Privacy Policy

Last updated: 1 June 2026

Your documents are among the most private things you own. This policy explains what we collect, why, and the rights you have under the EU General Data Protection Regulation (GDPR) and equivalent laws. We designed PaperOrg to be private by default.

1. Who is responsible

PaperOrg is the data controller for personal data processed through the Service. For any privacy request, contact privacy@paperorg.com.

2. What we collect

• Account data — your email address and authentication details.
• Your documents — the files you upload and the metadata our AI extracts (titles, dates, senders, categories, tags, summaries).
• Usage data — basic technical logs (e.g. device/browser, timestamps, error reports) needed to run and secure the Service.
• Billing data — handled by our payment processor; we do not store your full card details.

3. Why we process it (legal bases)

• To provide the Service (performance of our contract with you) — storing, organising, AI-reading and searching your documents.
• To secure the Service (legitimate interest) — preventing abuse, debugging, protecting accounts.
• To bill you (contract / legal obligation) — managing subscriptions and invoices.
• With your consent — for any optional feature we explicitly ask you to enable.

4. AI processing

To extract information from your documents, content may be sent to trusted AI providers acting as our processors under data-protection agreements. They process it only to return a result to us and do not use it to train their models. We do not sell your data, and we do not use the personal contents of your documents for advertising.

5. Sharing

We share data only with processors who help us run the Service (cloud hosting, AI extraction, email delivery, payments), all bound by confidentiality and data-protection terms. We may disclose data where legally required. If you use a Family plan or share a document, that content becomes visible to the people you share it with.

6. Where data is stored

We host data within the European Union where feasible. Where a processor operates outside the EU, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

7. How long we keep it

We keep Your Content for as long as your account is active. When you delete a document or your account, we remove it from active systems promptly; residual copies in encrypted backups expire on their normal rotation cycle. We keep billing records as required by law.

8. Your rights

Under the GDPR you have the right to:

• access the personal data we hold about you;
• correct inaccurate data;
• delete your data ("right to be forgotten");
• export your data in a portable format;
• object to or restrict certain processing;
• withdraw consent at any time; and
• lodge a complaint with your local data-protection authority.

You can export or delete your data yourself in the app, or email us to exercise any right.

9. Security

We protect your data with server-side authentication, access controls, encryption in transit, and encrypted storage. No system is perfectly secure, but we treat your documents with the care their sensitivity demands.

10. Changes

We'll update this policy as the Service evolves and notify you of material changes.

11. Contact

Privacy questions or requests: privacy@paperorg.com.

This document is provided for general information and should be reviewed by a qualified data-protection professional before relying on it commercially.