Privacy Policy

Effective Since June 1, 2018. In this version we added more details on personal data collection, usage and user rights with respect to their personal data.

In this document we describe how we collect, use and handle your personal data when you use our service.


Short version: we do not share or disclose your personal information unless you make it public or disclosure is enforced by law. We never sell your personal data to third parties for any purposes. You have the right to download your personal data at any moment and delete it completely.


What personal data we collect

Web browser information

When you are browsing the Website, we collect the same basic information that most websites collect. We use common internet technologies, such as cookies and web server logs. We collect browser information from every visitor of the Website, whether they have an account or not.

The information we collect about all visitors of the Website includes the visitor’s IP address, browser type, language preference, referring site, and the date and time of each visitor request.

We collect this information with the following purposes:

  • to better understand the patterns of usage of the Website
  • to monitor and protect the Website
  • to solve production issues should they happen

The collected information is stored in raw format up to 30 days and is removed afterwards.

User Account Information

If you create an account, we ask for basic information from you or from the authentication service. At the bare minimum we ask for your display name and email. Some third-party authentication services, such as Google or Facebook, may provide us with additional profile data, however, we always request the minimal amount of information which is supported by the authentication service.

We collect account information with the following purposes:

  • to create your account, and to provide the services you request;
  • to identify you in you use email authentication;
  • to fill out your profile and share that profile with other users if you ask us to;
  • to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay. Please see our section on email communication for more information.

User account information is removed from the Website immediately upon account removal but may be stored in backups for up to 60 days after account removal or for other longer period if required by law .

You can check what user information do we store on the Setting page in your dashboard on the Website.

User Account Information does not include aggregated, non-personally identifying information. We may use aggregated, non-personally identifying information to operate, improve, and optimize our Website and Service.

Your Stuff

The purpose of our Service is to make it simple for you to work on your documents, collaborate with others, and work across multiple devices. To make that possible, we store, process, and transmit Your Stuff as well as information related to it. The related information includes the list of your collaborators, as well as things like the size of the file, the time it was uploaded. We have different options for sharing Your Stuff.

Public Projects

If your project is public, third parties may access and use it in compliance with our Terms of Service. The content remains yours, however, anyone on the web, either human or robot may access it and process it at their own discretion. .

Your Personal Information, associated with your public content, may be gathered by third parties. If you do not want your Personal Information to be accessible to third parties, please do not make your Personal Information publicly available.

If you choose to make your project public, but wish to put any license restrictions on it, please make sure to supply such restrictions in clear form. Text file with license information and copyright notices in the file headers are usually okay for that.

Private Projects

Private projects are accessible only to registered users who were granted access. You may grant access to private project by sending explicit invitations from the Website user interface or by sending an access link via third-party communication channels.

If you send explicit invitation we deliver it to the recipient by email which you provide to us. It is your responsibility to provide us a valid email of the person with whom you are sharing the project.

If you create an access link, you can send it to anyone via any communication channel. The link remains valid after its use until you switch link sharing off.

Usage information

We collect information related to how you use the Services, including actions you take in your account (like compiling projects, viewing the results, uploading or moving files, sharing, etc.). We use this information to improve our Service, develop new services and features, debug production issues and protect users.

Usage information is anonymized in 30 days after its recording.

What personal data we DO NOT collect

We do not collect, store or write to any sort of logs your financial information, such as credit card numbers, your passwords from third-party authentication services, such as Google or Facebook, and any other personal data except for the listed above.

We do not intentionally collect information that is stored in your projects or other free-form content inputs. Information in your projects belongs to you, and you are responsible for it, as well as for making sure that your content complies with our Terms of Service. Our employees do not access private projects unless required to for security or maintenance, or for support reasons, with the consent of the project owner. If your project is public, anyone (including us) may view its contents. If you have included private or sensitive information in your public repository, such as email addresses, that information may be indexed by search engines or used by third parties.

Where we store personal data and with whom we may share it

Service Providers

We use services provided by certain trusted third party companies and individuals, referred hereafter as Service Providers, to provide the necessary technologies required to run and improve our Service, including, but not limited to hardware, software, networking, storage, analytics, customer support, processing credit card payments, etc. Service Providers may have access to or process your information for the purpose of providing their services for us. They are not permitted to use your information for their own purposes.

Below you can find the list of our major third-party vendors as of May 25, 2018, with the links to their privacy and/or security pages.

