Simple Answer
All data is stored and processed in the European Union.
No exceptions. No cross-border transfers. No US data processing.
Where Your Data Lives
Primary Region
Frankfurt, Germany (Hetzner Cloud)
All production infrastructure, databases, and storage
What Data Stays in the EU
Everything. Here's the complete list:
- ✓HTML input: Your HTML content during processing
- ✓Generated PDFs: Output files (stored according to retention settings)
- ✓Account data: Email, encrypted passwords, API keys
- ✓Usage logs: Request metadata, timestamps, status codes
- ✓Billing records: Invoice history and usage metrics
- ✓Application databases: PostgreSQL (EU-hosted)
- ✓Object storage: PDF files and backups
- ✓Monitoring data: Performance metrics and system logs
Payment Processing
Billing is handled by Stripe with EU data residency enabled:
- ✓Payment data processed in Stripe's EU infrastructure
- ✓Card details never touch PaperAPI servers
- ✓Stripe is PCI DSS Level 1 certified
See Stripe's data residency documentation for details.
No Data Leaves the EU
We do not transfer data outside the EU for:
- ✗Processing (no US servers)
- ✗Storage (no cloud regions outside EU)
- ✗Backups (EU-only disaster recovery)
- ✗Analytics (we don't use third-party analytics)
- ✗Support (no offshore support teams)
Compliance Benefits
EU-only data residency simplifies your compliance:
- ✓No Standard Contractual Clauses (SCCs) needed for international transfers
- ✓Simplified GDPR compliance (no cross-border concerns)
- ✓No CLOUD Act exposure (US government data requests)
- ✓Easier data protection impact assessments (DPIAs)
- ✓Meets EU institutional data residency requirements
Network Architecture
Technical implementation:
- •All compute instances in EU availability zones
- •Database replicas remain within EU-Central and EU-West
- •CDN endpoints serve from EU edge locations
- •DNS resolution through EU-based nameservers
- •TLS certificates issued and validated in EU