Privacy Policy
Last updated July 3, 2026 · Hiltos LLC
This Privacy Policy explains how Hiltos LLC (“we,” “us”) collects, uses, and shares information when you use PaperReady (the website, web app, and Print Bridge). We built PaperReady to be local-first: the contents of the labels you print normally never reach our servers.
The short version
- Your label contents stay local. For ordinary printing, label data goes from your browser straight to the Print Bridge on your own machine or network. We do not receive or store it.
- No passwords. We sign you in with a one-time email link, so we never store a password.
- Privacy-respecting analytics. Our website analytics are first-party and cookieless. We do not use third-party advertising or tracking cookies, and we honor “Do Not Track.”
- We keep metadata, not content. To run your account we store things like your email, your workspaces and workstations, the names of your printers, and job history metadata (printer name, copies, format, timestamp) — never the label content itself.
Who we are
Hiltos LLC, a Michigan limited liability company, is the controller of the personal data described here. Contact us at privacy@paperready.studio.
Information we collect
- Account information: your email address, workspace name, plan, and role. We create your account when you first sign in with a magic link.
- Workstation and printer metadata: when you pair the Print Bridge, we store the workstation name, operating system, architecture, agent version, last-seen time, and the names/status of printers it reports — so you can manage them from the dashboard.
- Job history metadata: for jobs you print, we store metadata (printer name, number of copies, format, status, timestamp). We do not store the printed label content.
- Billing information: if you subscribe, our payment processor (Stripe) collects and processes your payment details. We receive a customer identifier and subscription status; we do not store full card numbers.
- Communications: if you email us for support, we keep that correspondence.
- Website analytics: a first-party, cookieless pageview measurement. For each view we record the page path, referring site, a coarse country (from network metadata), whether the device is mobile, and a daily-rotating, non-reversible visitor hash. We do not store your raw IP address or set a tracking cookie, and we skip measurement when your browser sends “Do Not Track.”
- Cloud API data (optional): if you use the metered cloud API, the print payload you send transits our servers to reach the target workstation. We hold it only transiently to deliver the job and delete it as soon as the job is delivered, failed, or expired. See “Cloud API” below.
Cookies
We set a single, strictly-necessary cookie (a signed session token) after you sign in, so the app knows you’re logged in. We do not use advertising, analytics, or cross-site tracking cookies.
How we use information
We use the information above to provide and secure the Service, authenticate you, sync your workstations/printers/job history across devices, process payments, respond to support requests, understand aggregate website traffic, comply with law, and prevent abuse.
Legal bases (EEA/UK)
Where the GDPR or UK GDPR applies, we rely on: performance of a contract (to provide the Service), legitimate interests (to secure the Service and understand aggregate traffic in a privacy-preserving way), consent (where required), and legal obligation.
How we share information
We do not sell your personal information. We share it only with service providers who process it on our behalf under contract (our “subprocessors”), listed at our subprocessors page — currently our payment processor, transactional email provider, content-delivery/security provider, and hosting provider. We may also disclose information to comply with law or to protect rights and safety, or in connection with a merger or acquisition (with notice).
International transfers
We operate in the United States. If you access the Service from outside the U.S., your information will be processed in the U.S. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.
Data retention
We keep account information for as long as your account is active. Job-history metadata is retained according to your plan (the free plan shows a rolling window; paid plans retain full history) and is deleted when you delete your account. Analytics records are aggregate and pseudonymous. Cloud API payloads are deleted as soon as a job settles.
Security
We use industry-standard measures including encryption in transit (TLS), a loopback TLS certificate for local communication, hashed and one-time sign-in tokens, least-privilege access, and encrypted, access-controlled databases. No method of transmission or storage is perfectly secure, but we work to protect your information and will notify you and regulators of a breach as required by law.
Your rights
Depending on where you live, you may have the right to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to withdraw consent. Residents of California have rights under the CCPA/CPRA (including the right to know, delete, correct, and to opt out of “sale”/“sharing” — we do neither). Residents of the EEA/UK have rights under the GDPR. To exercise any right, email privacy@paperready.studio; we will verify your request and respond within the time the law requires. We will not discriminate against you for exercising your rights.
Children
The Service is not directed to children and is not intended for anyone under 16. We do not knowingly collect personal data from children.
Do Not Track
We honor the browser “Do Not Track” signal: when it is set, we do not record analytics for your visit.
Changes
We may update this Policy. Material changes will be posted here with an updated date and, where appropriate, announced by email or in-app.
Contact
Hiltos LLC, 11108 S 34th St, Vicksburg, MI 49097 — privacy@paperready.studio.
More policies: Terms of Service · Cookie Policy · Print Bridge License · Acceptable Use Policy · Data Processing Addendum · Subprocessors · Developer API Terms