PapeX, Inc. – Privacy Policy

1. Identity of the Controller

The data controller for purposes of this Policy is PapeX, Inc., a Texas S-Corporation with its principal place of business in Texas, United States. You may contact us at privacy@papex.app for general assistance.

2. Scope of Policy

This Policy applies to all users of the PapeX mobile application, website, and integrated services, including POS data feeds and third-party integrations. By using any of these services, you acknowledge and agree that this Policy governs our collection, use, and disclosure of personal data across all PapeX-related platforms.

3. Information Collected

We collect information you provide directly, information generated automatically through use of the Service, and information obtained from third parties. This may include your name, email address, identifiers (account ID, user ID, device ID), search history, and user-generated content.

We also collect financial information related to transaction receipts, including purchase details, merchant names, payment methods, transaction timestamps, and associated metadata obtained through integrated POS systems. PapeX does not collect or store payment card numbers or full banking credentials. Such data is processed externally by third-party POS systems.

Device identifiers, advertising identifiers, and related usage/analytics data may be collected through third-party services (including AWS and Firebase) for performance monitoring, authentication, and security.

4. Purpose of Processing

We process data to operate, maintain, and improve the Service; authenticate users; manage accounts; display and store digital receipts; conduct analytics and performance optimization; communicate service updates and security alerts; comply with legal obligations; and conduct research and development. We may also process anonymized or aggregated transaction data for market research, trend analysis, or commercial insights, provided it cannot reasonably identify an individual user.

5. Legal Bases for Processing

Depending on the activity, we rely on one or more legal bases: performance of a contract; compliance with legal obligations; legitimate business interests (e.g., improving products, preventing fraud); and consent (e.g., beta testing or marketing communications).

6. Disclosure of Information

We do not sell personal identifying information. We may share aggregated or anonymized receipt data with business partners, POS vendors, and retailers for legitimate purposes. Data may be shared with financial management applications (e.g., QuickBooks, Plaid, Mint) only when authorized by you, under secure, tokenized connections. POS vendors accessing PapeX APIs must follow strict confidentiality, encryption, and least-privilege standards.

Information may be disclosed to governmental or regulatory authorities if required by law or in connection with a merger, acquisition, reorganization, or sale of Company assets.

7. Data Retention

We retain personal and transactional data as long as necessary to fulfill the purposes in this Policy, subject to legal requirements. Receipt and account data may be retained indefinitely for archival, analytical, or operational purposes. You may request deletion of your account by contacting privacy@papex.app, subject to applicable retention requirements.

8. Data Breach Notification

If a data breach affects your personal information, we will notify affected users without undue delay, in accordance with applicable laws, and provide details on the breach, likely consequences, and remedial actions.

9. International Data Transfers

Data is stored primarily within the United States. Users outside the U.S. consent to the transfer of their data to the U.S., which may have different data-protection laws. Continued use of the Service constitutes consent to such transfers.

10. Cookies and Tracking Technologies

We use cookies, SDKs, and other tracking technologies for session management, authentication, analytics, advertising measurement, and security. You may manage cookie preferences through device or browser settings, though disabling cookies may limit functionality. We do not currently respond to “Do Not Track” signals.

11. Data Security

We implement commercially reasonable safeguards, including encryption in transit and at rest (TLS 1.2 and AES-256), restricted data access, and secure authentication protocols. While we strive to protect information, no method is infallible, and we cannot guarantee absolute security.

12. Automated Decision-Making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects. If such features are introduced, users will receive notice and the option to opt out.

13. Rights of Users

Depending on applicable laws, you may have rights to access, correct, delete, restrict, or object to processing of your data; request data portability; and exercise other rights without discrimination. Contact us at privacy@papex.app with “Privacy Request” in the subject line. We will acknowledge within 10 days and respond within 45 days, extendable once by 45 days if needed.

14. Sensitive Personal Data

We do not collect or process sensitive personal data (e.g., race, health, biometric data). If such data is ever required, we will request explicit, informed consent and provide opt-out options.

15. Children’s Privacy

The Service is not directed to children under 13. We do not knowingly collect data from children under that age. In jurisdictions with higher minimum ages (e.g., 16 in the EEA/UK), we require verifiable parental consent before use.

16. Financial Data Accuracy Disclaimer

We display receipt and transaction data as received from connected POS systems and do not independently verify merchant-provided information. Please contact merchants directly to resolve discrepancies.

17. Beta Program Notice

Users in the PapeX Beta Program acknowledge the Service is provided on a pre-release basis for testing and may contain defects or limited functionality. By participating, you consent to our collection of diagnostic and performance data for product improvement.

18. Third-Party Services and Links

The Service may include integrations or links to third-party applications or websites. We do not control and are not responsible for their content, security, or privacy practices. Review the privacy policies of each third-party service you access.

19. Amendments to this Policy

We may modify this Policy at any time without prior notice. Changes become effective upon posting in the Service or on our website. Continued use of the Service following an amendment constitutes acceptance of the revised Policy.

20. Governing Law

This Policy is governed by the laws of the State of Texas, without regard to conflict-of-law principles. Any dispute arising under or related to this Policy shall be subject to the exclusive jurisdiction of the state and federal courts in Travis County, Texas, unless otherwise required by law.

21. Contact Information