What We Collect
We collect the minimum data needed to operate the Service:
- Account data: Email address, hashed password, name (optional).
- Billing data: Managed by Stripe. We store your Stripe customer ID but never see or store your credit card number.
- Usage data: API call timestamps, endpoints called, response status codes. Used for billing and rate limiting.
- API keys: Stored securely. Only the last 8 characters are visible in the dashboard.
What We Don't Collect
- Document content: HTML sent to the API is processed in memory and discarded after PDF generation. We do not store, log, or inspect your document content.
- Generated PDFs: PDFs are streamed directly to you and not retained on our servers.
- Tracking cookies: We do not use third-party analytics or advertising cookies.
How We Use Your Data
- To provide and maintain the Service.
- To process billing and enforce plan limits.
- To send transactional emails (password resets, billing alerts).
- To detect and prevent abuse.
We do not sell your data. We do not share it with third parties except Stripe (for payment processing).
Data Retention
- Account data is retained while your account is active.
- Usage records are retained for 90 days for billing purposes.
- You can request deletion of your account and all associated data at any time.
Your Rights
You have the right to:
- Access your personal data.
- Correct inaccurate data.
- Request deletion of your data.
- Export your data.
To exercise these rights, email contact@getpapyr.dev.
Security
We use industry-standard security measures including encrypted connections (TLS), hashed passwords (bcrypt), and secure API key generation. However, no method of transmission over the Internet is 100% secure.
Changes
We may update this policy from time to time. We will notify you of material changes via email. The latest version will always be available at this URL.