Privacy Policy

Effective Date: January 27, 2026

Company: PaperPush (“PaperPush”, “we”, “us”)

Contact: paperpushapp@gmail.com

1) Scope

This Privacy Policy explains how PaperPush collects, uses, discloses, and protects information when you:

Visit our website(s) and app(s)
Create an account
Connect integrations (e.g., Gmail, Plaid, QuickBooks)
Upload or process documents and data through PaperPush

This policy does not cover third-party sites/services you connect to (Google, Plaid, Intuit, banks, etc.). Their policies apply to their systems.

2) The data we collect

A. Account & identity information

Name, email, password hash (not plaintext), company name
Billing and subscription metadata (plan, payment status, invoices)
Account settings and preferences

B. Integration data (connected services)

When you connect third-party services, we may collect:

Integration identifiers (account IDs, connection state)
OAuth tokens / refresh tokens (stored securely)
Sync timestamps and ingestion watermarks
Selected metadata from connected services needed to operate PaperPush

Gmail / Email ingestion (if connected):

Sender/recipient metadata, message IDs, timestamps, thread IDs
Email snippets and headers if needed for processing
Attachments (PDFs) and/or rendered PDFs created from email content when no attachment exists
Vendor-specific filters (e.g., sender email or search strings)

Plaid / Bank feed (if connected):

Transaction data (merchant name, date, amount, category)
Account metadata (institution name, last4, type)
Plaid item IDs and tokens (stored securely)

QuickBooks / Accounting (if connected):

Sync state, identifiers, mapping metadata
Objects you import/export (jobs, vendors, invoices, etc.) depending on your configuration

C. Documents & extracted information

When you upload, ingest, or process documents, we may store:

The raw file (PDF) or a normalized version
Extracted text and structure (e.g., text blocks, geometry/layout metadata)
Extracted fields (vendor, totals, dates, line items, job names, payment method info)
Validation metadata (math checks, totals reconciliation reports)
Document classification labels (e.g., invoice vs receipt)

D. Usage, diagnostics, and security logs

We collect operational and security information such as:

IP address, device/browser, timestamps
App activity logs, audit trails, error logs
Trace IDs and internal processing logs (for debugging, reliability, auditability)

3) How we use your data

We use information to:

Provide and operate PaperPush
Ingest documents from integrations you authorize
Extract, normalize, classify, and summarize documents
Create structured records, reports, exports, and reconciliation views
Detect duplicates, prevent fraud/abuse, and maintain security
Improve system reliability, performance, and accuracy
Communicate with you (support, account notices, service updates)
Comply with legal obligations

4) AI / Automated processing disclosure

PaperPush uses automated systems, including machine learning and/or large language model (LLM) services, to help extract or structure information.

We may send limited document content (or derived text/structure) to AI providers strictly to perform the requested extraction.

We do not guarantee accuracy: AI outputs can be wrong.

You remain responsible for reviewing outputs before relying on them.

5) What we share (and what we don’t)

We do not sell your personal data.

A. Service providers (processors)

Vendors that help us run PaperPush, such as:

Cloud hosting (e.g., Render)
Storage (e.g., AWS S3 or equivalent)
Email providers / APIs (Google)
Financial aggregation (Plaid)
Accounting integrations (Intuit QuickBooks)
AI/LLM providers (for extraction)
Error monitoring / logging infrastructure

They process data under contractual obligations consistent with providing services to us.

B. Legal and safety

We may disclose information if required to:

Comply with law, subpoena, court order, or regulator request
Enforce our Terms
Prevent fraud, abuse, or security threats
Protect rights, property, and safety of PaperPush and users

C. Business transfers

If we’re involved in a merger, acquisition, financing, or sale of assets, your data may be transferred as part of the transaction, subject to appropriate confidentiality controls.

6) Data retention

We retain data as long as needed to provide the service and comply with legal obligations.

Typical retention includes:

Documents and extracted records: until you delete them or close your account (unless legally required otherwise)
Logs/audit records: retained for security and integrity, potentially longer than documents, and may be de-identified where feasible

7) Deletion and control

You can:

Disconnect integrations (stops future ingestion)
Delete documents/records (subject to system constraints and legal retention)
Request account deletion by contacting us at [Support Email]

Note: Some logs/audit trails may be retained to prevent fraud, debug issues, or comply with law, potentially in de-identified form.

8) Security

We use reasonable administrative, technical, and physical safeguards, including:

Encryption in transit (HTTPS/TLS)
Access controls and least-privilege permissions
Secure storage of OAuth tokens (and encryption where appropriate)
Monitoring and logging for suspicious activity

No system is 100% secure. You use PaperPush at your own risk.

9) International data transfers

If you access PaperPush from outside the United States, your data may be processed in the U.S. or other countries where our providers operate.

10) Children

PaperPush is not intended for children under 13 (or under 16 where applicable). We do not knowingly collect such data.

11) Changes to this policy

We may update this Privacy Policy. If changes are material, we’ll provide notice in-app or via email. Continued use after the effective date means you accept the updated policy.

12) Contact

Questions or requests: paperpushapp@gmail.com