Last updated: March 24, 2026
PaperChat.ai (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and share your personal data when you use our document transformation and AI chat service. We comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Account Data: Email address, name, and hashed password when you create an account. If you authenticate via Google OAuth, we receive your Google profile name and email address.
Document Data: PDF files and text content you upload for transformation or chat. This includes extracted text, document chunks, and AI-generated embeddings used to power search and retrieval.
Usage Data: Feature usage counts, session metadata, and interaction logs used to enforce plan limits and improve the service.
Payment Data: Payment processing is handled by Stripe. We store your Stripe customer ID and subscription status but never store credit card numbers or payment method details.
Technical Data: IP address, browser type, and device information collected via server logs for security and diagnostic purposes.
We use your data to: (a) provide the document transformation and chat services; (b) manage your account and subscription; (c) enforce usage limits; (d) improve the service; (e) communicate with you about your account. We process document content solely to deliver the requested service and do not use your documents to train AI models.
We share data with: (a) OpenAI for AI processing (document text is sent to their API for inference); (b) Stripe for payment processing; (c) cloud hosting providers for infrastructure. We do not sell your personal data to third parties. We may disclose data if required by law or to protect our legal rights.
For anonymous users, uploaded documents are deleted after 24 hours. For registered users, documents are retained until you delete them or close your account. Upon account deletion, all data is permanently removed within 30 days. Chat histories are retained for the lifetime of the associated document.
If you are in the European Economic Area, you have the right to: access your personal data; rectify inaccurate data; erase your data (“right to be forgotten”); restrict processing; data portability; and object to processing. To exercise these rights, contact [email protected].
If you are a California resident, you have the right to: know what personal information we collect; request deletion of your data; opt out of the sale of personal information (we do not sell data); and non-discrimination for exercising your rights. To exercise these rights, contact [email protected].
We implement industry-standard security measures including encrypted data transmission (TLS), hashed passwords (bcrypt), secure session management, and access controls. While we take reasonable steps to protect your data, no method of transmission over the Internet is completely secure.
We use essential cookies for session management and authentication. We do not use third-party tracking cookies. Essential cookies are necessary for the service to function and do not require separate consent.
The Service is not intended for users under 13 years of age. We do not knowingly collect personal data from children under 13. If we become aware that we have collected such data, we will delete it promptly.
We may update this policy from time to time. Material changes will be communicated via email to registered users. The “Last updated” date at the top of this page indicates when this policy was last revised.
For privacy-related inquiries, contact [email protected]. Data Protection Officer: [email protected].