Security & Privacy
Your documents never sit on our servers
PaidWrite is built for documents you don't want sitting on a SaaS dashboard — lien waivers, COIs, W-9s, Safety Data Sheets. Here's exactly how we treat them.
- 1
Zero-storage document processing
Uploaded documents are processed in memory and discarded immediately. Original files are never written to disk on our servers, never backed up, and never sent to a data lake. Only the redacted analysis result is retained — and it contains no document text.
- 2
No PII in analysis results
License numbers, SSNs, EINs, addresses, and signatures are stripped before the analysis is stored. Risk findings reference clauses and statutes, not personal identifiers.
- 3
Encryption in transit and at rest
All traffic to PaidWrite is TLS 1.2+ (HSTS preloaded). Database encryption at rest is enabled by default in our managed Postgres. Secrets are stored in encrypted environment vars and rotated quarterly.
- 4
Least-privilege access
Production access is limited to two engineers, requires hardware key 2FA, and every administrative action is logged. We do not read customer documents.
- 5
CCPA + GDPR posture
You can request deletion of your account and all retained metadata at any time (support@paidwrite.app). We do not sell personal information. California residents can use the "Do Not Sell" link in the footer.
Subprocessors
Vendors that process data on our behalf. We notify customers of material changes 30 days in advance.
| Vendor | Purpose | Region |
|---|---|---|
| Cloudflare | CDN, DNS, edge compute (Workers, KV, Pages) | Global edge |
| Anthropic | Document analysis (Claude API) | United States |
| AWS | Compute, ephemeral storage (no document persistence) | us-west-2 |
| Resend | Transactional email | United States |
| Plausible / GA4 | Privacy-respecting analytics (consent-gated) | European Union / United States |
Reporting a security issue
Email security@paidwrite.app. We acknowledge within one business day. We don't run a paid bug bounty yet — but we credit researchers in our disclosure log when fixes ship.
For privacy requests (delete my data, access my data, opt out of analytics): privacy@paidwrite.app.
Educational reference. Nothing on this page is legal advice. See the Privacy Policy and Terms of Service for binding terms.