PaperHero Logo
PaperHero

Privacy Policy

Last updated: 30 June 2026

This Privacy Policy explains how blaumedia GmbH ("PaperHero", "we", "us") collects, uses, stores and protects personal data when you use the PaperHero service — the website at paperhero.io, your customer instance at <id>.customer.paperhero.io, and the PaperHero apps for iOS and Android. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Controller

The controller responsible for the processing of your personal data is blaumedia GmbH, Friedrich-Ebert-Hof 6, 22763 Hamburg, Germany. Managing Director: Dennis Oliver Paul. Registered at Amtsgericht Hamburg, HRB 198611. Email: privacy@paperhero.io.

For personal data contained in the documents you upload, you are the controller and we act as your processor under a Data Processing Agreement (see our DPA and section 4 below).

2. What data we process

Depending on how you use PaperHero, we process the following categories of personal data:

  • •Account data: first and last name, email address, password (stored only as a scrypt hash), language and timezone, and — if you enable them — two-factor authentication and encryption-key settings.
  • •Document data: the files you upload (PDFs, images, scans), the text extracted from them, search indexes (embeddings) and any metadata you add (names, folders, tags). Documents may contain personal data about you or third parties; you decide what you upload.
  • •AI inputs and outputs: the questions you ask the AI assistant, the document content sent to AI models to answer them, and the responses.
  • •Usage and technical data: log data such as IP address, timestamps, device and browser information and actions performed, needed to operate and secure the service.
  • •Payment data: your billing details and subscription status. Card data is handled by our payment providers (Stripe for the website, Apple for in-app purchases); we never receive or store full card numbers.
  • •Communication data: the content of support requests and emails you send us.
  • •Email-ingress data (optional): if you enable forwarding, the attachments sent to your personal PaperHero address (see section 6).

3. Purposes and legal bases

We process your data on the following legal bases under Art. 6(1) GDPR:

  • •Providing the service (account, document storage, OCR, search, AI assistant, sharing, mobile apps): performance of the contract, Art. 6(1)(b) GDPR.
  • •Payment, billing and statutory record-keeping: Art. 6(1)(b) and Art. 6(1)(c) GDPR (including retention obligations under German commercial and tax law).
  • •Security, abuse prevention and operating logs: our legitimate interest in a secure service, Art. 6(1)(f) GDPR.
  • •Privacy-friendly, cookieless analytics: legitimate interest, Art. 6(1)(f) GDPR; cookie-based analytics and marketing: your consent, Art. 6(1)(a) GDPR and § 25(1) TDDDG.
  • •Service-related communication and support: Art. 6(1)(b) and (f) GDPR.

4. Documents and AI processing

Your documents are stored encrypted (see section 8). Newly uploaded files, however, first arrive in your personal inbox; there PaperHero performs text recognition (OCR), generates preview images and computes the search indexes to make your documents searchable and useful and to let you ask an AI assistant questions about them.

Your inbox is personal. Because inbox content is not yet associated with a defined set of recipients at this stage, it is held unencrypted on our servers in the EU until import. Only on import is the file encrypted and made accessible to the users who are authorised through the chosen target folder; in a multi-user account, administrators can manage inbox content.

Search indexes (embeddings) are always computed on our own servers in the EU and are not shared with any third party.

Text recognition and the AI assistant: on the Small and Medium plans, document content and your AI inputs are processed by external AI providers — OpenAI, Anthropic, Google and Mistral — which we access exclusively through an EU-hosted AI gateway (Requesty.ai) using EU-located model endpoints. On the Big plan you can additionally choose AI models that we operate ourselves on our own servers in the EU, so that this content is processed entirely within our own infrastructure; you may still choose the external providers if you prefer.

We have data-processing agreements in place with these providers. Your documents and AI inputs are used only to deliver the feature you requested and are not used to train the providers' AI models.

5. Mobile apps (iOS and Android)

Our iOS and Android apps let you scan, photograph, upload and manage documents. They request access to your camera solely to scan documents; captured images are processed for your account just like any other upload.

The apps contain no advertising, no analytics or tracking SDKs and no third-party trackers, and we do not build advertising profiles. Subscriptions purchased in the iOS app are handled by Apple (see section 9).

6. Email ingress (optional)

If you enable email ingress, you receive a personal PaperHero email address. Messages sent there are retrieved over an encrypted connection from our own mail server (mail.blaumedia.com); supported attachments (PDF, JPEG, PNG) are imported as documents and the message is otherwise not stored. You can restrict accepted senders with a whitelist and can disable the feature at any time.

7. Hosting and storage location

PaperHero is hosted on infrastructure operated by Hetzner within the European Union, with data centres in Germany; parts of the infrastructure may be located in other EU member states (for example Finland). Your documents and account data are stored on this EU infrastructure.

