We believe privacy is a design requirement, not a checkbox. This policy explains what we collect, why we collect it, and what you can do about it.
Paperstack ("we," "our," or "us") operates the Paperstack iOS application and related services (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the Service.
We are the data controller for personal data collected through the Service. Our contact for all privacy matters is support@trypaperstack.app.
This policy applies to all users of the Service, including users in the United States, the European Union, and all other jurisdictions. Where we reference specific rights (such as GDPR rights), those rights apply to users in the relevant jurisdiction.
Short version: We collect only what we need to run the service. We don't sell your data. We don't run advertising. Your receipts and documents belong to you.
By downloading or using Paperstack, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of the Service.
We collect information you provide directly, information generated through your use of the Service, and limited technical information from your device.
When you create a Paperstack account, we collect your email address. That's it. We use one-time passcode (OTP) authentication — we never ask you to create a password, and no password is stored in our systems. Your email address is used to send you OTPs for sign-in and to send you service-related notifications such as warranty expiry alerts.
Paperstack's core purpose is to store and organize your receipts and documents. When you capture or upload a receipt, we collect and store:
Receipt images are sent to our AI parsing provider (Anthropic) to extract structured data. See the Data Sharing section for details.
To deliver the Service, we collect limited device-level information:
We do not collect your device's UDID, advertising identifier (IDFA), or any persistent hardware identifier.
We collect minimal session-level metadata to understand how the Service is used and to debug issues:
We do not use third-party behavioral analytics SDKs (such as Mixpanel or Amplitude) that track detailed user behavior across sessions.
Subscription billing for Paperstack is handled entirely by the Apple App Store via our payment processor, RevenueCat. We never see, collect, or store your credit card number, bank account, or full billing address. We receive from RevenueCat only: your subscription status (active, expired, cancelled), your subscription tier, and the date of your most recent renewal. Your App Store receipt is processed by RevenueCat to validate entitlements.
We use the information we collect for the following purposes:
We may use your email address to send you:
We do not send marketing emails from third parties. We do not share your email address with advertisers.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following lawful bases as defined by the General Data Protection Regulation (GDPR):
Processing your email address, receipt data, device information, and subscription status is necessary to perform the contract between you and us — i.e., to provide the Paperstack service you signed up for. Without this processing, we cannot deliver the Service.
We process usage data and error logs based on our legitimate interest in maintaining a stable, secure, and improving product. We have assessed that this interest is not overridden by your privacy rights, given the limited scope of this data and the absence of behavioral profiling.
We process your push notification token and send push notifications only where you have given explicit consent through iOS's notification permission dialog. You may withdraw consent at any time by disabling notifications for Paperstack in iOS Settings.
We may process personal data where required to comply with a legal obligation, such as responding to a court order or regulatory requirement.
We do not sell your personal data. We do not share your data with advertising networks. We share your data only with the following categories of service providers, each of whom processes data strictly to provide services to us:
Convex, Inc. is our backend infrastructure provider. All your account data, receipts, documents, and vault contents are stored in Convex's database. Convex processes this data on our behalf under a data processing agreement and does not use it for any purpose other than operating the Service. Convex data is stored in the United States.
Resend is used to send OTP codes to your email address. When you request a sign-in code, your email address is passed to Resend to deliver the message. Resend does not store your email address beyond what is required for delivery logging.
RevenueCat manages subscription entitlements via the Apple App Store. RevenueCat receives your App Store receipt data to validate your subscription. We receive from RevenueCat only your subscription tier and status. RevenueCat operates under its own privacy policy.
Expo's push notification infrastructure is used to relay warranty and return alerts to your device via Apple's Push Notification service (APNs). Your push notification token is transmitted to Expo to enable delivery. Expo does not have access to your receipt content or personal data beyond the token.
When you capture a receipt, the image is sent to Anthropic's API (Claude) to extract structured data fields such as merchant name, amount, date, and line items. Anthropic processes the image on our behalf under a data processing agreement. Anthropic's API data is not used to train Anthropic's models when submitted via the API under our enterprise agreement. Receipt images are not permanently stored by Anthropic beyond the duration of the API request.
We may also disclose your information in the following circumstances:
We retain your personal data for as long as your account is active, and for the periods described below after your account is closed or you make a deletion request.
Your email address and account record are retained while your account is active. Upon a valid deletion request (see Your Rights below), your account and email address are permanently deleted within 90 days. This 90-day window exists to allow recovery in case of accidental deletion and to allow us to process any outstanding billing or legal obligations.
Your receipts, document uploads, vault contents, and associated metadata are retained for as long as your account exists. When your account is deleted, this data is deleted from our active systems within 90 days. Backups are purged on a rolling 90-day schedule.
Push notification tokens are refreshed automatically by iOS and updated in our systems accordingly. Expired or inactive tokens are removed within 30 days of becoming inactive.
Server-side logs (authentication events, error logs, API request logs) are retained for 90 days on a rolling basis, after which they are automatically deleted.
Notwithstanding the above, we may retain data for longer periods where required by applicable law or ongoing legal proceedings.
You have meaningful rights over your personal data. We honor these rights regardless of your jurisdiction, though the specific legal framework varies.
You have the right to access the personal data we hold about you and to receive it in a portable format. The Paperstack app includes a built-in Data Export feature (Settings → Account → Export My Data) that allows you to download all your receipts and vault data as a CSV or PDF. You may also email support@trypaperstack.app to request a complete export of your account data.
