Privacy Policy

Last updated: June 2026. A German version is available at /datenschutz.

1. Controller

The data controller under the GDPR is:
Jonathan Gorstka, Germany
Email: papermindsupport@gmail.com

2. Categories of personal data we process

• Account data: email address, display name, password hash.
• Uploaded PDFs: the contents of your PDF files, extracted text, AI-generated summaries and chat messages.
• Usage data: number of PDFs processed, timestamps, technical log data (IP address, browser, access time) for security and debugging.
• Payment data: for Premium subscriptions, payment data is collected by our payment processor Paddle (see below).

3. Purposes and legal bases

• Providing the service (Art. 6(1)(b) GDPR – performance of a contract)
• Security, fraud prevention, stability (Art. 6(1)(f) – legitimate interest)
• Billing and accounting (Art. 6(1)(c) – legal obligation)
• Customer communication (Art. 6(1)(b)/(f))

4. Recipients / processors

• Supabase – hosting, database, authentication, file storage.
• Cloudflare – application hosting, CDN, DDoS protection.
• Paddle.com Market Ltd. – our Merchant of Record (MoR) and payment processor. Paddle handles all orders, subscription management, payments, invoicing and tax compliance, and processes refunds.
• AI providers via the Lovable AI Gateway (e.g. Google, OpenAI) to generate summaries and answer your questions. Content is processed only to deliver the answer and is not used to train the models.
• Google, if you sign in with Google.

5. International data transfers

Some of these providers may process personal data outside the EU/EEA. We rely on EU Standard Contractual Clauses or adequacy decisions of the EU Commission.

6. Data retention

We store account data and uploaded PDFs for as long as your account exists. You can delete your PDFs at any time. When you delete your account, related data is deleted unless legal retention obligations apply (e.g. invoices: 10 years).

7. Your rights

You have the right to access, rectification, erasure, restriction of processing, data portability and objection. Contact papermindsupport@gmail.com. You may also lodge a complaint with the competent data protection authority.

8. Security

We apply appropriate technical and organisational measures (TLS encryption, access controls, hashed passwords) to protect your data.

9. Cookies

We only use technically necessary cookies / local-storage entries (e.g. login session and language selection). We do not use tracking or advertising cookies.