Privacy Policy

Last updated: April 9, 2026

1. What we collect

When you use White Paper System, we collect:

  • Account information (email address, name) provided at registration
  • Content you create — white paper projects, outlines, drafts, evidence uploads
  • Style profile data extracted from documents you upload for analysis
  • Billing information processed by Stripe (we do not store card numbers)
  • Usage data — which pipeline steps you complete, paper counts
  • Authentication tokens managed by your OAuth provider (Google, GitHub) if applicable

2. How we use your data

  • To operate the white paper production pipeline and store your projects
  • To process payments and manage subscription billing via Stripe
  • To analyze uploaded documents for style fingerprinting (processed by Claude AI, not stored beyond your profile)
  • To enforce paper usage limits based on your subscription plan
  • We do not sell your data. We do not use your white paper content to train AI models.

3. Third-party services

  • Anthropic (Claude AI) — processes your prompts and document content to generate white paper sections. Subject to Anthropic's privacy policy.
  • Stripe — processes all payment transactions. We pass your billing details to Stripe; we do not store them.
  • Netlify — hosts the application. Standard Netlify data processing applies.
  • OAuth providers — if you sign in with Google or GitHub, those services handle authentication.

4. Data retention

Your account data and project content are retained while your account is active. You may request deletion of your account and all associated data by contacting us. Stripe retains transaction records per their legal obligations.

5. Cookies

We use session cookies necessary for authentication and to maintain your login state. We do not use tracking cookies or third-party advertising cookies. No consent banner is required for strictly necessary cookies under GDPR.

6. Your rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Object to processing of your data
  • Data portability — receive your data in a machine-readable format

To exercise these rights, contact us via the email associated with your account.

7. Security

We use industry-standard security practices including HTTPS encryption, hashed passwords, and Stripe for payment processing. We do not store plain-text passwords or unencrypted payment data.

8. Changes to this policy

We may update this privacy policy. Material changes will be communicated via email to registered users. Continued use after changes constitutes acceptance.