You have the right to correct inaccurate personal data. You can update your email address and any receipt or document data directly within the app. For account-level corrections that are not available in the app, contact us at support@trypaperstack.app.
You have the right to request deletion of your personal data. You can delete your account and all associated data directly within the app (Settings → Account → Delete Account). Alternatively, send an email to support@trypaperstack.app with the subject line "Data deletion request". We will confirm receipt within 5 business days and complete deletion within 90 days.
Note: Deletion of your account does not entitle you to a refund of any subscription fees already paid. We may retain certain records where required by law (e.g., transaction records for tax purposes).
You have the right to object to processing based on legitimate interests and to request that we restrict processing of your data in certain circumstances (e.g., while you contest its accuracy). Contact us at support@trypaperstack.app to exercise these rights.
Where we rely on consent (push notifications), you may withdraw consent at any time by disabling notifications for Paperstack in your iOS Settings. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
If you are in the EEA, you have the right to lodge a complaint with your local data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu. We ask that you contact us first so we have the opportunity to address your concern.
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
To exercise your CCPA rights, contact us at support@trypaperstack.app. We will respond within 45 days as required by law.
We implement technical and organizational measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
All data transmitted between the Paperstack app and our backend is encrypted using TLS 1.2 or higher. This includes receipt images, OCR results, and account data. We enforce HTTPS for all endpoints and reject unencrypted connections.
Your data stored in our database (Convex) is encrypted at rest using AES-256 encryption managed by Convex's infrastructure. Receipt images stored in our file storage are similarly encrypted at rest.
We use one-time passcode (OTP) authentication exclusively. Because there are no passwords in our system, there is no password database that can be breached. OTPs expire after 10 minutes and are single-use. We apply rate limiting to OTP generation to prevent brute-force attacks.
Access to production systems and user data is restricted to authorized personnel on a need-to-know basis. We do not grant third-party vendors broad access to our production database.
In the event of a data breach that affects your personal data, we will notify affected users and, where required by law, the relevant supervisory authority (e.g., under GDPR within 72 hours of becoming aware of the breach). Notification will include the nature of the breach, the data affected, the likely consequences, and the measures we are taking to address it.
No security system is impenetrable. While we take these measures seriously, we cannot guarantee the absolute security of your data.
Paperstack's Vault tier includes a household sharing feature that allows you to create a shared vault with up to four other members of your household.
When you add a receipt or document to a shared vault, members of that household vault can see the receipt's merchant name, transaction amount, transaction date, and any category or notes you've added. The original receipt image is also visible to household members for shared vault items.
Household members cannot see receipts or documents stored in your personal (non-shared) vaults. Your personal vaults are fully private to you. Email addresses of household members are visible only to the vault owner (the person who created and manages the household vault). Other members see fellow members by a display name, not their email address, unless you have explicitly shared it with them.
When you invite someone to join your household vault, their email address is used only to send them an invitation. If they accept, they become a member of the shared vault. The vault owner may remove any member at any time, which immediately revokes their access to the shared vault.
You may leave a household vault at any time through Settings → Households. Leaving a household does not delete the shared receipts from the vault — those remain accessible to the remaining members. Your personal receipts are unaffected.
The Paperstack Service is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and you believe your child has provided us with personal information, please contact us at support@trypaperstack.app.
If we learn that we have collected personal data from a child under 13 without verifiable parental consent, we will take steps to delete that information from our systems as promptly as possible.
If you are located in the EEA, the minimum age is 16 (or the lower age of digital consent in your member state). Users between 13 and the applicable minimum age in their jurisdiction should obtain parental consent before using the Service.
Paperstack is operated from the United States. Our service providers (Convex, Resend, RevenueCat, Expo, and Anthropic) primarily process data in the United States.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal data is transferred to and processed in the United States. The United States does not have an adequacy decision from the European Commission for all transfers.
We address this by relying on Standard Contractual Clauses (SCCs) approved by the European Commission (or their UK equivalent, the International Data Transfer Agreement) as the legal mechanism for transferring your personal data from the EEA/UK to the United States. Our data processing agreements with Convex, Resend, RevenueCat, Expo, and Anthropic include these clauses.
You may request a copy of the relevant transfer mechanisms by contacting us at support@trypaperstack.app.
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. We will indicate the effective date of any revision at the top of this page.
For material changes — changes that significantly affect your rights or how we process your personal data — we will notify you by email at the address associated with your account at least 30 days before the changes take effect. This gives you time to review the changes and, if you disagree, to delete your account before the new policy applies to you.
For non-material changes (such as clarifications, typo corrections, or minor organizational updates), we may update the policy without prior notice.
Your continued use of the Service after a material change takes effect constitutes your acceptance of the updated Privacy Policy.
If you have any questions about this Privacy Policy, your personal data, or how to exercise your rights, please contact us:
Email: support@trypaperstack.app
Subject line for deletion requests: "Data deletion request"
Subject line for data access requests: "Data access request"
We aim to respond to all privacy-related inquiries within 5 business days. For requests that require action (deletion, data export), we will complete them within the timeframes described in Your Rights, above.
For the fastest resolution, please send your request from the email address associated with your Paperstack account so we can verify your identity without additional steps.