We use cookies for anonymous analytics to improve our service. No advertising or cross-site tracking. Learn more

Legal

Privacy Policy

Last updated: March 1, 2026

1. Introduction

PaperForge is operated by KAM Sié Philippe Angelo, auto-entrepreneur registered in France (“we,” “us,” or “our”). We respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data when you use PaperForge at paperforge.dev (“the Service”).

2. Information We Collect

2.1 Information You Provide

  • Email address: Collected when you request a free PDF download (lead capture) or make a purchase. Used to deliver your document and for transactional communication.
    Legal basis: contractual necessity.
  • Form data: The information you enter into template forms (names, dates, addresses, etc.) is used solely to generate your document. This data is temporarily cached for up to 24 hours to facilitate paid order fulfillment, then automatically deleted.
    Legal basis: contractual necessity.
  • Payment information: Payment details (credit card numbers, billing address) are collected and processed entirely by our third-party payment processor, Polar.sh. We do not store, access, or process your payment card information on our servers.
    Legal basis: contractual necessity.

2.2 Information Collected Automatically

  • Analytics data: If you accept analytics cookies, we use OpenPanel to collect page views, referral source, device type, browser type, and approximate geographic location. This data is aggregated and used to understand how the Service is used.
    Legal basis: consent (via cookie banner).
  • IP address: Your IP address is temporarily processed for rate limiting (to prevent abuse of the document generation API) via Upstash Redis. IP addresses used for rate limiting are not stored permanently or associated with your identity.
    Legal basis: legitimate interest (security, abuse prevention).

3. How We Use Your Information

  • To generate and deliver your requested documents.
  • To process payments and fulfill paid orders.
  • To send transactional emails (document delivery, purchase receipts).
  • To prevent abuse of the Service (rate limiting, fraud prevention).
  • To analyze and improve the Service (aggregated analytics, only with your consent).

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We do not use your data for advertising or profiling.

4. Third-Party Services

We use the following third-party services to operate PaperForge. Each processes data on our behalf and is subject to their own privacy policies:

ServicePurposeData Processed
SupabaseDatabase hostingTemplate content, SEO data (no personal data)
Upstash RedisRate limiting, session cacheIP address (rate limiting), form data (temporary, 24h TTL)
Polar.shPayment processingEmail, payment details
ResendTransactional email deliveryEmail address, document download links
Cloudflare R2PDF file storageGenerated PDF files (24h expiry via presigned URLs)
OpenPanelAnalytics (consent-based)Page views, device info, approximate location
VercelWebsite hostingStandard server logs (IP, user agent)

Where these providers process data outside the European Economic Area, appropriate safeguards are in place through Standard Contractual Clauses (SCCs) or equivalent mechanisms as required under GDPR.

5. Data Retention

  • Form data / session data: Automatically deleted after 24 hours (Upstash Redis TTL).
  • Generated PDFs: Stored in Cloudflare R2 with presigned URLs that expire after 24 hours. PDFs are not retained after expiry.
  • Email addresses: Retained for up to 2 years after your last interaction with the Service for transactional purposes. You may request deletion at any time (see Section 7).
  • Analytics data: Retained in accordance with OpenPanel's data retention policies. Only collected if you have accepted analytics cookies.

6. Cookies and Tracking

PaperForge uses minimal cookies and tracking technologies. On your first visit, a cookie consent banner allows you to accept or reject non-essential cookies. Your preference is stored in your browser's local storage.

  • Analytics cookies (non-essential): OpenPanel sets cookies to distinguish unique visitors and track page views. These are only loaded if you click “Accept” on the cookie banner.
  • Functional cookies: May be used for session management during the payment flow. These are essential for the Service to function and do not require consent.

We do not use advertising cookies, retargeting pixels, or cross-site tracking. You can change your cookie preference at any time by clearing your browser's local storage for this site, which will cause the consent banner to reappear.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

For all users:

  • Access: Request a copy of the personal data we hold about you.
  • Deletion: Request deletion of your personal data.
  • Correction: Request correction of inaccurate personal data.

For EU/EEA residents (GDPR):

  • Right to data portability.
  • Right to restrict processing.
  • Right to object to processing.
  • Right to withdraw consent at any time (e.g., by rejecting cookies or requesting email deletion).
  • Right to lodge a complaint with your local data protection authority.

For California residents (CCPA):

  • Right to know what personal information is collected, used, and disclosed.
  • Right to request deletion of personal information.
  • Right to opt out of the sale of personal information. We do not sell your personal information.
  • Right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (extendable by an additional 60 days for complex requests, with notice).

8. Data Security and Breach Notification

We implement reasonable technical and organizational measures to protect your personal data, including encryption in transit (TLS/HTTPS), access controls, and use of reputable third-party infrastructure providers. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours as required by GDPR. If the breach poses a high risk to you personally, we will also notify you directly without undue delay.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.

10. International Data Transfers

Our third-party service providers may process data in locations outside the European Economic Area, including the United States. Where such transfers occur, they are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure your data receives an adequate level of protection.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes take effect upon posting to this page with an updated “Last updated” date. We encourage you to review this page periodically.

12. Contact

If you have questions or concerns about this Privacy Policy or our data practices, contact us at [email protected].

For all other inquiries, see our Terms of Service and Disclaimer.