Privacy Policy

This policy applies to the paperboy website, mobile app, customer support interactions, and related print and delivery services.

The data controller for these services is Plastic People UG (haftungsbeschraenkt), c/o Shelley, Wendenschlossstrasse 155, 12557 Berlin, Germany.

• Account data: your name, email address, authentication details, and account settings.
• Order and delivery data: recipient names, addresses, phone numbers, order instructions, and fulfilment status.
• Uploaded content: documents, scans, photos, and other files you choose to upload for printing.
• Payment and billing data: billing records and payment status information; card details are handled by our payment provider, not stored in full by us.
• Device and app data: basic technical information such as device type, app version, log data, and push-notification tokens.
• Support data: messages, requests, and issue reports you send to us.

• To create and manage accounts and let you sign in securely.
• To accept, route, print, and deliver your orders.
• To communicate with you about your orders, support requests, and service issues.
• To process payments, issue refunds where applicable, and keep accounting records.
• To maintain service security, prevent abuse, troubleshoot problems, and improve reliability.
• To comply with legal and regulatory obligations.

• Contract: where processing is necessary to provide the service you requested.
• Legitimate interests: where processing is necessary for security, fraud prevention, support, and service operations.
• Legal obligation: where we must retain or disclose information for tax, accounting, or regulatory reasons.
• Consent: where we rely on consent, for example when you enable optional notifications or grant device permissions.

• Print and fulfilment partners: to print your documents and complete delivery.
• Technology providers: such as hosting, authentication, storage, customer support, and email delivery vendors.
• Payment providers: to process payments, billing, and refunds.
• Firebase Cloud Messaging (Google): to deliver push notifications if you enable them in the mobile app.
• Authorities or professional advisers: where disclosure is required by law or reasonably necessary to protect our rights or comply with legal process.

We do not sell your personal data.

The mobile app may request access to certain device features only when needed for app functionality.

• Camera: used if you choose to scan documents in the app.
• Photos or media files: used if you choose images or files from your device for upload.
• Notifications: used if you choose to receive order and service updates. This involves storing a push token associated with your account or device.

We do not access these features unless you trigger the relevant function and grant permission where required.

We use technical and organisational measures designed to protect personal data, including encryption in transit, restricted access controls, and operational safeguards appropriate to the type of data we process.

No internet-connected service can guarantee absolute security, but we work to reduce risk and respond to incidents appropriately.

We keep personal data only for as long as necessary for the purposes described in this policy, including fulfilment, customer support, security, accounting, and legal compliance.

• Uploaded files and scans are generally retained only as long as needed to fulfil the related order and any defined retention period.
• Payment, order, support, and audit records may be retained longer where required for accounting, fraud prevention, legal defence, or regulatory compliance.
• If you request account deletion, we will delete or de-identify data that is no longer required to be kept.

Some of our service providers may process data outside Germany or the European Economic Area. Where that happens, we rely on appropriate legal safeguards such as adequacy decisions or standard contractual clauses where required.

Depending on applicable law, you may have the right to request access, correction, deletion, restriction, objection, or portability of your personal data.

To exercise these rights or ask a privacy question, contact us at [email protected].

You also have the right to lodge a complaint with the data protection authority responsible for your place of residence or for Berlin, Germany.

We may update this Privacy Policy from time to time to reflect legal, operational, or product changes. When we do, we will update the effective date shown at the top of the page.