Privacy Policy

Paperbark.ai Pty Ltd (ABN 94 688 956 774) (“Paperbark,” “we,” “our,” or “us”) values your privacy. This Privacy Policy (“Policy”) describes how Paperbark collects, uses, discloses, and processes the personal information of our Merchants and their end-customers. In this Policy, “Personal Information” means any information which Paperbark processes about you from which you can be directly or indirectly identified, in accordance with the Privacy Act 1988 (Cth).

We collect information that is reasonably necessary to provide our “Organic Intelligence” services:

• Merchant Data: Name, business address, email, and API credentials for third-party platforms (e.g., Shopify, Meta).
• Customer Data (Processed on your behalf): As a Data Processor, we process your end-customers’ PI (e.g., purchase history) via “Read-Only” API scopes to generate insights.
• Technical Data: Device ID, IP address, and platform interaction data.

• Nature of Processing: We process data to generate predictive insights and e-commerce recommendations.
• Human-In-The-Loop (HITL): Paperbark operates strictly on a HITL basis. No AI-generated insight or action is executed without the Merchant’s explicit approval via the Platform.
• The “No-Training” Warranty: Paperbark warrants that it does not use identifiable Merchant or Customer Data to train or fine-tune generic Large Language Models (LLMs) for the benefit of other users or third parties.

• Restricted Data Use: Data obtained via Meta and Shopify APIs is used exclusively for the core functionality of the Paperbark agent. We do not sell, license, or transfer this data to data brokers, nor do we use it for surveillance.
• Mandatory Webhooks & Deletion: In compliance with Shopify and Meta developer terms, we actively monitor and process mandatory privacy webhooks (including customers/data_request, customers/redact, and shop/redact). Upon receipt of a redaction request, we permanently purge the specified Customer PI from our systems within 30 days.

• Data Sovereignty: All PI, including data processed by our LLM sub-processors, is hosted locally in Australia (e.g., AWS Sydney Region, AU-hosted AI inference endpoints).
• Security Posture: We employ AES-256 encryption at rest and TLS 1.3 in transit.
• Retention & Purge: Customer PI is stored only for the duration of an active Subscription. Upon account termination, uninstallation of the Paperbark app, or a valid deletion request, data is subjected to a strict 30-day purge cycle.

Merchants and end-customers have the right to access, correct, or request the deletion of their PI. For all privacy inquiries, Data Subject Access Requests (DSARs), or to invoke the right to be forgotten, please contact us at: help@paperbark.ai.