Back to Home

Privacy Policy

Last updated: December 10, 2025

1. Introduction

MagicPaper ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document management service ("the Service").

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, password (encrypted), and profile picture when you create an account
  • Documents: Files you upload to the Service, including PDFs, images, and other document formats
  • Payment Information: Billing details when you subscribe to a paid plan (processed by our payment provider)
  • Communications: Information you provide when contacting our support team

2.2 Information Collected Automatically

  • Usage Data: How you interact with the Service, features used, and actions taken
  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP address, access times, pages viewed, and referring URLs
  • Cookies: Small data files stored on your device for authentication and preferences

2.3 Information from Third Parties

If you choose to sign in using OAuth providers (Google, Facebook, Apple, GitHub), we receive basic profile information as permitted by your privacy settings on those platforms.

3. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve the Service
  • Process and store your documents securely
  • Perform OCR text extraction and AI-powered document classification
  • Process payments and manage subscriptions
  • Send service-related notifications and updates
  • Respond to your inquiries and provide customer support
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

4. Document Processing and AI

When you upload documents, we process them using third-party AI services to provide OCR and document enrichment features:

  • OCR Technology: To extract text from images and scanned documents
  • AI Classification: To automatically categorize and tag your documents
  • Metadata Extraction: To identify dates, amounts, and other relevant information

Third-Party Services: Your documents may be processed by external services including:

  • Microsoft Azure: For OCR and document intelligence services
  • OpenAI: For advanced OCR and document analysis using AI models

These services are used solely to provide the Service features. We ensure that all processing respects the confidentiality and security of your data. We do not use your document content to train AI models or for any purpose other than providing the Service to you.

Your Consent: By using the Service, you consent to the processing of your documents through these third-party services as described in this Privacy Policy.

5. Data Storage and Security

We implement robust security measures to protect your data:

  • Encryption: All documents can be encrypted using AES-256 encryption before storage
  • Secure Storage: Data is stored on secure servers with industry-standard protection
  • Access Controls: Strict access controls ensure only you can access your documents
  • HTTPS: All data transmission is encrypted using TLS/SSL

5.1 Data Storage Location

Primary Storage (Switzerland): Your user data, documents, and account information are stored and processed in the Switzerland region using the following services:

  • Supabase: Database and storage services are hosted in Switzerland
  • Microsoft Azure: When Azure services are used for OCR and document processing, data is processed in Azure data centers located in Switzerland

Exception - OpenAI: When documents are processed using OpenAI services, the data may be transferred to and processed in regions outside of Switzerland. OpenAI does not guarantee that data will remain in a specific geographic region. We recommend reviewing OpenAI's privacy policy for more information about their data processing practices.

This storage and processing arrangement ensures compliance with Swiss data protection laws and, where applicable, the General Data Protection Regulation (GDPR).

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party services that help us operate the Service (hosting, payment processing, analytics)
  • Legal Requirements: When required by law or to respond to legal process
  • Protection: To protect the rights, property, or safety of MagicPaper, our users, or the public
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

7. Your Rights (GDPR and Swiss Data Protection Law)

Under the General Data Protection Regulation (GDPR) and Swiss data protection laws, you have the following rights:

  • Right of Access: Request a copy of your personal data and information about how it is processed
  • Right of Rectification: Request correction of inaccurate or incomplete data
  • Right of Erasure: Request deletion of your data ("right to be forgotten"), subject to legal obligations that may require us to retain certain information
  • Right to Data Portability: Request transfer of your data in a machine-readable format
  • Right to Restriction of Processing: Request limitation of data processing in certain circumstances
  • Right to Object: Object to processing of your data, particularly for direct marketing purposes
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing based on consent before its withdrawal

How to Exercise Your Rights: You can exercise these rights at any time by:

  • Using the account settings in the Service to access, modify, or delete your data
  • Contacting us directly at privacy@magicpaper.app

We will respond to your request within 30 days, in accordance with applicable data protection laws. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account:

  • Your documents will be permanently deleted within 30 days
  • Account information will be deleted or anonymized
  • Some data may be retained for legal or legitimate business purposes

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and security
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand how users interact with the Service

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

10. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Primary Processing in Switzerland: As described in Section 5.1, your data is primarily stored and processed in Switzerland. However, in certain circumstances, your information may be transferred to and processed in countries other than Switzerland:

  • OpenAI Services: When using OpenAI for document processing, data may be transferred to regions outside of Switzerland. We ensure that appropriate safeguards are in place, including contractual agreements that protect your data.
  • Other Service Providers: We may use service providers located outside of Switzerland for specific functions (e.g., payment processing, analytics). In such cases, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission and Swiss data protection authorities.

All international data transfers are conducted in compliance with Swiss data protection laws and, where applicable, the GDPR. We maintain strict contractual obligations with all third-party service providers to ensure your data is protected according to the same standards we apply.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@magicpaper.app

Data Protection Officer: dpo@magicpaper.app

Privacy Policy - MagicPaper | MagicPaper