residence.
EU online dispute resolution
The European Commission provides an online dispute-resolution platform at ec.europa.eu/consumers/odr. Quad Studio is not obligated and does not participate in dispute-resolution proceedings before a consumer arbitration board.