This Privacy Policy explains how Papersmith ("we", "us", "our") collects, uses, and protects information when you use our Markdown-to-PDF conversion service at papersmith.app ("the Service").
We are committed to minimal data collection. The short version: your Markdown content is never stored on our servers unless you explicitly save it to your account. We do not sell your data to anyone.
1. Information We Collect
Account information (if you sign up):
- Email address — provided when you sign up with email/password or Google OAuth
- Name — provided by Google OAuth if you sign in with Google (optional)
- Account creation timestamp
- Subscription plan status (free or Pro)
Subscription and billing (Pro subscribers only):
- Lemon Squeezy customer ID and subscription ID (references to your records in Lemon Squeezy's system)
- Subscription status and renewal date
- We do not store or see your payment card details — all payment data is handled exclusively by Lemon Squeezy
Documents (Pro users who use cloud saving only):
- Document titles and Markdown content you explicitly save to your account
- Associated settings (theme, style configuration) saved with each document
- Created and updated timestamps
What we do NOT collect:
- Your Markdown content during free-tier PDF conversion — it is processed in memory in a serverless function and immediately discarded
- IP addresses for tracking purposes
- Browser fingerprints
- Behavioral analytics or heatmaps
- Any data from third-party advertising networks
2. How We Use Your Information
- To provide the Service — process your Markdown into PDF, manage your account, deliver Pro features
- To manage subscriptions — process payments, send receipts, handle renewals and cancellations via Lemon Squeezy
- To communicate with you — respond to support inquiries; send transactional emails (password reset, subscription confirmation). We do not send marketing emails unless you opt in.
- To improve the Service — aggregate, anonymized usage patterns (e.g., most-used features) may be reviewed internally. No individual user data is used for this.
3. Cookies and Local Storage
Papersmith uses the following:
- Authentication cookies — set by Supabase to maintain your login session (httpOnly, secure, SameSite). These are essential for the Service to function when you are logged in.
- localStorage — used to save your editor state (Markdown content, theme, settings) locally in your browser. This data never leaves your device unless you choose to save to cloud.
We do not use advertising cookies, cross-site tracking cookies, or analytics cookies.
4. Third-Party Services
We use the following third-party services to operate Papersmith:
- Supabase — database and authentication provider. Your account data and cloud-saved documents are stored in Supabase's infrastructure (hosted on AWS). See Supabase's Privacy Policy.
- Lemon Squeezy — payment processor and Merchant of Record. Handles all payment transactions. Lemon Squeezy stores your billing information under their own privacy policy. See Lemon Squeezy's Privacy Policy.
- Vercel — hosting and serverless function execution. PDF generation happens inside Vercel serverless functions. Vercel may log request metadata (IP, timestamp) per their standard infrastructure logging. See Vercel's Privacy Policy.
5. Data Retention
- Account data: Retained for the lifetime of your account. Deleted within 30 days of account deletion.
- Cloud documents: Deleted immediately when you delete them, or within 30 days of account deletion.
- Free-tier PDF conversions: Not stored. Processed in memory, discarded immediately.
- Billing records: Retained as required by applicable financial regulations (typically 7 years). Lemon Squeezy maintains these records per their legal obligations.
6. Data Security
We take reasonable technical and organizational measures to protect your data, including:
- HTTPS enforced for all connections (via Vercel)
- Authentication tokens stored in httpOnly, secure cookies
- Database access controlled via Row Level Security (RLS) — you can only access your own documents
- Payment data never touches our servers — handled exclusively by Lemon Squeezy
No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
7. Your Rights
You have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — update your email address or other account information
- Deletion — delete your account and all associated data from your account page, or by emailing us
- Portability — export your saved documents at any time from your account
- Withdraw consent — you may close your account and stop using the Service at any time
If you are in the EEA or UK, you may also have rights under GDPR. To exercise any of these rights, contact us at shaheer.ahmed12@gmail.com.
8. Children's Privacy
The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance.
10. Contact