This Privacy Policy explains how Papercove (“we”, “us”) collects, uses, and protects your personal data when you use the Papercove web application at read.papercove.app and this website. We comply with the EU General Data Protection Regulation (GDPR) and applicable French data-protection law.
Papercove is built around a simple principle: your reading is yours. There is no advertising, no recommendation engine, no profiling, and we do not train any AI on your content.
1. Who is responsible for your data
The data controller is [TO COMPLETE: full legal name], operating as a French micro-entreprise ([TO COMPLETE: SIREN/SIRET]), [TO COMPLETE: postal address].
For any privacy question or to exercise your rights, contact us at hello@papercove.me.
2. What data we collect
Account & profile
Your name, email address, a unique handle, your password (stored only as a secure hash), your time zone, your reading preferences (typography, reading speed, default view, digest schedule and options), and, if you enable two-factor authentication, your encrypted 2FA secret and recovery codes.
Authentication & security
Session information including your IP address and browser user-agent, “remember me” tokens, password-reset tokens, and — if you generate one — an API token (stored as a hash).
Content you bring into Papercove
The content you choose to read: newsletters received at your dedicated @papercove.me
address (both the raw email and the parsed, reader-friendly version), the RSS/Atom feeds you
follow, the articles you save to read later, and the topics, favorites, and read/unread status you
assign. This content may itself contain personal data about third parties (for example, a
newsletter sender’s name and address); we process it solely to store and display it to you, on
your instruction.
Subscription metadata
For each sender, the sending email address and name, unsubscribe information, and volume statistics (how often they send), so you can manage your subscriptions.
Invitation codes
The alpha invite code used to create your account.
Technical logs & diagnostics
Error logs and operational diagnostics needed to keep the service running and secure. These are kept for a short period and are not used to profile you.
3. Why we use your data and our legal bases
- To provide the service — creating your account, receiving and parsing your newsletters, fetching feeds, extracting articles, building your digest, and storing your library. Legal basis: performance of our contract with you.
- To keep Papercove secure and working — authentication, abuse prevention, debugging, and diagnostics. Legal basis: our legitimate interests.
- To measure website traffic — privacy-friendly, cookieless analytics that count visits in aggregate without identifying you. Legal basis: our legitimate interests.
- To comply with the law — where we are legally required to. Legal basis: legal obligation.
We do not sell your data, show you ads, build advertising profiles, or use your content to train AI models. Tracking pixels are stripped from the emails and articles you read.
4. Cookies & analytics
We use strictly necessary cookies only — to keep you signed in and to protect against cross-site request forgery. We do not use advertising or cross-site tracking cookies. Because these cookies are essential to provide a service you have requested, no consent banner is required.
To understand how this website is used, we run a self-hosted instance of Umami, a privacy-friendly, cookieless analytics tool. Because it runs entirely on our own infrastructure, your data is never sent to a third-party analytics vendor. It measures aggregate traffic — such as page views and referrers — without cookies and without identifying you individually, and does not track you across other websites.
5. Who we share data with
We share data only with the service providers (sub-processors) needed to run Papercove, under appropriate data-processing terms:
- Hosting & infrastructure: [TO COMPLETE: hosting provider name, country], which stores the application and database.
- Status monitoring: our public status page provider, for uptime reporting (no personal reading data is shared).
We never sell or rent your personal data to anyone.
6. Where your data is stored & international transfers
Your data is hosted in [TO COMPLETE: hosting country/region, e.g. the EU]. If any provider processes data outside the European Economic Area, we ensure an appropriate transfer mechanism (such as Standard Contractual Clauses) is in place.
7. How long we keep your data
We keep your account and content for as long as your account is active. When you delete your account, your personal data and content are permanently deleted within [TO COMPLETE: e.g. 30] days, except where we must retain limited information to comply with a legal obligation. Technical logs are kept only for a short period.
8. Your rights
Under the GDPR, you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased;
- restrict or object to certain processing;
- receive your data in a portable format;
- withdraw consent where processing is based on consent.
To exercise any of these, email hello@papercove.me. You also have the right to lodge a complaint with your supervisory authority — in France, the CNIL.
9. Security
Data is transmitted over encrypted connections (HTTPS). Passwords and API tokens are stored as hashes, two-factor secrets are encrypted, and two-factor authentication is available on your account. No system is perfectly secure, but we take reasonable measures to protect your data.
10. Changes to this policy
We may update this policy from time to time. When we do, we will revise the “Last updated” date above and, for material changes, notify you in the app or by email.
11. Contact
Questions? Reach us at hello@papercove.me.