Paperlogic
Login

Privacy Policy

Last updated: April 27, 2026

Paperlogic ("Paperlogic", "we", "us", or "our") takes the protection of personal data seriously. This Privacy Policy explains how we collect, use, store, disclose, and protect personal data when you visit https://www.paperlogic.eu or use the Paperlogic platform.

Paperlogic is an AI-powered document automation and workflow platform for creating, testing, and running document-based workflows.

We process personal data in accordance with the GDPR, BDSG, TDDDG, and other applicable data protection laws.

1. Controller

The controller responsible for personal data processing is:

Paperlogic
Dreamloop Studio UG (haftungsbeschränkt)
Ulrich-Haid-Str. 7A
82229 Seefeld, Germany
Represented by: Ümit Eroglu
Privacy contact: support@paperlogic.eu

2. Definitions

This policy uses terms from Article 4 GDPR, including personal data, processing, controller, processor, data subject, and consent.

Personal data includes any information relating to an identified or identifiable person, such as names, email addresses, IP addresses, account data, uploaded document contents, workflow data, and technical identifiers.

3. What is Paperlogic?

Paperlogic is a platform for building and running AI-powered document workflows.

Use cases include invoice verification, document comparison, KYC review, bank statement analysis, contract analysis, document classification, data extraction from PDFs, and preparing structured data for ERP, CRM, DMS, or related systems.

4. Our role under data protection law

Depending on context, we act as either controller or processor.

When operating our website, user accounts, security, support, and product improvement, we usually act as controller (Art. 4(7) GDPR).

When business customers process their own data through Paperlogic, we may act as processor under Art. 28 GDPR, based on customer instructions and, where required, a Data Processing Agreement.

5. Categories of personal data we process

We may process:

  • Website and usage data (IP address, browser/device data, pages visited, timestamps, consent status)
  • Contact data (name, email, company, role, message content)
  • Account and access data (authentication and profile data)
  • Workflow data (workflow definitions, versions, node configurations, status)
  • Document data (files, OCR outputs, extracted fields, tables, metadata)
  • AI outputs (classifications, validations, comparison results, confidence signals)
  • Execution and logs (runs, steps, errors, timestamps, diagnostics)
  • Support communications

6. Data processed when visiting our website

We process technical data necessary to provide, secure, and optimize the website.

We may use analytics and consent tooling, including Google Analytics, Google Tag Manager, and Cookiebot by Usercentrics. Non-essential technologies are only used with consent.

7. Data processed when using the platform

When using Paperlogic, we process workflow definitions, uploaded files, outputs, logs, and technical metadata needed to operate and improve the platform.

Customers are responsible for ensuring a valid legal basis for data they upload and process.

8. Document processing and AI functionality

Paperlogic uses AI and document-processing technologies for OCR, extraction, classification, comparison, validation, and structured output generation.

Depending on configuration, providers may include:

  • Azure AI Document Intelligence
  • OpenAI API

AI-generated outputs may be inaccurate or incomplete and may require human review.

9. Purposes of processing

We process personal data to:

  • Provide and secure the website and platform
  • Run document workflows and generate structured outputs
  • Store run transparency data (steps, logs, diagnostics)
  • Handle support and customer communication
  • Prevent abuse and maintain platform security
  • Improve product quality and usability
  • Manage cookie consent

10. Legal bases for processing

We process data under:

  • Art. 6(1)(b) GDPR (contract / pre-contract)
  • Art. 6(1)(a) GDPR (consent)
  • Art. 6(1)(f) GDPR (legitimate interests)
  • Art. 6(1)(c) GDPR (legal obligations)

Where we act as processor, processing is based on customer instructions under Art. 28 GDPR.

11. Service providers and recipients

We may use providers for hosting, infrastructure, AI, analytics, monitoring, and communications, including:

  • Vercel
  • PostgreSQL database hosting
  • Prisma (ORM / data access)
  • OpenAI
  • Microsoft Azure / Azure AI Document Intelligence
  • Google Analytics / Google Tag Manager
  • Cookiebot by Usercentrics
  • Sentry
  • Email/communication providers

We share data only where necessary, consented, or legally required.

12. Hosting, database, and infrastructure

Paperlogic may be hosted on Vercel and uses PostgreSQL with Prisma for platform data.

Where possible, data is processed/stored within the EU/EEA. If transfers occur outside EU/EEA, appropriate safeguards are applied (e.g., SCCs).

13. Error monitoring with Sentry

We may use Sentry for error tracking and diagnostics. Processed data may include IP address, device/browser context, error details, stack traces, and affected URLs.

Legal basis: Art. 6(1)(f) GDPR.

14. Cookies and tracking technologies

We use cookies/related technologies for core functionality, security, consent management, and analytics.

Analytics/marketing cookies are only used with consent. Consent can be changed or withdrawn at any time.

15. Payments

Paperlogic does not currently process payments through the platform.

If paid services are introduced, this policy will be updated before launch.

16. International data transfers

Some providers may process data outside EU/EEA, including the United States.

Where this happens, we apply safeguards under Art. 44 et seq. GDPR.

17. Data retention

We keep personal data only as long as necessary for stated purposes or legal obligations.

Retention periods may vary by data category (logs, consent records, account data, workflow/document data, support records).

18. Data security

We implement appropriate technical and organizational measures, including transport encryption (HTTPS/TLS), access controls, secure infrastructure configuration, internal restrictions, and monitoring.

19. Responsibility when uploading documents

Users are responsible for ensuring lawful processing of uploaded documents and for applying appropriate safeguards, especially for sensitive data.

20. Automated decision-making

Paperlogic may provide AI-assisted recommendations and decision signals.

Unless explicitly agreed and legally assessed, Paperlogic does not perform solely automated decision-making with legal or similarly significant effects under Art. 22 GDPR.

21. Your rights under GDPR

You have rights of access, rectification, erasure, restriction, portability, objection, and consent withdrawal.

To exercise your rights, contact support@paperlogic.eu.

22. Right to lodge a complaint

You may lodge a complaint with a competent data protection supervisory authority.

23. Changes to this Privacy Policy

We may update this policy if services, providers, processing, or legal requirements change.

24. Contact

For privacy-related questions:

Paperlogic
Email: support@paperlogic.eu
Legal entity: Dreamloop Studio UG (haftungsbeschränkt)
Address: Ulrich-Haid-Str. 7A, 82229 Seefeld, Germany
Represented by: Ümit Eroglu