  • Google Cloud Platform (GCP) ran by Google LLC is the major vendor providing most of resources required to run our Service. See GCP security and GDPR compliance pages.
  • Mailgun services, ran by Mailgun Technologies, Inc. is our outgoing email service provider. See Mailgun privacy policy and GDPR pages.
  • PayPal provides us with payment services. See PayPal policies.
Data Storage Location

We store all data which is made available to the Service in Google Cloud data centers in European Union. However, service providers and business partners may be located anywhere in the world,

Data Sharing and Disclosure

We may share your data with third-party Service Providers as defined above. These third parties may have access to your information only for the purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy.

We may disclose personally-identifying information or other information we collect about you to law enforcement in response to a valid legal request, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.

In complying with legal processes we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so.

External Storage Providers

You may upload the contents of your project to external storage services such as Git repository or Dropbox using sync functions in Papeeria interface. Data which is uploaded to external services is subject to privacy and other policies defined by those services. You are responsible for properly setting up data access permissions on the external services.

Personal Data Control and Removal

Changing Personal Data

You can change and remove your personal data from your dashboard.

Exporting Your Stuff

You can download the contents of any project using Download as ZIP option.

Data Removal

You can delete any project from the Projects page of your dashboard. If you want to remove your account and all associated personal data, please send a request to contact@papeeria.com. We process account removal requests within 72 hours.

When account is deleted we remove all data from the Website. However, data may reside in backups for up to 60 days after account removal or for other longer period if required by law .

Use of cookies and tracking

Cookies and Local Storage

Cookie is a small piece of text data which is stored in your web browser and associated with a website. Cookies are passed from the browser to our Website every time when you visit Website pages. We use cookies for i) authentication and authorization and ii) storing browser-specific preferences

Cookies of the first type are created after you sign in and are cleared when you sign out. Cookies of the second type are created when you sign in and stored across your sessions. We store your name, authentication method and preferred interface language.

Local storage is a way to store some information associated with a website in your browser. Data stored in local storage never leaves your browser but is accessible to code running in your browser when you visit our Website. We use local storage to improve your user experience and to keep a local copy of some pieces of information which you normally send to our Website until we make sure that they are successfully written to our data storage.

By using Papeeria you express your consent to store cookies in your web browser. If you wish to clear cookies, please refer to the help pages.

Google Analytics

We use Google Analytics as a third party tracking service, but we don’t use it to track you individually or collect your User Personal Information. We use Google Analytics to collect information about how our Website performs and how our users, in general, navigate through and use the Website. This helps us to improve user experience, Website performance and compile statistical reports on activity.

You can read more about Google Analytics privacy practices and download browser add-on to opt-out of Google Analytics tracking.

Email communication

Email addresses collection

We may collect your email account in a few ways: i) you use email-based authentication; ii) you set your contact email in the settings; iii) your collaborator shares projects with you by sending invitation link through our mail server.

Email use

We may send you transactional emails in the following cases:

  • Other Papeeria user shares a project with you through your email address. In case of abusing this feature we ask you to inform us through the support email.
  • Your subscription is expiring and action is required from you to ensure smooth renewal or cancelling.
  • We need some assistance from you to resolve production issue (e.g. if there is suspicious traffic coming on your behalf).
  • You request password reset link

We may send you promotional marketing emails if you explicitly opt-in into receiving such emails in your settings on the Website.

Links to Third Party Websites

Our Website may contain links to other websites which are outside our control and are not covered by this Privacy Policy (“Third-Party Websites”). If you access Third-Party Websites using the links provided, the operators of such sites may collect information from you which will be used by them in accordance with their own privacy policies, which may differ from ours. We encourage you to review the privacy policies of those Third-Party Websites so that you understand if/how they collect and/or use information from you or your computer.

Security Practices

Communications

All data exchanged with our Website is always transmitted over SSL

Passwords

If you choose email authentication, we store your password in a database. Passwords are hashed with cryptographic hash function and salted.

We do not store and do not even access passwords from third-party services.

File System and Backups

Most of the data available from the Website is stored on persistent disks in Google Cloud and is encrypted at rest with standard encryption provided by GCP. Backups are stored in Google Cloud Storage buckets and are also encrypted at rest

System Security

Most of the components involved into the Service operations run in isolated containers with the least possible privileges. In particular, any processing of user data which may include running arbitrary code happens inside a hardened container with its own file system, system resources usage limits and no network access.

We constantly apply best practices on hardening container and OS security.

Software Security

Every change to the codebase passes through code review which includes checking security aspects, such as possible XSS/CSRF attacks, injections, etc. We occasionally conduct security audit by third-party partners.

Changes

If we are involved in a reorganization, merger, acquisition, or sale of our assets, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.

We may revise this Privacy Policy from time to time, and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you.

Contact

You personal information is controlled by BarD Software s.r.o. Should you have any questions on privacy policies or on your personal data, please contact us by email privacy@bardsoftware.com