Last updated: March 24, 2026
PaperChat.ai (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our document transformation and AI chat service. We comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Account Data: Email address, name, and hashed password when you create an account. If you use Google OAuth, we receive your Google profile name and email.
Document Data: PDF files and text content you upload for transformation or chat. This includes extracted text, document chunks, and AI-generated embeddings.
Usage Data: Feature usage counts, session information, and interaction logs to enforce usage limits and improve the service.
Payment Data: Payment processing is handled by Stripe. We store your Stripe customer ID and subscription status but never store credit card numbers.
Technical Data: IP address, browser type, and device information collected via server logs.
We use your data to: (a) provide the document transformation and chat services; (b) manage your account and subscription; (c) enforce usage limits; (d) improve the service; (e) communicate with you about your account. We process document content solely to provide the requested service and do not use your documents to train AI models.
We share data with: (a) OpenAI for AI processing (document text is sent to their API); (b) Stripe for payment processing; (c) cloud hosting providers for infrastructure. We do not sell your personal data to third parties. We may disclose data if required by law or to protect our rights.
For anonymous users: uploaded documents are deleted after 24 hours. For registered users: documents are retained until you delete them or your account. For deleted accounts: all data is permanently deleted within 30 days. Chat histories are retained as long as the associated document exists.
If you are in the EEA, you have the right to: access your personal data; rectify inaccurate data; erase your data (“right to be forgotten”); restrict processing; data portability; object to processing. To exercise these rights, contact [email protected].
If you are a California resident, you have the right to: know what personal information we collect; request deletion of your data; opt out of the sale of personal information (we do not sell data); non-discrimination for exercising your rights. To exercise these rights, contact [email protected].
We implement industry-standard security measures including: encrypted data transmission (TLS), hashed passwords (bcrypt), secure session management, and access controls. While we strive to protect your data, no method of transmission over the Internet is 100% secure.
We use essential cookies for session management and authentication. We do not use third-party tracking cookies. Essential cookies are necessary for the service to function and do not require consent.
The Service is not intended for users under 13 years of age. We do not knowingly collect personal data from children under 13. If we learn we have collected such data, we will delete it promptly.
We may update this policy from time to time. Material changes will be communicated via email to registered users. The “Last updated” date at the top indicates when this policy was last revised.
For privacy-related inquiries: [email protected]. Data Protection Officer: [email protected].