Privacy Policy

Effective May 5, 2026.

Papercut is a service that helps you stop receiving physical junk mail. To do that, we have to know your name and mailing address (so we can identify you to senders) and we have to read what’s on the mail you photograph (so we know who to email). This policy describes everything we collect, why, who else sees it, and how to remove it.

What we collect

From you directly

• Legal name and US mailing address. Used to identify you to senders in the unsubscribe email we send on your behalf. Senders match removal requests by exact name + address against their mailing-list databases.
• Email address. If you sign in with Apple, we receive the email associated with your Apple ID. We use it for account login and account-related notifications.
• Phone number. If you use the SMS interface, your phone number identifies your account and is the channel for status updates.
• Photos of physical mail. We process photos to identify senders. Photos are deleted from our servers immediately after we extract sender information from them. We do not keep image files.

Generated as you use the service

• Sender identification data. The names of senders we extracted from your photos, with our confidence scores and reasoning. We keep this so we can show you your unsubscribe queue and avoid re-processing duplicates.
• Unsubscribe queue. A record of which senders we have emailed on your behalf, when, and the resulting status (sent, confirmed removed, requires manual action, bounced).
• Sender replies. When a sender replies to one of our requests on your behalf, we store the reply text so we can classify and surface the outcome to you.
• Subscription status. Whether you have an active paid subscription, and when it renews or expires.

Automatically

• Server logs. Standard request metadata (IP, user agent, timestamps) generated by our hosting provider for operational and security purposes. We do not use these for advertising or behavioral profiling.

What we don’t collect

• We do not use third-party analytics or advertising SDKs.
• We do not track you across other apps or websites.
• We do not access your contacts, your photo library beyond the photos you explicitly send us, or any other personal data on your device.
• We do not collect financial information directly. Payment is handled entirely by Apple through the App Store.

How your data is used

• Your name and address are inserted into outbound unsubscribe emails so senders know whose record to remove.
• Your photos are sent to a vision model to identify the senders pictured. Photos are not used for any other purpose and are deleted seconds after analysis.
• Your unsubscribe queue is shown back to you in the app or over SMS so you can see the status of each request.
• Your subscription status determines whether you can queue additional unsubscribes once your free quota is used.

Who we share data with

We use a small number of subprocessors to operate the service. Each one only sees the data necessary for its role.

• Supabase — our database, authentication, and serverless function host. Stores all of the data described above except photos (which transit through and are deleted).
• Anthropic — the vision model that identifies senders from photos, and the language model that interprets sender replies and locates opt-out contacts on the public web. Each request includes only what is necessary for that step.
• Resend — sends outbound unsubscribe emails on your behalf to the sender opt-out addresses we have collected.
• Postmark — receives replies from senders that come back to our reply address and forwards them to our backend for classification.
• Brave Search — public-web search for finding opt-out contact information of senders we don’t already know. Only the sender’s name is sent; never your data.
• Twilio — sends and receives SMS for users on the SMS interface.
• Apple — when you sign in with Apple ID and when you purchase a subscription through the App Store.
• Doppler — secrets-management for our internal credentials. Does not see user data.
• Cloudflare — domain DNS and the static site you are reading.

The senders to whom we send unsubscribe emails on your behalf will see your name and mailing address. That is the entire point: that’s how they know whose record to remove.

We do not sell your personal information. We do not share it with advertisers or data brokers. We do not transfer it to any party outside the subprocessors above except when required by valid legal process.

Where data is stored

The service operates from US-based infrastructure. If you are outside the United States, your data will be transferred to and processed in the United States.

How long we keep things

• Photos: deleted within seconds of vision processing.
• Identified-sender names, queue rows, and reply records: kept until you delete your account.
• The shared senders reference table — which contains brand names and their opt-out email addresses — is anonymous (no PII, no link to any individual user) and is retained indefinitely so that future users benefit from prior discoveries.

Your rights

• Access: You can see your queue and account data in the app at any time. To request a complete export, email [email protected].
• Correction: Edit your name and address in the app’s Settings.
• Deletion: Use “Delete account” in the app’s Settings, or email [email protected]. We delete your account, profile, scans, mail-piece records, unsubscribe queue, and the replies senders sent in response to your requests. Unsubscribe emails already dispatched on your behalf cannot be retracted. Anonymous brand-and-opt-out-address rows in our shared senders reference table are not user-identifiable and are retained.
• California residents (CCPA): You have the rights described above plus the right to know what personal information we have collected, to receive a portable copy, and to opt out of any sale of personal information. We do not sell personal information. To exercise CCPA rights, email [email protected].
• EEA / UK residents: The service is intended for US residents. If you nonetheless use it, you have rights under the GDPR analogous to those above; contact us at the same address.

Children

Papercut is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has used the service, contact us and we will remove the account.

Security

We use industry-standard practices: data is transmitted over TLS, secrets are stored in dedicated secrets-management infrastructure, and access to user data is restricted at the database row level so users can only read their own records. No system is perfectly secure; if we ever discover a breach affecting your data we will notify you within the timeframes required by applicable law.

Changes to this policy

If we change this policy in a way that materially affects what we do with your data, we will notify users in the app or by email before the change takes effect. The “Effective” date at the top will always reflect the latest version.

Contact

Questions? [email protected].

Home  ·  Terms