Paperloom.io← Back to home

Legal

Security

How we protect your documents and data.

Encryption

All data in transit is encrypted using TLS 1.2 or higher. Data at rest in Azure Blob Storage and Supabase is encrypted using AES-256. Encryption keys are managed by the cloud provider and rotated automatically.

Document handling

Documents uploaded for extraction are transferred directly to Azure Blob Storage over HTTPS. After synchronous extraction completes, the document blob is immediately deleted. No document content is logged, cached, or retained beyond the extraction window.

Access control

  • Authentication is handled by Supabase with JWT tokens
  • All API endpoints require a valid session token
  • Workspace data is row-level secured — users can only access their own data
  • Internal systems use separate service-role keys with least-privilege access

Infrastructure

Paperloom.io runs on Microsoft Azure (West Europe region). Our cloud environments are isolated by role, and production credentials are never stored in source code or logs.

Vulnerability disclosure

If you discover a security vulnerability, please report it responsibly to security@paperloom.io. We aim to respond within 48 hours and will credit researchers who report valid issues.

Incident response

In the event of a data breach affecting customer data, we will notify affected users within 72 hours of discovery, consistent with GDPR Article 33 obligations.