Privacy Policy

Last updated: 2026-05-06

This Privacy Policy describes how PaperPulse ("we", "us", "the service"), operated by Mondosoft, collects, uses, and protects your personal information when you use paperpulse.mondosoft.io.

1. Information we collect

• Account: your email address and a SHA-256 hash of the bearer token used to authenticate your dashboard and API requests.
• Billing: your Stripe customer ID and subscription ID. We do not store credit-card numbers — Stripe handles all payment data directly.
• Usage data: the topic queries you create, the papers we matched to those topics, and timestamps of digests sent to you. Aggregate request counts are kept in memory for monitoring.

2. How we use your information

• To send digest emails matching your topic queries.
• To process subscription payments through Stripe.
• To send transactional emails — login tokens, payment confirmations, account notices.
• To monitor service health and prevent abuse.

3. Third-party processors

We share only the data necessary for the service to function with the following processors:

• Stripe — payment processing. stripe.com/privacy
• SendGrid (Twilio) — transactional and digest email delivery. twilio.com/legal/privacy
• Anthropic — your topic description (and only that) is sent to the Claude API to suggest matching tags and to filter AI-curated journal feeds. anthropic.com/legal/privacy
• Fly.io — application hosting and database storage.

We do not sell your data, share it with advertisers, or use it for any purpose other than operating the service.

4. Data retention

Your account data is retained for as long as your account is active. If you cancel your subscription, your topics and history are preserved so you can re-subscribe and pick up where you left off. If you delete your account (Settings → Delete account, or by emailing support), all of your data — topics, paper matches, digest history, and account record — is permanently removed.

5. Your rights

• Access / portability: contact support to request a copy of your data.
• Deletion: use the "Delete account" button in Settings, or email support, to permanently remove your data.
• Correction: update your email or topics from the dashboard at any time.
• If you are in the EU/UK you have additional rights under GDPR; if you are in California you have additional rights under CCPA/CPRA. Email support to exercise them.

6. Cookies and local storage

We use browser localStorage to keep your bearer token between visits to the dashboard. We do not use tracking cookies or third-party analytics.

7. Security

Bearer tokens are SHA-256 hashed before storage. All traffic is encrypted in transit via HTTPS. Tokens automatically expire after 30 days.

8. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to active subscribers.

9. Contact

For privacy questions or requests, email support@mondosoft.io.

← Back to home