Privacy policy
Effective date: July 16, 2026
This Privacy Policy describes how PaperTight collects, uses, and discloses your information when you visit our Website or use our Services, and it explains the choices and rights you have over that information.
Here are some important definitions to help you understand this policy:
- PaperTight, “we,” “us,” “our” — the company that provides the Services.
- Website — papertight.com and its related pages.
- Services — the PaperTight document-control application, including any related APIs.
- Workspace — the isolated tenant space where a customer’s projects, companies, packages, and documents live.
This policy works alongside our Terms of service.
1. Information we collect
We collect information when you provide it to us, when you use the Website or the Services, and when other sources provide it to us, as further described below.
Account creation. When you create an account or are invited to a Workspace, we collect information such as your name, email address, password, and your role within the Workspace (for example workspace admin, staff, or client-portal user).
Communications. When you request support, respond to a notification, or otherwise contact us, we collect the contents of those messages along with any attachments and the metadata associated with them.
Payment information. When you purchase a paid subscription, our third-party payment providers collect and process your payment details on our behalf. We may receive related information such as your billing address and a record that a transaction occurred, but we do not store or process full card numbers ourselves.
Customer documents. The Services exist to control the documents you upload — timesheets, invoices, permits, gate passes, agreements, and similar files. These files, their versions, and their approval history are stored so we can provide the Services to your Workspace.
Automatic data. When you use the Services we automatically collect technical information such as IP address, browser and device type, and usage events (which pages and packages you open, and the actions you take), which we use to operate, secure, and improve the product.
Cookies and analytics. We use cookies and similar technologies to keep you signed in, remember preferences, and understand aggregate usage. You can control cookies through your browser settings, though some features may not work without them.
2. How we use your information
We use the information we collect to:
- •Provide the Services — operate your Workspace, host and process your documents, and deliver notifications and reminders.
- •Secure the Services — authenticate users, enforce Workspace and client-portal boundaries, and detect and prevent abuse.
- •Support you — respond to requests, troubleshoot issues, and communicate about your account.
- •Improve the Services — understand aggregate usage so we can fix problems and build better features.
- •Meet legal obligations — comply with applicable law and enforce our agreements.
3. Disclosing your information
Service providers and subprocessors. We share information with vendors who help us run the Services — for example cloud infrastructure, payment processing, and email delivery. These providers may only use the information to perform services for us and are bound by confidentiality obligations.
Legal reasons. We may disclose information where we reasonably believe it is required to comply with a law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of PaperTight, our users, or the public.
Business transfers. If PaperTight is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction; we will notify you of any change in ownership or use of your personal information.
We never sell your personal data. We do not sell your personal information, and we do not share it with third parties for their own advertising purposes.
4. Customer documents
You own your documents. The files you and your team upload to a Workspace remain yours. PaperTight claims no ownership of your customer documents.
We process them only to provide the Services. We store, version, and route your documents solely to deliver the document-control features you are using — nothing more. We do not use the contents of your customer documents to train models or for advertising.
Staff access is limited and logged. Our staff do not routinely access the contents of your documents. Where access is needed to provide support or resolve an incident, it happens only with appropriate authorization and is recorded in our internal logs.
5. International data transfers
PaperTight operates internationally, and the information we collect may be transferred to and processed in countries other than the one in which you are located. Those countries may have data-protection rules that differ from those in your jurisdiction.
Where we transfer personal information across borders, we take steps to ensure it remains protected consistent with this policy and applicable law, including through appropriate contractual safeguards with our providers.
6. Your choices
Marketing communications. You can opt out of marketing emails at any time using the unsubscribe link in the message or by contacting us. We may still send you essential service messages about your account, security, and billing.
Cookies. You can set your browser to refuse some or all cookies or to alert you when cookies are being sent. Disabling cookies may limit your use of certain features.
7. Your privacy rights
Depending on where you live, you may have rights over your personal information, including the right to:
- •Access — request a copy of the personal information we hold about you.
- •Correction — ask us to correct information that is inaccurate or incomplete.
- •Deletion — ask us to delete your personal information, subject to legal retention obligations.
- •Portability — receive certain information in a structured, machine-readable format.
- •Objection — object to or restrict certain processing of your personal information.
If you are in the European Economic Area or the United Kingdom, you have these rights under the GDPR and equivalent UK law, and you may lodge a complaint with your local supervisory authority. To exercise any right, contact us using the details below; we may need to verify your identity before responding.
Where your documents are managed inside a Workspace, the Workspace admin is generally the controller of that data. If your request concerns documents in someone else’s Workspace, we will refer you to, or work with, that Workspace admin.
8. Data retention
We retain personal information and customer documents for as long as your account is active and as needed to provide the Services. After an account or Workspace is closed, we retain data for a limited period to allow for export and recovery, after which it is deleted or anonymized.
We may retain certain information for longer where required to comply with legal obligations, resolve disputes, or enforce our agreements.
9. Security of your information
We take security seriously and apply safeguards designed to protect your information, including:
- •Encryption — data is encrypted in transit (TLS) and at rest.
- •Workspace isolation — each Workspace is a tenant boundary, and client-portal users only ever see their own company’s documents.
- •Role-based access — permissions are scoped to admin, staff, and client-portal roles.
- •Audit logging — account and document activity is recorded in an Activity Log, and documents keep full version history.
No method of transmission or storage is completely secure, so while we work to protect your information we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.
10. Children’s information
The Services are a business tool and are not directed to children. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.
11. Third-party sites
The Website and Services may contain links to third-party sites and services that we do not operate. This policy does not apply to those sites, and we are not responsible for their content or privacy practices. We encourage you to review the privacy policy of any third-party site you visit.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify you through the Services or by email. Your continued use of the Services after an update means you accept the revised policy.
13. Contact us
If you have questions about this Privacy Policy or how we handle your information, contact our privacy team at privacy@papertight.com and we will be glad to help.