Privacy Policy
Last updated: June 27, 2026
1. Introduction and Scope
This Privacy Policy explains how Paprhq Inc., a corporation organized under the laws of the State of Florida, United States (“Paprhq,” “we,” “us,” or “our”), collects, uses, shares, and protects personal information in connection with Papr, our AI-assisted invoicing platform, and our related websites, applications, and services (collectively, the “Service”). It applies to visitors, account holders, and the individuals whose information our customers process through the Service.
When you use the Service to manage your clients and invoices, you act as the controller of the personal information you enter about your clients, and we process that information on your behalf as a processor (or service provider). For our own websites and account data, we act as the controller.
2. Information We Collect
Information you provide
- Account information: your name, email address, password (stored hashed), and email verification status.
- Profile and business details: business or entity name, address, tax identifiers, logo, currency, and similar settings.
- Client data you enter: the names, email addresses, billing addresses, and contact details of your clients, which you control.
- Invoices and content: invoices, line items, notes, payment terms, reminder schedules, and message threads you create or send.
- Payment and billing information: if you subscribe to a paid plan, billing details processed by our payment processor (we do not store full card numbers).
- Communications: information you provide when you contact support or correspond with us.
Information we collect automatically
- Usage and analytics data: actions taken in the Service, features used, and similar product-usage information.
- Device and log data: IP address, browser type, device identifiers, operating system, referring pages, and timestamps.
- Cookies and similar technologies: as described in the Cookies section below.
3. How We Use Information
We use personal information to:
- provide, operate, maintain, and secure the Service, including creating and sending invoices, automating reminders, and processing payments;
- authenticate users, verify email addresses, and prevent fraud and abuse;
- provide customer support and respond to your requests;
- process subscriptions, billing, and transactions;
- improve, develop, and personalize the Service, including AI-assisted features;
- send service-related and administrative communications, and, where permitted, marketing communications you can opt out of; and
- comply with legal obligations and enforce our Terms of Service.
4. Legal Bases for Processing (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases to process your personal information:
- Performance of a contract — to provide the Service you have requested and fulfill our agreement with you.
- Legitimate interests — to secure, improve, and promote the Service, where those interests are not overridden by your rights.
- Consent — for certain cookies, marketing, or optional features, where required; you may withdraw consent at any time.
- Legal obligation — to comply with applicable laws, including tax and accounting requirements.
5. Cookies and Tracking
We use cookies and similar technologies to keep you signed in, remember your preferences, maintain security, and understand how the Service is used. Some cookies are strictly necessary for the Service to function; others help us analyze usage. You can control cookies through your browser settings, and, where required by law, we will request your consent for non-essential cookies. Disabling some cookies may affect the functionality of the Service.
6. How We Share Information
We do not sell your personal information. We share information only as described below:
- Service providers and sub-processors: trusted vendors that help us operate the Service, such as our cloud hosting provider, email delivery provider, and payment processor (for example, Stripe). They may process personal information only on our instructions and under appropriate confidentiality and data-protection obligations.
- Legal and compliance: when required to comply with law, legal process, or a lawful government request, or to protect the rights, property, or safety of Paprhq, our users, or others.
- Business transfers: in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to this Privacy Policy.
- With your consent or at your direction: for example, when you choose to send an invoice or message to a client through the Service.
7. Data Retention
We retain personal information for as long as needed to provide the Service, maintain your account, comply with our legal obligations (including tax and accounting requirements), resolve disputes, and enforce our agreements. When information is no longer required, we will delete or anonymize it. You can export or request deletion of your data as described below; residual copies may remain in backups for a limited period before being overwritten.
8. Data Security
We implement administrative, technical, and organizational measures designed to protect personal information, including encryption in transit, hashed passwords, access controls, and monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.
9. International Data Transfers
We are based in the United States, and we and our service providers may process and store personal information in the United States and other countries. If you are located in the EEA, the United Kingdom, or another region with data-transfer restrictions, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, to protect information transferred internationally.
10. Your Rights and Choices
Depending on where you live, you may have the right to access, correct, update, delete, or receive a portable copy of your personal information, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, contact us at privacy@paprhq.com. We will respond as required by applicable law. You may also have the right to lodge a complaint with your local data protection authority.
EEA / UK (GDPR) rights
If you are in the EEA or UK, you have the rights of access, rectification, erasure, restriction, data portability, and objection described above, and the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects, except as permitted by law.
California (CCPA / CPRA) rights
If you are a California resident, you have the right to know what personal information we collect and how we use and disclose it, the right to request access and deletion, the right to correct inaccurate information, and the right not to be discriminated against for exercising your rights. We do not sell or share your personal information for cross-context behavioral advertising as those terms are defined under California law. You may exercise your rights by contacting us at privacy@paprhq.com.
Where a request relates to client data that one of our customers processes through the Service, we will refer the request to that customer, who acts as the controller of that data.
11. Children’s Privacy
The Service is intended for business users and is not directed to children. We do not knowingly collect personal information from anyone under the age of 18 (or under 16 in jurisdictions where that is the relevant threshold). If you believe a child has provided us with personal information, please contact us so we can delete it.
12. Third-Party Links
The Service may contain links to third-party websites and services that we do not operate or control. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you use.
13. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by updating the “Last updated” date above and, where appropriate, by additional notice through the Service or by email. Your continued use of the Service after the changes take effect constitutes your acknowledgment of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at privacy@paprhq.com. For general support, contact support@paprhq.com. Paprhq Inc. is a corporation organized under the laws of the State of Florida, United States.