Privacy Policy

Papyro is a self-hosted team workspace published by Ege Bilge (sole proprietor), trading as "Papyro". The data controller for the activities described here is Ege Bilge.

Contact: [email protected]

Papyro is designed so that the data your team puts into the software — notes, boards, chat messages, files, accounts — lives only on the server you deploy it on. The software does not phone home, does not call our API, and is not capable of telling us anything about how it is being used. We have no access to your workspace and cannot recover content from it.

This policy therefore covers only the data we receive directly: licensing, billing, support, and website visits.

• License & customer records — name, business email, company name, license ID, edition, seat count, expiry date.
• Billing data — invoices, transaction IDs, billing address. Card data is handled by our payment processor; we never see it.
• Support correspondence — emails you send us and our replies.
• Server logs — IP, user-agent, referrer and requested path for papyro.dev, kept transiently for abuse prevention.

• Performance of a contract — issuing licenses, renewals, support.
• Legal obligation — invoicing and tax bookkeeping.
• Legitimate interest — abuse prevention, basic security logging, sending pre-expiry renewal reminders.
• Consent — only where required (e.g., optional product news, which we currently do not operate).

papyro.dev does not set tracking cookies and does not run third-party analytics. The only cookies the site uses are functional preferences (e.g., theme and language) set at first interaction and stored on your device. No data is transmitted to advertising or analytics networks.

We share personal data only with service providers strictly necessary to run the business — our email service provider, payment processor, hosting provider for papyro.dev, and our tax accountant. They process data on our instructions and under written safeguards.

We do not sell, rent, or trade personal data.

Some service providers are located outside Türkiye and outside the European Economic Area. Where this is the case we rely on Standard Contractual Clauses (GDPR art. 46) or the safeguards listed in KVKK art. 9, as applicable.

• License & customer records: while the license is active and for ten (10) years afterwards for accounting purposes.
• Invoices and tax records: ten (10) years (statutory).
• Support correspondence: up to three (3) years after the last interaction.
• Server logs: up to thirty (30) days.

If you are in the European Economic Area or the United Kingdom you have rights under the General Data Protection Regulation, including access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with your supervisory authority.

If you are in Türkiye your rights under KVKK art. 11 are described in our KVKK Information Notice at https://papyro.dev/tr/legal/kvkk .

To exercise any right, email [email protected]. We respond within thirty (30) days.

Papyro is sold to businesses and is not directed at children under 16. We do not knowingly collect personal data from children.

We may revise this policy. The "Last updated" date at the top of the page always reflects the current version. Material changes are communicated by email to active licensees.