Privacy Policy
Last Updated: 8 May 2026
1. Introduction
This Privacy Policy explains how PaperGuru AI ("PaperGuru," "we," "us," or "our"), a product of AutoTrust AI Pte. Ltd. (UEN: 202300999D), collects, uses, discloses, and protects your personal data when you access or use our website, applications, and AI-powered services (collectively, the "Services").
AutoTrust AI Pte. Ltd. is a private company limited by shares, incorporated in Singapore on 9 January 2023, with its registered office at:
60 Paya Lebar Road, #06-28, Paya Lebar Square, Singapore 409051
We are committed to complying with the Personal Data Protection Act 2012 ("PDPA") of Singapore and the guidelines issued by the Personal Data Protection Commission ("PDPC"), including the Advisory Guidelines on the Use of Personal Data in AI Recommendation and Decision Systems.
By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. Where we rely on consent as a legal basis for processing your personal data, we will obtain your consent in accordance with the PDPA before collecting, using, or disclosing such data.
This Privacy Policy should be read together with our Terms of Use. Capitalised terms not defined herein shall have the meanings given in the Terms of Use.
2. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to our practices, our Services, or applicable laws. We will notify you of material changes by posting a prominent notice on our website or sending you an email notification. We encourage you to review this Privacy Policy periodically.
Your continued use of the Services after any changes to this Privacy Policy constitutes your acknowledgement of those changes.
3. Personal Data We Collect
"Personal data" means data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which the organisation has or is likely to have access, as defined under the PDPA.
We collect the following categories of personal data:
3.1 Data You Provide to Us
| Category | Examples |
|---|---|
| Account & Profile Data | Name, email address, phone number, profile picture, company name, job title |
| Payment Data | Billing address, payment card type, last four digits of payment card. Full payment card details are collected and processed directly by our third-party payment processor, Stripe, Inc. ("Stripe"), and are not stored on our servers. Stripe's handling of your payment data is governed by the Stripe Privacy Policy. |
| User Content | Documents, text, prompts, queries, and other content you upload to or generate through the Services, including inputs to our AI features |
| Communications | Correspondence with our support team, survey responses, feedback |
3.2 Data Collected Automatically
| Category | Examples |
|---|---|
| Device & Technical Data | IP address, device type, operating system, browser type and version, device identifiers, language settings |
| Usage Data | Pages visited, features used, clickstream data, timestamps, session duration, referring URLs |
| Cookie & Tracking Data | Information collected via cookies, pixels, and similar technologies (see Section 9 below) |
3.3 Data from Third-Party Sources
| Category | Examples |
|---|---|
| Authentication Providers | Information from third-party sign-in services (e.g., Google, Microsoft) you use to create or access your account |
| Analytics Providers | Aggregated or pseudonymised insights about how users interact with our Services |
| Business Partners | Information from partners with whom we offer integrated or co-branded services |
| Stripe | Transaction status, payment confirmation, and fraud risk indicators provided by Stripe in connection with your payments |
4. Purposes for Collecting, Using, and Disclosing Personal Data
We collect, use, and disclose your personal data only for the purposes listed below, or for purposes directly related to them. We will notify you and, where required, seek your consent before using your personal data for any new or materially different purpose.
4.1 Providing and Operating the Services
- Creating and managing your account
- Providing, maintaining, and improving the Services, including our AI features
- Processing transactions and managing billing via Stripe
- Providing customer support and responding to your enquiries
4.2 AI Model Improvement and Research
- Analysing user interactions with our AI features to improve accuracy, relevance, and performance
- Conducting internal research, testing, and product development
- Important: We do not use the content of your documents or prompts to train general-purpose AI models shared with other users, unless you have given us express consent to do so. Any use of your data for AI improvement is carried out in accordance with the PDPC Advisory Guidelines on the Use of Personal Data in AI Systems.
