Papirer

Privacy Policy

Last updated: February 3, 2026

Effective date: February 3, 2026

1. Introduction

Papirer ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our expense tracking application.

Data Controller

The data controller responsible for your personal data is:

Jose Antonio Neto Suárez

C/ Manuel Vela 37, 21440 Lepe, Huelva, Spain

Tax ID: ES29607219D

Contact: hello@papirer.com

2. Information We Collect

We collect the following categories of information:

Account Information

  • Email address (required for authentication)
  • Name (optional, for personalization)
  • Apple ID (if using Sign in with Apple)

Financial Data

  • Transaction details (amounts, descriptions, dates)
  • Categories and tags you create
  • Recurring transaction patterns
  • Budget goals and spending limits

Device Information

  • Device type and operating system
  • Push notification tokens
  • App version and crash reports

Media Files

  • Voice recordings (processed for transcription, then immediately deleted)
  • Receipt images (processed for data extraction, then deleted after processing)
  • PDF documents (processed for data extraction, then deleted)

Preferences

  • Currency and language settings
  • Notification preferences
  • Display preferences

Technical and Processing Data

  • Original text input or voice transcription used to create transactions
  • AI processing results and confidence scores
  • Input method used to create each transaction (text, voice, photo, etc.)
  • Session data (IP address, user agent) for security purposes

3. How We Use Your Information

We use your information for the following purposes:

  • Provide and maintain the expense tracking service
  • Process and categorize your transactions using AI
  • Enable shared expense features with other users you invite
  • Send push notifications based on your preferences
  • Improve our AI accuracy based on your corrections
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your data based on:

  • Contract Performance: Processing necessary to provide our service (account management, transaction storage)
  • Consent: For optional features like push notifications and AI processing of voice/images
  • Legitimate Interests: For service improvement, security, and fraud prevention
  • Legal Obligation: When required by law or to protect our rights

5. Third-Party Services

We share data with the following service providers who help us operate Papirer:

  • Groq: Processes voice recordings for transcription (audio is deleted immediately after)
  • OpenRouter/Google Gemini: Analyzes receipt images for data extraction
  • RevenueCat: Manages subscription payments and entitlements (we share your email address to link your subscription to your account)
  • Resend: Delivers transactional emails (authentication codes, notifications)
  • Sentry: Collects anonymous crash reports and error logs for debugging
  • Expo: Delivers push notifications to your device
  • Laravel Reverb: Self-hosted WebSocket server for real-time updates (data stays on our infrastructure)
  • Nightwatch: Anonymous server monitoring and performance observability

These providers process data on our behalf under strict contractual obligations. We do not sell your personal data to any third party.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all third-party providers
  • Encryption of data in transit and at rest

7. Data Retention

We retain your data according to the following policies:

  • Account data: Until you delete your account
  • Transaction history: Until you delete your account or individual transactions
  • Voice recordings: Deleted immediately after transcription (not stored)
  • Receipt images: Deleted after successful processing (typically within minutes). If the receipt is unreadable, the image is temporarily retained to allow a retry and deleted when the transaction is resolved or removed
  • Crash reports: Retained for 90 days
  • AI correction data: Retained to improve personalization, deleted with account

8. Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit using TLS 1.3
  • Sensitive data is encrypted at rest
  • Authentication tokens are stored securely on your device
  • We use secure, reputable cloud infrastructure
  • Regular security audits and updates

9. Your Rights

Under GDPR and applicable privacy laws, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Export your data in a machine-readable format (CSV, Excel, or PDF)
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Revoke consent at any time (without affecting prior processing)

To exercise these rights, contact us at hello@papirer.com or use the in-app settings to export or delete your data.

You also have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, www.aepd.es) if you believe your personal data is not being processed in accordance with the GDPR.

10. Children's Privacy

Papirer is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app or by email. Your continued use of Papirer after changes take effect constitutes acceptance of the updated policy.

12. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect and how it is used
  • Right to delete your personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at hello@papirer.com.

We will respond to your request within one month.