Last updated 2026-05-23

Privacy Policy

This privacy policy describes how papersync handles your data. It covers three surfaces: papersync.ai, the papersync mobile app, and the papersync plugin for Obsidian. The product is built so that we cannot see most of what would otherwise be interesting to collect, and everything that is collected is described below.

TL;DR

We never see your scans, your handwriting, your transcriptions, or your AI API keys. They go straight from your device to the AI provider you chose and to your own storage (Drive, iCloud, or a local folder).
We collect your email only if you subscribe to launch updates on papersync.ai.
papersync.ai uses anonymous, cookieless page-view counts via Cloudflare. No cross-site tracking, no profiles.
The mobile app sends a small set of selected usage events (app opens, a handful of feature taps) to PostHog on EU servers, purely to help us improve the app. No document content, no API keys, no session replays — and you can switch it off in Settings → Analytics.
That is the full list. The detailed disclosure below describes exactly what falls under each of these points.

What we never collect or see

We do not operate servers that store or process your scans, your handwriting, your transcriptions, or the API keys you use with AI providers. The papersync mobile app sends scanned images directly from your device to the AI provider whose key you provided (Anthropic, OpenAI, Google, or OpenRouter). The Obsidian plugin reads and writes files directly in your storage (Google Drive, iCloud, or a local folder). Neither the app nor the plugin proxies content through a papersync-owned server, because no such server exists.

This means we have no copy of what you scan, what text gets transcribed, which prompts you send to which provider, or what ends up in your Obsidian vault. We also have no way to recover or hand over this content to anyone, including ourselves or law enforcement.

What we do collect

There are three narrow categories, each described in detail below.

Email address (if you subscribe on papersync.ai)

If you fill in the "Get notified when your tool is supported" form on papersync.ai, your email address and the platform you selected (Obsidian, Notion, Logseq, Reflect, Mem, or Other) are sent to Kit (formerly ConvertKit), our email service provider. Kit stores your address and uses it only to send you occasional product announcements from papersync.

We never share your email with third parties, sell it, or use it for anything other than sending you updates you signed up for. Every email includes a one-click unsubscribe link.

Kit's own privacy practices are governed by their terms, available at kit.com/privacy.

Anonymous page views on papersync.ai

We use Cloudflare Web Analytics to measure aggregate traffic on this site. Cloudflare Web Analytics is cookieless. It does not store personally identifiable information, does not track you across other sites, and does not build a profile of you. We see rolled-up numbers like "how many people visited the hero section today" and nothing more granular.

Cloudflare's own practices for Web Analytics are described at cloudflare.com/trust-hub/gdpr.

App usage events (in the mobile app, opt-out available)

The papersync mobile app uses PostHog to capture aggregate product analytics. The PostHog instance we connect to is located in the European Union (eu.i.posthog.com), so event data is stored on EU infrastructure.

What is collected:

App lifecycle events: Application Opened, Application Backgrounded, Application Installed, and Application Updated. These are auto-captured by PostHog's lifecycle integration.
A small number of explicit usage events that help us understand which features are used (for example, "settings opened", "AI provider switched"). These are sent only on the corresponding user action and contain no scan content, no transcribed text, no file paths, and no API keys.
Coarse device metadata that PostHog attaches automatically: app version, operating system version, device model class, locale, and a randomly generated anonymous device ID. We do not collect your name, email, advertising identifiers (IDFA / Android Advertising ID), or precise location.

What is explicitly disabled:

Session replay (enableSessionReplay: false).
Tap and screen autocapture.
Heatmaps and surveys.

Analytics is enabled by default for new installs. You can opt out at any time in Settings → Analytics inside the app. Opting out flushes the local PostHog queue and stops all future event emission for the install.

PostHog's own privacy practices are described at posthog.com/privacy.

AI provider privacy

When the app transcribes a scan, your image is sent directly from your device to the AI provider you configured in the app, using your own API key. We do not see, log, or proxy this traffic. What each provider does with that image is governed by their own privacy policy, not ours. We strongly recommend reviewing the privacy terms of whichever provider you choose before scanning sensitive material:

Anthropic (Claude): anthropic.com/legal/privacy
OpenAI (GPT-4o and successors): openai.com/policies/privacy-policy
Google (Gemini): policies.google.com/privacy
OpenRouter: openrouter.ai/privacy

OpenRouter is a routing layer rather than a model provider on its own: when you select OpenRouter as your provider, your image is first sent to OpenRouter and then forwarded by OpenRouter to whichever upstream model you (or OpenRouter's default routing) picked — for example a Claude, GPT-4o, or open-weight Llama model hosted by an inference partner. Two privacy policies apply to that request: OpenRouter's, and the upstream provider's. Review both before scanning sensitive material via OpenRouter, and choose an upstream that matches the privacy posture you want.

