Privacy Policy

Last updated: April 1, 2026

Effective Date: April 1, 2026
Last Updated: April 1, 2026

1. Overview

PaidWrite ("we," "our," or "us") provides an AI-powered document analysis service for contractors and subcontractors. This Privacy Policy explains how we collect, use, and protect information when you use our mobile app, web extension, or related services.

2. Information We Collect

2.1 Device Identifier

When you first launch PaidWrite, we generate a random device UUID (a unique identifier). This identifier is stored on your device and sent with every API request. We use it to associate your scans with your device without requiring an account.

2.2 Document Text

When you submit a document for analysis, we receive the extracted text from your document. We do not store the original document file. Text is processed in memory to generate the analysis and then discarded. We store only the analysis results (risk level, compliance issues, summary) — not the raw document text.

2.3 Analysis Results

We store structured analysis results (document type, risk level, compliance issues, token usage) associated with your device UUID. These results do not contain personally identifiable information extracted from documents.

2.4 Payment Information

Payments are processed by Stripe. We do not store full payment card details. We store the Stripe session ID, transaction amount, and payment status.

2.5 Email Address (Optional)

If you provide an email address for receipts or email-based document submission, we store it associated with your device or account. We use it only to send receipts and analysis results.

2.6 Account Information (Optional)

If you create an account, we store your email address and hashed password. We never store passwords in plain text.

3. Information We Do NOT Collect

  • We do not collect Social Security Numbers, EINs, or other tax identifiers from W-9s
  • We do not collect bank account numbers, routing numbers, or financial account details
  • We do not store original document files or images on our servers
  • We do not sell your data to third parties

4. How We Use Information

  • To provide the document analysis service
  • To process payments via Stripe
  • To send email receipts when requested
  • To improve our AI models using anonymized, aggregated analysis data (never individual documents)
  • To enforce rate limits and prevent abuse

5. Data Sharing

We share data only with the service providers listed in our Subprocessor List, including:

  • Stripe — for payment processing (Stripe Privacy Policy applies)
  • AI model providers (Google, Groq, DeepSeek via LiteLLM) — document text is sent for analysis. These providers are bound by their own privacy policies and data processing agreements.
  • Resend — for transactional email delivery
  • Neon — database hosting provider (data stored in US-East-1)
  • Upstash — rate limiting and caching (Redis)
  • Sentry — error monitoring and performance tracking (no document content)
  • Railway — application hosting
We do not sell, rent, or share your data with advertising networks or data brokers. For information on international data transfers, see our Data Processing Addendum.

6. Data Retention

  • Analysis results: retained for 2 years from the scan date
  • Payment records: retained for 7 years (legal/tax requirement)
  • Device records: retained until deletion request or 2 years of inactivity
  • Email addresses: retained until you request deletion or unsubscribe

7. Your Rights

You may request:

  • Access: A copy of data associated with your device UUID or account
  • Deletion: Removal of your data from our systems
  • Correction: Updates to incorrect information
To exercise these rights, email privacy@paidwrite.app with your device UUID or account email.

8. Security

We use industry-standard security measures including:

  • TLS encryption for all data in transit
  • Encrypted database storage (Neon Postgres on AWS)
  • No document file persistence — files are processed in memory and discarded
  • API keys and secrets stored in environment variables, never in code

9. Children's Privacy

PaidWrite is not intended for users under 18. We do not knowingly collect data from children.

10. California Privacy Rights (CCPA)

California residents have the right to know what personal information we collect, request deletion, and opt out of sale (we do not sell personal information). To exercise these rights, contact privacy@paidwrite.app.

11. Cookies and Local Storage

For details on cookies, local storage, and similar technologies used by PaidWrite, see our Cookie Policy.

12. Changes to This Policy

We will notify users of material changes by updating the "Last Updated" date and, for registered users, via email. Continued use of PaidWrite after changes constitutes acceptance.

13. Contact

Email: privacy@paidwrite.app
Mailing address: ContraForge LLC, California, USA