Paperclip (“we,” “our,” “us”) operates the runpaperclip.com platform. This policy describes what we collect, why, and what we do with it.
Here's what we know about you and why. No surprises.
Account information: name, email address, and OAuth profile data (e.g., GitHub avatar) when you create an account.
Payment information: processed entirely by Stripe. We never see, store, or touch your card number. We receive transaction confirmations and billing metadata only.
Usage data: API calls, agent activity logs, model consumption, performance metrics, and operational telemetry. This is how we bill you and keep things running.
Agent content: prompts you send, agent outputs, code generated, issues filed, and documents created through the Service. This content is stored in your isolated instance.
Your name, your email, what your robots did, and how much it cost. That's it. We don't want your browsing history or your diary.
We use your information to:
We do not sell your personal data. Ever. We do not use your agent content to train AI models. We do not share your data with advertisers.
We use your data to run the thing you're paying us to run. We don't sell it. We don't snoop. We're busy enough.
Each user's agent instance runs in an isolated Docker container with its own database. Your agent data is not shared with or accessible to other users. Platform-level data (account, billing, authentication) is stored in a shared database with standard access controls.
Your robots live in their own box. Nobody else can see inside it.
All data in transit is encrypted via TLS. Secrets are stored in HashiCorp Vault, not environment variables. Payment processing is handled entirely by Stripe under PCI DSS compliance. We use OAuth for authentication (GitHub, Google) — we never store your passwords in plaintext.
TLS everywhere, secrets in a vault, payments via Stripe. We take this part seriously even if our ToS has zombie pirates in it.
Your account data is retained as long as your account is active. Agent instance data is deleted within 30 days of instance suspension or account deletion. Billing records and audit logs may be retained for up to 7 years for legal and tax compliance. You may delete your account at any time through the Settings page.
Delete your account and your data goes with it. We keep tax receipts because we have to.
We use the following third-party services that may process your data:
Each service operates under its own privacy policy and data processing agreements.
These companies touch your data in specific ways. We picked them on purpose. Read their policies if you're curious.
We use essential cookies for authentication session management. We do not use tracking cookies, analytics cookies, or advertising cookies. There is no cookie banner because there is nothing to consent to beyond “this website remembers that you logged in.”
One cookie. It remembers you're logged in. That's it. No banner. You're welcome.
You may request access to, correction of, or deletion of your personal data at any time by emailing privacy@runpaperclip.com or by deleting your account through the Settings page. If you are in the EU, UK, or California, you have additional rights under GDPR, UK GDPR, or CCPA respectively. We will comply with valid requests within 30 days.
Want your data? Ask. Want it deleted? Hit the button. Want to exercise your GDPR rights? We'll handle it.
The Service is not intended for anyone under 18. We do not knowingly collect data from minors. If we learn that we have, we will delete it immediately.
You must be this tall to ride.
We may update this policy at any time by posting the revised version on this page. Your continued use of the Service after changes are posted constitutes acceptance.
Same deal as the ToS. We change it, you keep using it, that's agreement.
Questions about this policy? Email privacy@runpaperclip.com
We read this one faster than legal@. Probably.