Permissions the app requests

The papersync mobile app requests only the system permissions it needs to function. Each is requested with a system dialog at first use and can be revoked at any time in the operating system settings.

Camera (iOS and Android): used to capture an image of the handwritten page you are scanning. Frames are processed entirely on-device until you trigger a capture; only the captured image is sent to your configured AI provider.
Storage (Android 12 and older only): required for the legacy scoped-storage compatibility path on Android API 32 and below. On Android 13+ the app uses the Storage Access Framework (SAF) and does not request broad storage access.
Vibration (Android): used for haptic feedback when tapping the capture button. No data is associated with this permission.

Where your data lives on your device

API keys are stored in the operating system's secure keystore (iOS Keychain on iOS, Android Keystore on Android) via expo-secure-store. They are never written to plain disk and never leave the device except as the Authorization header on direct requests to the AI provider you chose.
App settings and preferences (selected AI provider, analytics opt-out flag, UI preferences) are stored in the app's private storage area via AsyncStorage. This area is sandboxed by the operating system and inaccessible to other apps.
Your captured notes and transcriptions are written directly to the storage backend you configured: a local folder on your device, your iCloud Drive, or your Google Drive. They are not written to any papersync-controlled location.

How your data is secured in transit

All network requests originated by the papersync app and plugin — requests to AI providers, requests to Google Drive, requests to PostHog — are sent over TLS. The papersync.ai website is served by Cloudflare Pages over HTTPS. We do not run a backend service that could be compromised, because we do not run a backend service.

Children's privacy

papersync is not directed to children under 13 (or under 16 where required by local law, such as in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please email contact@papersync.ai and we will delete it.

Your rights

Because the only personal data we hold about you (outside of your own device) is your email address if you subscribed, and pseudonymous PostHog event data tied to a random device ID, the practical scope of most rights is narrow. You still have them:

Under the EU General Data Protection Regulation (GDPR), if you are in the European Economic Area, the UK, or Switzerland, you have the right to access, rectify, erase, restrict processing of, and receive a portable copy of any personal data we hold about you. You may also object to processing and lodge a complaint with your local supervisory authority.

Under the California Consumer Privacy Act (CCPA / CPRA), if you are a California resident, you have the right to know what personal information we hold, to delete it, to correct it, and to opt out of sale or sharing of personal information. We do not sell or share personal information.

To exercise any of these rights, email contact@papersync.ai. If you are an email subscriber and only want to unsubscribe, the one-click link at the bottom of any email is the fastest path.

Deleting your data

There is no papersync account, so there is no account to delete. To remove the small set of locally stored items the app controls — your API keys (in the OS keystore), your app settings, and your analytics opt-out preference — uninstall the app. Uninstalling clears the app's sandbox on both iOS and Android.

Your captured notes and transcriptions live in your storage (local folder, iCloud Drive, or Google Drive). They are not deleted by uninstalling the app and are not ours to delete. Manage them in the storage provider you chose.

To remove your email address from our list, use the unsubscribe link in any email, or email contact@papersync.ai.

Cookies

papersync.ai does not set any cookies. The mobile app and Obsidian plugin do not set cookies (they are not web applications). Your browser may still receive standard HTTP-level caching headers from our hosting provider (Cloudflare Pages), but no cookies are stored.

Source code

The Obsidian plugin source will be made public when the plugin is accepted into the Obsidian Community Plugins directory. The mobile app source is closed but follows the same no-backend architecture described above. If you have specific questions about how either product handles your data before the plugin is published, email contact@papersync.ai.

Changes to this policy

If this policy changes in a material way, we will update the "last updated" date at the top of this page and announce the change to subscribers on the email list. The previous version of any clause we materially change can be requested by emailing contact@papersync.ai.

Contact

Questions about this policy or how we handle data go to contact@papersync.ai.