PaperAPI logoPaperAPI
Log inGet started

Legal

Privacy Policy

Last updated: December 17, 2025

PaperAPI is committed to protecting your privacy and being transparent about what data we collect and how we use it.

What Data We Collect

Account Information

  • Email address (for authentication and account notifications)
  • Billing information (processed and stored by Stripe, our payment processor)
  • API keys (encrypted and stored in our EU database)

API Usage Data

  • Request timestamps and unique request IDs
  • API key used (not the actual key value)
  • Response status codes and error messages
  • HTML payload size (not content)
  • Processing duration and job status

Content Data

  • HTML input you send for PDF conversion (stored temporarily)
  • Generated PDF files (stored according to your retention settings)

We do not inspect, analyze, or use your HTML content or generated PDFs for any purpose other than providing the service.

How We Use Your Data

  • Service delivery: Process your HTML and generate PDFs as requested
  • Authentication & authorization: Verify API keys and enforce plan limits
  • Billing: Calculate usage and process payments through Stripe
  • Service improvement: Analyze aggregate usage patterns and error rates (no content inspection)
  • Security & abuse prevention: Monitor for suspicious activity and enforce rate limits
  • Legal compliance: Respond to valid legal requests when required by law

Data Retention

Generated PDFs

Default retention: 24 hours

Configurable retention: Up to 30 days

No-store option: PDFs can be streamed directly without any storage

HTML Input

Retained only during processing (typically seconds to minutes), then permanently deleted

Usage Logs

Retained for 90 days for debugging and security monitoring

Account Data

Retained while your account is active. Deleted within 30 days of account closure

Data Location & Transfers

All data stays in the European Union. We do not transfer your data to the United States or any other non-EU region.

Our infrastructure is hosted in EU data centers (see our Data Residency page).

Billing data is processed by Stripe (see our Subprocessors page for details).

Your Rights

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a structured format
  • Object: Object to certain processing activities

To exercise any of these rights, contact privacy@paperapi.de.

Cookies & Tracking

Essential cookies only: We use session cookies for authentication. No advertising or analytics cookies.

We do not use third-party tracking scripts or analytics services.

Changes to This Policy

We may update this privacy policy from time to time. Material changes will be announced via email to registered users. Continued use of the service after changes constitutes acceptance of the updated policy.

Questions?

For privacy-related questions or to exercise your rights, contact privacy@paperapi.de.

Security →GDPR Compliance →Subprocessors →Data Residency →