Last updated: 13 June 2025
Paperlater (“we”, “our”, “us”) helps you turn photos on your phone into real-world photo rolls. This policy explains how we handle personal data collected through the Paperlater mobile app and the marketing site paperlater.app.
Name, email address, phone number and shipping address you enter when you create an account or place an order.
We use these details to set up your account, send login codes, ship your rolls, provide receipts and answer support queries.
Card number, expiry date and billing postcode are captured in secure Stripe fields that are embedded in our checkout.
We never store full card numbers on our servers. Stripe processes your payment and helps us prevent fraud.
Photos you take using the app
We need this content to create, print and—if you ask—re-print your photo rolls.
The app does not request access to your camera roll or photo library
Crash logs supplied by Apple’s operating systems (if you have opted in to share them with developers)
Used only to find and fix bugs and keep the app secure.
We do not collect GPS location, health data, contact lists, device advertising identifiers or browsing history.
App functionality – to sign you in, let you capture photos, place and track orders, fight fraud and handle support.
Payment – to process transactions via Stripe.
Marketing (optional) – to send product updates or discount offers if you choose to subscribe. You can unsubscribe at any time.
We do not use your data for third-party advertising or cross-app tracking. Aggregated statistics that Apple shows us in App Store Connect are produced by Apple and are never linked back to you.
Performance of a contract – providing the service you requested.
Legitimate interests – fraud prevention, app stability and IT security.
Consent – promotional emails and non-essential cookies on the website.
Legal obligations – bookkeeping and tax compliance.
Google Firebase (Google LLC) – hosts our entire back-end. Contact details, delivery address, photos, order metadata, authentication credentials, crash logs and usage diagnostics are stored on Firebase servers located in the European Union. Google acts solely as our data-processing contractor and may not use this information for advertising. Data in Firebase is encrypted in transit and at rest.
Stripe Payments Europe – processes your card details.
Mailchimp – sends newsletters to users who have opted in.
Fujifilm Netherlands – receives your selected photos, name and address to print and ship your rolls.
Partners act under written agreements and may not use your information for their own advertising.
The site sets essential cookies for security and log-in. We also use Google Analytics and Hotjar cookies for anonymised site metrics, but only if you consent via the cookie banner. You can withdraw consent at any time in the “Manage cookies” panel or through your browser settings.
Photos are deleted six months after printing or after twelve months of account inactivity, whichever comes first.
Account and order data are retained as long as you keep an account or as required by law.
Crash logs received from Apple are stored for up to twenty-four months, then deleted or aggregated.
Email suppression lists (to honour your opt-out) are kept indefinitely.
Our servers are in the European Union (Amsterdam and Brussels). When data leaves the EEA —for example, to Stripe in the USA—we rely on the European Commission’s Standard Contractual Clauses (SCCs) or other approved safeguards.
All traffic is protected by TLS 1.3; data at rest is encrypted with AES-256. Access to production systems is limited to staff with a business need and protected by multi-factor authentication. We run regular penetration tests and automated alerts for suspicious log-ins.
EEA/UK residents – rights of access, correction, deletion, restriction, objection and portability (Articles 15-21 GDPR).
Everyone – may opt out of marketing emails, disable analytics cookies or delete their account at any time.
Email requests to support@paperlater.app; we respond within 30 days.
Paperlater is not directed at children under 18. We do not knowingly collect data from them. If you believe a child has provided personal data, please contact us so we can delete it.
We’ll post updates here and change the “Last updated” date. Significant changes will be announced in-app or by email.
support@paperlater.app
