Privacy Policy
1) Scope
This Privacy Policy explains how PaperPush collects, uses, discloses, and protects information when you:
- Visit our website(s) and app(s)
- Create an account
- Connect integrations (e.g., Gmail, Plaid, QuickBooks)
- Upload or process documents and data through PaperPush
This policy does not cover third-party sites/services you connect to (Google, Plaid, Intuit, banks, etc.). Their policies apply to their systems.
2) The data we collect
A. Account & identity information
- Name, email, password hash (not plaintext), company name
- Billing and subscription metadata (plan, payment status, invoices)
- Account settings and preferences
B. Integration data (connected services)
When you connect third-party services, we may collect:
- Integration identifiers (account IDs, connection state)
- OAuth tokens / refresh tokens (stored securely)
- Sync timestamps and ingestion watermarks
- Selected metadata from connected services needed to operate PaperPush
Gmail / Email ingestion (if connected):
- Sender/recipient metadata, message IDs, timestamps, thread IDs
- Email snippets and headers if needed for processing
- Attachments (PDFs) and/or rendered PDFs created from email content when no attachment exists
- Vendor-specific filters (e.g., sender email or search strings)
Plaid / Bank feed (if connected):
- Transaction data (merchant name, date, amount, category)
- Account metadata (institution name, last4, type)
- Plaid item IDs and tokens (stored securely)
QuickBooks / Accounting (if connected):
- Sync state, identifiers, mapping metadata
- Objects you import/export (jobs, vendors, invoices, etc.) depending on your configuration
C. Documents & extracted information
When you upload, ingest, or process documents, we may store:
- The raw file (PDF) or a normalized version
- Extracted text and structure (e.g., text blocks, geometry/layout metadata)
- Extracted fields (vendor, totals, dates, line items, job names, payment method info)
- Validation metadata (math checks, totals reconciliation reports)
- Document classification labels (e.g., invoice vs receipt)
D. Usage, diagnostics, and security logs
We collect operational and security information such as:
- IP address, device/browser, timestamps
- App activity logs, audit trails, error logs
- Trace IDs and internal processing logs (for debugging, reliability, auditability)
3) How we use your data
We use information to:
- Provide and operate PaperPush
- Ingest documents from integrations you authorize
- Extract, normalize, classify, and summarize documents
- Create structured records, reports, exports, and reconciliation views
- Detect duplicates, prevent fraud/abuse, and maintain security
- Improve system reliability, performance, and accuracy
- Communicate with you (support, account notices, service updates)
- Comply with legal obligations
4) AI / Automated processing disclosure
PaperPush uses automated systems, including machine learning and/or large language model (LLM) services, to help extract or structure information.
We may send limited document content (or derived text/structure) to AI providers strictly to perform the requested extraction.
We do not guarantee accuracy: AI outputs can be wrong.
You remain responsible for reviewing outputs before relying on them.
5) What we share (and what we don’t)
We do not sell your personal data.
A. Service providers (processors)
Vendors that help us run PaperPush, such as:
- Cloud hosting (e.g., Render)
- Storage (e.g., AWS S3 or equivalent)
- Email providers / APIs (Google)
- Financial aggregation (Plaid)
- Accounting integrations (Intuit QuickBooks)
- AI/LLM providers (for extraction)
- Error monitoring / logging infrastructure
They process data under contractual obligations consistent with providing services to us.
B. Legal and safety
We may disclose information if required to:
- Comply with law, subpoena, court order, or regulator request
- Enforce our Terms
- Prevent fraud, abuse, or security threats
- Protect rights, property, and safety of PaperPush and users
C. Business transfers
If we’re involved in a merger, acquisition, financing, or sale of assets, your data may be transferred as part of the transaction, subject to appropriate confidentiality controls.
6) Data retention
We retain data as long as needed to provide the service and comply with legal obligations.
Typical retention includes:
- Documents and extracted records: until you delete them or close your account (unless legally required otherwise)
- Logs/audit records: retained for security and integrity, potentially longer than documents, and may be de-identified where feasible
7) Deletion and control
You can:
- Disconnect integrations (stops future ingestion)
- Delete documents/records (subject to system constraints and legal retention)
- Request account deletion by contacting us at [Support Email]
Note: Some logs/audit trails may be retained to prevent fraud, debug issues, or comply with law, potentially in de-identified form.
8) Security
We use reasonable administrative, technical, and physical safeguards, including:
- Encryption in transit (HTTPS/TLS)
- Access controls and least-privilege permissions
- Secure storage of OAuth tokens (and encryption where appropriate)
- Monitoring and logging for suspicious activity
No system is 100% secure. You use PaperPush at your own risk.
9) International data transfers
If you access PaperPush from outside the United States, your data may be processed in the U.S. or other countries where our providers operate.
10) Children
PaperPush is not intended for children under 13 (or under 16 where applicable). We do not knowingly collect such data.
11) Changes to this policy
We may update this Privacy Policy. If changes are material, we’ll provide notice in-app or via email. Continued use after the effective date means you accept the updated policy.
12) Contact
Questions or requests: paperpushapp@gmail.com