Legal

Privacy Policy

Last updated May 2026

1. Information We Collect

We collect account details (name, email), project details (financial parameters, transaction properties, ledger transactions), uploaded documents (PDFs, images), and connection metadata (client IP address, accepted legal versions). We do not collect or log payment cards or SSNs directly; these are routed directly to PCI-compliant subprocessors.

2. How We Use Your Data

Your data is used solely to provide PaperWorking's features: metrics dashboard calculations, OCR automation pipelines, vendor communications, and team collaterals. We never sell your data or share it for marketing.

3. Data Storage & Transfers

All database fields and files are securely stored on Google Cloud Platform in the us-central1 region, using TLS 1.3 in transit and AES-256 at rest.

4. GDPR & CCPA Rights

Under GDPR and CCPA, you have the right to access, rectify, or port your data. We provide self-service utilities inside the dashboard settings to download all platform data in a structured ZIP pack, or to request a full account deletion.

5. Account Deletion Policy

Upon requesting account deletion, a 24-hour verification window is initiated. During this grace period, you can cancel the request. After 24 hours, all database documents, organization invites, and uploaded PDFs are permanently deleted from our live environments. Activity logs are moved to cold archive stores and kept for a maximum of 7 years as required for auditing.

6. Cookie Preferences

We use secure cookies for user sessions. Essential cookies are required to remain signed in. Optional analytics and performance cookies are disabled by default and can be configured through our consent banner.

7. Contact

For privacy-related questions, contact privacy@paperworking.co.