4.3 Safety, Security, and Compliance
- Detecting, preventing, and investigating fraud, abuse, security incidents, and technical issues
- Enforcing our Terms of Use and other agreements
- Complying with applicable laws, regulations, court orders, or government requests
4.4 Communications
- Sending you service-related notices (e.g., account verification, updates, security alerts)
- Responding to your enquiries and requests
- Sending you marketing and promotional communications (only with your consent; you may opt out at any time)
4.5 Analytics and Improvement
- Understanding how users access and use the Services
- Measuring the effectiveness of our features and marketing campaigns
- Generating aggregated, anonymised, or de-identified data for business analysis
5. Consent
5.1 Obtaining Consent
We obtain your consent before collecting, using, or disclosing your personal data, unless an exception under the PDPA applies (e.g., where the collection, use, or disclosure is necessary for a purpose that a reasonable person would consider appropriate in the circumstances).
Consent may be:
- Express consent - provided explicitly (e.g., by checking a consent box or clicking "I agree")
- Deemed consent - reasonably inferred from your voluntary provision of personal data for a stated purpose, or deemed consent by notification where we have notified you of the purpose and you have not opted out within a reasonable period
5.2 Withdrawing Consent
You may withdraw your consent at any time by contacting us at privacy@paperguru.ai. We will process your withdrawal request within a reasonable timeframe and inform you of the likely consequences of your withdrawal (e.g., our inability to provide certain Services to you).
Please note that withdrawal of consent does not affect the lawfulness of any collection, use, or disclosure of personal data made prior to such withdrawal.
6. Disclosure of Personal Data
We do not sell your personal data. We may disclose your personal data to the following categories of recipients for the purposes described in this Privacy Policy:
6.1 Service Providers
Third parties who perform services on our behalf, including:
- Stripe, Inc. - payment processing, billing, and fraud prevention (Stripe Privacy Policy)
- Cloud hosting and infrastructure providers
- Analytics and performance monitoring services
- Customer support and communication platforms
- Security and fraud prevention services
Our service providers are contractually obligated to protect your personal data and may only use it for the purposes for which it was disclosed.
6.2 Business Partners
Companies we partner with to offer integrated or co-branded features, where relevant to your use of the Services.
6.3 Corporate Transactions
If we are involved in a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such transfer and of any changes to this Privacy Policy.
6.4 Legal and Regulatory Authorities
We may disclose personal data where required or permitted by law, including to:
- Comply with legal obligations, court orders, or government requests
- Enforce our Terms of Use or other agreements
- Protect the rights, property, or safety of PaperGuru, our users, or the public
6.5 With Your Consent
We may disclose your personal data to other parties where you have given us express consent to do so.
7. Cross-Border Transfers
Your personal data may be transferred to, stored in, and processed in countries outside of Singapore where our service providers or infrastructure are located. For example, Stripe may process payment data in the United States or other jurisdictions where Stripe operates.
In accordance with Section 26 of the PDPA, we will ensure that any overseas recipient of your personal data is bound by legally enforceable obligations to provide a standard of protection that is comparable to the protection under the PDPA. We achieve this through:
- Contractual safeguards - binding data protection clauses in our agreements with overseas service providers
- Comparable legal frameworks - transferring data to jurisdictions recognised as having comparable data protection standards
- Your consent - where we have informed you of the transfer and you have provided your consent
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our retention criteria include:
- The duration of your account or business relationship with us
- Whether there is a legal or regulatory obligation to retain the data
- Whether retention is necessary for the establishment, exercise, or defence of legal claims
- Whether the data is needed for legitimate business purposes such as audit and record-keeping
When personal data is no longer required, we will delete or anonymise it. Anonymised data that cannot identify any individual may be retained and used indefinitely.
9. Cookies and Tracking Technologies
We use cookies and similar technologies (e.g., pixels, web beacons, local storage) to operate, secure, and improve the Services.
9.1 Types of Cookies We Use
| Type | Purpose |
|---|---|
| Essential Cookies | Required for core functionality (e.g., authentication, security, session management). Cannot be disabled. |
| Functional Cookies | Remember your preferences and settings (e.g., language, display options). |
| Analytics Cookies | Help us understand how the Services are used so we can measure and improve performance. We use services such as Google Analytics. |
9.2 Managing Cookies
You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling certain cookies may affect the functionality of the Services.
