Pave abides by the least privilege principle, and only requests access to data necessary to power our existing products. For API endpoints that share sensitive personal information beyond what is required for Pave's services, we redact this information and prevent it from being stored within Pave's system.