papr
Sign inStart for free
Trust

Security at Papr

Papr holds your business’s financial records and your clients’ details. Here’s how we keep them safe.

Encryption

All traffic to and from Papr is encrypted in transit with TLS. Data at rest — your invoices, clients, and account information — is stored on encrypted volumes. Secrets and credentials are held in environment configuration, never in the codebase.

Hosting & infrastructure

Papr runs on dedicated infrastructure with our database isolated from the public internet. Access to production systems is limited to the people who operate the service, protected by strong authentication. We patch our platform and dependencies on an ongoing basis.

Your data is yours

We are a processor of the data you put into Papr, not the owner of it. You can export your full account — invoices, clients, entities, templates, and message history — at any time, and delete your account and its data when you choose. We never sell your data.

Backups & durability

Your database is backed up regularly so that, in the event of a failure, we can restore your account with minimal loss. Backups are encrypted and access-controlled.

Access control & multi-tenancy

Every record in Papr is scoped to a single account and enforced server-side, so one customer can never see another’s data. Team members only ever access the accounts they’ve been invited to, with the role they were granted.

Sub-processors

We use a small set of trusted third parties to operate Papr — for hosting, transactional email, and (where you enable them) SMS and analytics. A current list of sub-processors, and the data they process, is maintained in our Data Processing Agreement.

Responsible disclosure

If you believe you’ve found a security vulnerability in Papr, we want to hear from you. Please email support@paprhq.com with the details and steps to reproduce, and give us a reasonable window to investigate and fix before any public disclosure. We’re grateful for reports made in good faith and will work with you in kind.

Privacy & compliance

How we collect and handle personal data is described in our Privacy Policy, and the terms governing the service in our Terms of Service. For data-processing terms as a business customer, see our Data Processing Agreement.


Security is never “done.” This page describes our current practices and will evolve as Papr grows. Questions? support@paprhq.com.