8. Encryption and security

Each user has a personal key pair. Your private key is protected by your password (key derivation with scrypt, encryption with AES) and is unlocked with your password on your device. Documents are encrypted at rest with a per-document key, and all connections are additionally protected by TLS.

When you simply view or download your documents, decryption takes place locally on your device. Our server only ever provides the encrypted data; your private key and your decrypted document content are not transmitted to us.

Only when you use the search or AI features is your key transmitted to our service for that specific request, so that the relevant content (your documents and the search index) can be decrypted server-side and used for search and AI processing as described in section 4. On the Small and Medium plans this includes transmission to our EU-hosted AI gateway.

By default we keep your private key solely in the form encrypted with your password; we do not store it in clear text, so we cannot read your documents on our own initiative. Optionally you can enable end-to-end encryption — we then delete this server-side copy, and your keys remain solely on your own devices.

Passwords are stored solely as scrypt hashes. Each customer's data is isolated in its own database and storage area. All connections are TLS-encrypted and two-factor authentication is available.

9. Recipients and processors

We use carefully selected service providers who process data on our behalf under Art. 28 GDPR, and a small number of independent recipients where required to provide the service:

  • •Hetzner Online GmbH (Germany / EU) — hosting and storage.
  • •Requesty.ai together with OpenAI, Anthropic, Google and Mistral — AI text recognition and assistant (EU-located endpoints; Small/Medium plans and, optionally, Big).
  • •blaumedia GmbH mail server (mail.blaumedia.com) — transactional email and email ingress.
  • •Our self-hosted CRM (Twenty), operated on our own EU infrastructure — customer and subscription records.
  • •Stripe Payments Europe, Ltd. — payment processing for website subscriptions.
  • •Apple — payment processing and subscription management for purchases made in the iOS app; for in-app purchases Apple is the seller of record and processes the related payment data under its own terms.
  • •Google Ireland Ltd. / Google LLC — only if you consent to marketing cookies (Google Ads conversion measurement).

10. International data transfers

Our core processing — hosting, document storage, search indexes and AI processing via the EU gateway — takes place within the EU. Where a recipient may process data outside the EU (in particular Google for marketing, or payment providers), this happens only on a valid legal basis, such as your consent (Art. 49(1)(a) GDPR) or EU Standard Contractual Clauses (Art. 46 GDPR).

11. Retention and deletion

We keep your data for as long as your account exists. When you delete your account (in the app, in the customer portal, or by contacting us), access is disabled immediately and your documents, account data and search indexes are erased within 30 days.

We retain invoices and accounting records for the statutory period of up to 10 years (§ 147 AO, § 257 HGB). Where data is required to comply with legal obligations or to assert or defend legal claims, we retain it for as long as necessary for that purpose.

12. Your rights

You have the following rights regarding your personal data. To exercise them, contact privacy@paperhero.io; account holders can also export their data and delete their account directly in the app or customer portal.

  • •Access (Art. 15), rectification (Art. 16) and erasure (Art. 17) GDPR.
  • •Restriction of processing (Art. 18) and data portability (Art. 20) GDPR.
  • •Objection to processing based on legitimate interest (Art. 21 GDPR).
  • •Withdrawal of any consent you have given, with effect for the future (Art. 7(3) GDPR).
  • •The right to lodge a complaint with a supervisory authority — for us the Hamburg Commissioner for Data Protection and Freedom of Information (Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit).

13. Cookies and analytics

We use essential cookies required for the platform to function (authentication, preferences). For web analytics we use Matomo, a self-hosted open-source tool that we run on our own infrastructure in Germany — no data leaves our servers. By default Matomo runs in cookieless mode with anonymized IP addresses, based on our legitimate interest in understanding how the product is used (Art. 6(1)(f) GDPR). With your consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG) we additionally set first-party cookies (e.g. _pk_id, _pk_ses) to recognize returning visitors. If you also consent to the 'Marketing' category, we use Google Ads for conversion measurement and remarketing, which sets cookies and transfers data to Google in the USA — no Google script is loaded until you opt in, and you can withdraw this consent at any time. You can manage your choices at any time via 'Cookie Settings' in the footer.

14. Children

PaperHero is not directed at children. You must be at least 18 years old to enter into a contract with us, and we do not knowingly process the data of minors.

15. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes to the service or legal requirements. We will inform you of material changes by email or in the app. The date above indicates the current version.

Contact

For privacy questions or to exercise your rights, contact our data protection contact:

privacy@paperhero.io

blaumedia GmbH
Friedrich-Ebert-Hof 6
22763 Hamburg
Germany

Back to Impressum
Privacy Policy - PaperHero