Google Analytics Opt-Out: You may opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
9.3 Do Not Track
Our Services do not currently respond to "Do Not Track" browser signals, as there is no industry-standard protocol for such signals.
10. Data Protection and Security
We implement reasonable physical, technical, and organisational security measures to protect your personal data from unauthorised access, collection, use, disclosure, modification, disposal, or similar risks. These measures include:
- Encryption of data in transit (TLS/SSL) and at rest
- Access controls and role-based permissions
- Regular security assessments and vulnerability testing
- Staff training on data protection obligations
- Incident response procedures
While we take reasonable steps to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee the absolute security of your data.
Your Responsibilities: You are responsible for maintaining the confidentiality of your account credentials and for limiting access to your devices and accounts.
11. Your Rights Under the PDPA
Under the PDPA, you have the following rights in respect of your personal data:
11.1 Right of Access
You may request access to the personal data we hold about you and information about how it has been used or disclosed within the past year. We will respond to your request within 30 days (or such other period as permitted under the PDPA). We may charge a reasonable fee to cover administrative costs of responding to your request.
11.2 Right of Correction
You may request that we correct any personal data about you that is inaccurate, incomplete, or misleading. We will send the corrected data to organisations to which we had disclosed your personal data within the past year, unless those organisations do not need the corrected data.
11.3 Right to Withdraw Consent
You may withdraw your consent for any specific purpose of collection, use, or disclosure of your personal data at any time (see Section 5.2).
11.4 Right to Data Portability
Where applicable under the data portability provisions of the PDPA (Part VIA), you may request that we transmit your personal data that we hold to another organisation in a commonly used machine-readable format, subject to the conditions prescribed under the PDPA.
11.5 How to Exercise Your Rights
To exercise any of the above rights, please contact us at:
- Email: privacy@paperguru.ai
- Online: Submit a request via paperguru.ai/privacy-request
We may need to verify your identity before processing your request. We will respond to valid requests within 30 days or notify you if we require additional time.
12. Children's Personal Data
Our Services are not intended for individuals under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13 without appropriate parental or guardian consent, we will take steps to delete such data promptly.
For users between the ages of 13 and 18, we may require parental or guardian consent in accordance with the PDPA and PDPC guidance, where we have reason to believe the individual may lack sufficient understanding to provide valid consent.
If you believe a child under 13 has provided personal data to us, please contact us at privacy@paperguru.ai.
13. Data Protection Officer
In accordance with Section 11(3) of the PDPA, we are in the process of appointing a Data Protection Officer ("DPO") who will be responsible for ensuring our compliance with the PDPA. Until a DPO is formally appointed, all data protection queries, concerns, and complaints will be handled by our privacy team and may be directed to:
| Company | AutoTrust AI Pte. Ltd. (UEN: 202300999D) |
|---|---|
| privacy@paperguru.ai | |
| Address | 60 Paya Lebar Road, #06-28, Paya Lebar Square, Singapore 409051 |
Upon the appointment of our DPO, this Privacy Policy will be updated to reflect their contact details at dpo@paperguru.ai.
We will endeavour to address your concerns in a timely and effective manner.
14. Third-Party Links and Services
The Services may contain links to third-party websites or services that are not operated or controlled by us, including but not limited to Stripe for payment processing. This Privacy Policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party service before providing your personal data, including:
- Stripe Privacy Policy: https://stripe.com/privacy
15. Aggregated and Anonymised Data
We may create aggregated, de-identified, or anonymised data from personal data we collect by removing information that makes the data identifiable to any individual. Such data is not considered personal data under the PDPA, and we may use and disclose it for any lawful business purpose, including analytics, research, and improving our Services.
16. Governing Law
This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of Singapore. Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Singapore.
17. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:
| Company | AutoTrust AI Pte. Ltd. |
|---|---|
| UEN | 202300999D |
| Product | PaperGuru AI |
| privacy@paperguru.ai | |
| Address | 60 Paya Lebar Road, #06-28, Paya Lebar Square, Singapore 409051 |
| Website | https://paperguru.ai |