Privacy Policy

Effective Date: 6 October 2025

Table of Contents

Papercare Working Papers Limited (“Papercare”, “we”, “our”, or “us”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our services. It also explains your rights and how to exercise them.

This Privacy Policy should be read together with our General Terms and Conditions and AI Terms and Conditions. In the event of a conflict, this Privacy Policy shall prevail with respect to matters of data protection and privacy.

1. Who we are

Papercare Working Papers Limited is a company registered in England and Wales (Company No. 14012780). We provide a cloud-based working papers platform designed exclusively for use by qualified accounting professionals and firms in the United Kingdom. Papercare is not intended for consumer use or for individuals under the age of 16.

  • When you interact with Papercare directly (e.g. creating an account, requesting support, or browsing our website), Papercare is the data controller.
  • When you input or upload personal data relating to your clients, staff, or third parties into the Papercare platform, you are the data controller, and Papercare acts as your data processor in accordance with the UK GDPR and the Data Protection Act 2018.
2. What personal data we collect

We collect and process the following categories of personal data:

  • Identity and contact data – name, job title, firm name, email address, telephone number.
  • Account and subscription data – usernames, login credentials, organisation details, billing status.
  • Payment and billing data – invoicing address, payment method (we do not store full card details).
  • Communications data – support requests, emails, survey responses, chat transcripts.
  • Technical and device data – IP address, browser type, device ID, operating system, access logs.
  • Usage data – login activity, feature usage, clickstream data, actions taken within the platform.
  • AI interaction data – prompts, queries, and content submitted to Papercare AI, as well as metadata relating to those interactions.
  • Marketing preferences – opt-in status for newsletters, events, or updates.

We may also collect data from:

  • Third-party services that you connect with (e.g. accounting software or integrations)
  • Public sources such as company directories
  • Analytics or hosting providers acting on our behalf
We do not require or intend to process special category personal data (such as health information, racial or ethnic origin, political opinions, or biometric data). You must not upload or input such data into the Papercare platform unless it is strictly necessary, lawful, and you have an appropriate lawful basis under UK GDPR.
3. How we use your personal data

We process your personal data for the following purposes and lawful bases:

Purpose

Lawful Basis under UK GDPR

To provide and maintain our services

Contractual necessity

To create, manage, and secure your account

Contractual necessity

To process billing and payments

Contractual necessity / Legal obligation

To respond to support or product enquiries

Legitimate interest

To send service notifications

Legitimate interest / Contractual necessity

To send you marketing communications (where opted in)

Consent / Legitimate interest

To analyse usage and improve services

Legitimate interest

To ensure platform security and prevent fraud

Legitimate interest / Legal obligation

To comply with UK legal and regulatory obligations

Legal obligation

To power, train, and improve AI features using anonymised and aggregated data

Legitimate interest

We also process anonymised and aggregated data for the legitimate interest of improving our services, understanding usage patterns, and training
proprietary AI models, provided that such data cannot identify you or any individual.

4. Cookies and tracking technologies

We use cookies and similar technologies to:

  • Recognise you when you return
  • Remember your preferences
  • Analyse site performance and usage
  • Serve relevant content or offers (where consented)

You can manage or disable cookies in your browser settings. See our Cookie Policy for more information.

5. How we share your personal data

We may share your data with trusted third parties to deliver our services, including:

  • Cloud hosting and infrastructure providers
  • Payment processors
  • Customer support and CRM tools
  • Analytics providers
  • Legal, regulatory, or professional advisers

We may also disclose data:

  • If required by law, regulation, or court order
  • In connection with a merger, sale, or acquisition of our business
  • Where you have explicitly consented

We never sell your personal data.

AI sub-processors:
To deliver AI features, Papercare may use carefully selected large language model providers, including but not limited to OpenAI and Perplexity, as sub-processors. These providers process data strictly under our instructions and in compliance with UK GDPR. We do not share your data with these providers unless you explicitly submit it as part of an AI query, and such data is not used to train public models.

A current list of our sub-processors is available upon request. We will provide you with at least thirty (30) days’ notice before appointing any new sub-processor or making material changes to the list, during which time you may object on reasonable data protection grounds.

6. International data transfers

While our primary infrastructure is in the UK, we may transfer personal data outside the UK to support integrations, customer support, or AI processing.

Whenever data is transferred outside the UK, we ensure appropriate safeguards, including UK-approved Standard Contractual Clauses or reliance on UK adequacy decisions, are in place.

7. AI and automated processing

Papercare’s AI features use machine learning technologies to analyse and process data and generate outputs designed to support accounting and related professional workflows. These outputs are algorithmically generated, may contain inaccuracies, and do not constitute professional advice. You remain solely responsible for reviewing and validating any AI-generated output before relying on it.

Where any automated processing could have legal or similarly significant effects, you have the right to:

  1. Obtain human intervention
  2. Express your point of view
  3. Contest the decision

Papercare may use anonymised and aggregated data to improve and train its AI models. This data cannot identify you, your clients, or any data subject.

8. Data security

We implement strict technical and organisational measures to protect your data, including:

  • End-to-end encryption
  • Access controls and role-based permissions
  • Regular backups and disaster recovery protocols
  • Two-Factor Authentication (2FA)
  • Continuous vulnerability monitoring
  • AI-specific safeguards, including sub-processor due diligence and prompt filtering

You are responsible for maintaining the security of your own login credentials and promptly revoking access for former users.

9. Data retention

Unless otherwise required by law or agreed in writing, we retain personal data for up to seven (7) years after the termination of your subscription. This is necessary to comply with legal, tax, and accounting obligations and to resolve potential disputes. After that period, data is securely deleted or anonymised.

AI prompts and outputs are retained only as long as needed to provide services or train anonymised models. After the retention period, your data is securely deleted or anonymised.

10. Your rights

Under UK data protection law, you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase data when it is no longer needed
  • Restrict processing in certain circumstances
  • Object to processing based on legitimate interests
  • Withdraw consent at any time (for marketing)
  • Not be subject to automated decision-making with legal or significant effects without human involvement

To exercise these rights, contact us at support@papercare.ai.
You may also lodge a complaint with the Information Commissioner’s Office: 🌐 www.ico.org.uk

11. Our role as a data processor

When you upload personal data about your clients or third parties into Papercare, you are the data controller, and Papercare is your data processor. We will:

  • Process data only on your documented instructions
  • Implement appropriate technical and organisational safeguards
  • Assist you in responding to data subject rights requests and breach notifications
  • Not use your data for our own purposes
  • Offer a Data Processing Agreement (DPA) on request

To request a DPA, email  support@papercare.ai.

12. Third-party websites

Our services may link to or integrate with third-party websites or applications. These are governed by their own privacy policies, and we are not responsible for their content or data practices.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or prominently on our website.

Your continued use of our services after the effective date of an updated Privacy Policy constitutes your acceptance of the revised terms.

14. Contact us

If you have questions or concerns about this Privacy Policy or our data handling practices, contact us at:

Email: support@papercare.ai