Effective Date: April 9, 2026
Introduction
Papermaxxing (“Papermaxxing,” “we,” “us,” or “our”) created this Privacy Policy to explain how we collect, use, and disclose personal information in connection with our website, authenticated paper-trading workstation, and related pages, products, and features that display or reference this Privacy Policy (collectively, the “Services”).
Papermaxxing is a paper-trading product. The Services are built to help users define a playbook, simulate execution, review performance, and use AI-assisted workspace features before any real-money workflow exists.
By using the Services, you agree to the collection, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Use.
1. Personal data we collect
We collect the information reasonably necessary to operate, secure, and improve Papermaxxing. The categories below reflect the product as it exists today.
A. Information you provide to us
- Account information. When you create or access a Papermaxxing account, we may collect your email address, authentication data, and related account information. If you use Google sign-in, we receive the information needed to complete that sign-in flow. If you use email or password-based flows, those flows run through Supabase Auth.
- Workspace and onboarding information. We collect the settings and preferences you choose, including items such as agent name, time zone, language, watchlist selections, autonomy mode, approval preferences, paper-account setup, risk rules, and onboarding responses. Some onboarding drafts and workspace settings may also be stored locally in your browser so you can resume your setup.
- Paper-trading and workspace content. We collect the desk content you create or trigger in the product, including simulated orders, positions, watchlists, journals, daily recaps, missions, alerts, notifications, workflow activity, playbooks, and related workspace records.
- Chat and AI inputs. If you use chat features, we collect your messages, attachment context, slash-search queries, generated replies, and related metadata. To keep context across sessions, chat history and conversation-memory summaries are stored with your account.
- Voice and image inputs. If you use voice input, your audio recording is sent for transcription and the resulting transcript may be used like any other chat input. If you upload a chat image, custom portrait, or playbook file, we store the file or a reference to it in our systems. Playbook uploads may include Markdown, text, image, or PDF files.
- Notifications and communications. We collect your email address for authentication and account messages. If you enable SMS alerts, we collect your phone number, verification attempts, confirmation status, and notification delivery records. If you contact us, we collect the information you choose to include in that message.
- Brokerage and account-linking information. If you saved brokerage API credentials in an earlier version of the product, we may store the provider name, a masked API key, encrypted credentials, and related timestamps until you remove them or your account is deleted. New brokerage-linking and account-import features are currently disabled.
B. Personal information we collect when you use the Services
- Usage information. We record product and security events needed to run the service, such as authentication activity, workflow execution, paper-trading events, notification delivery status, and troubleshooting or abuse-prevention logs.
- Device and request information. Like most online services, we and our providers may receive browser type, operating system, request timestamps, and IP-address based request metadata to deliver, secure, and debug the Services.
- Cookies and similar technologies. We use cookies and browser storage for authentication, protected-route access, CSRF protection, password recovery flows, local onboarding and settings state, and similar core product behavior. We do not currently use advertising cookies.
- Information from third parties. We may receive information from third-party providers that support the Services, including Google for sign-in, Supabase for authentication and storage, market-data providers such as Massive, search providers such as Exa when you use search features, communications providers such as Resend and Twilio, media providers such as Giphy when optional GIF features are used, and infrastructure or storage providers that host product assets.
C. Information we do not knowingly collect
Papermaxxing does not currently process purchases or subscriptions in the app, so we do not collect payment card information through the Services. We also do not knowingly request sensitive information such as government identification numbers, health information, biometric data, or precise location data. Please do not upload that type of information into chat, playbooks, or other workspace fields.
Our Services are not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided personal information to us, contact us at [email protected].
2. How we use your personal information
- To provide, maintain, and improve the Services.
- To authenticate users and manage workspace access.
- To persist onboarding choices, settings, paper-trading records, and other workspace state.
- To power AI features such as chat, voice transcription, playbook digests, workflow outputs, recaps, summaries, and related operator tooling.
- To deliver account, security, execution, proposal, recap, and behavioral notifications by email or SMS when you enable those channels.
- To provide market data, search, news, optional brokerage features, and similar product functionality.
- To detect abuse, enforce our terms, troubleshoot failures, and protect users and the service.
- To create aggregated or de-identified information for product and operational improvement.
We do not sell your personal information.
3. How we disclose your personal information
- Vendors and service providers. We use third-party providers to operate the Services, including for authentication and database storage (such as Supabase), hosting and application delivery, private object storage, market data and news, web search, transactional email, transactional SMS, and error monitoring.
- AI providers. When you use AI features, we may send prompts, workspace context, playbook content, uploaded images, or audio files to OpenAI to generate responses, transcripts, summaries, and workflow outputs.
- Brokerage and account-linking providers. If you previously used optional brokerage-related features, we may still disclose the information needed to maintain or remove legacy stored credentials. New brokerage-linking and account-import features are currently disabled.
- Legal, compliance, and safety. We may disclose information when required by law, to respond to lawful requests, or to protect our rights, users, or the service.
- Business transfers. If Papermaxxing is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to standard confidentiality protections.
- With your direction or consent. We may disclose information when you ask us to or otherwise give permission.
Our Sentry error-monitoring configuration is designed not to send raw auth or session tokens, request bodies, uploaded playbook contents, or full prompt and response payloads by default.
4. Your choices
- You can update many workspace settings and preferences from within the app.
- You can enable or disable notification channels. SMS alerts are optional and require an explicit opt-in plus phone verification before phone delivery is enabled.
- You can remove legacy saved brokerage credentials from the app while that cleanup setting remains available.
- You can delete your account from the app. That flow requires a fresh MFA verification and is designed to remove the auth account and saved workspace records tied to it.
- Browser-local drafts and preferences can also be removed by clearing your browser storage.
- You may contact us at [email protected] with privacy questions, access requests, or deletion requests.
5. Purposes and legal basis of processing (where applicable)
Depending on your region, we generally process personal information on the basis of contract (to provide the Services you request), legitimate interests (such as security, fraud prevention, operations, and product improvement), and consent where consent is the appropriate basis for optional features or communications.
6. Data retention
We retain account and workspace data while your account is active and as needed to provide the Services. Chat history, paper-trading records, playbooks, workflow logs, notification records, and similar workspace data are generally retained with the workspace until deletion, subject to operational and legal requirements.
Browser-local items such as onboarding drafts, workspace settings snapshots, and desk-tour state remain in your browser until they are cleared, overwritten, or you clear browser storage. Phone verification codes expire quickly, although verification and delivery records may be retained longer for security and notification integrity. We review retention practices periodically.
7. Security
We use reasonable technical, administrative, and organizational safeguards designed to protect personal information. These include TLS for data in transit, provider-managed encryption at rest for managed storage, access controls for production systems, and multi-factor authentication for sensitive account actions where configured. No online system can guarantee absolute security.
8. International transfers
Papermaxxing is operated from the United States. If you use the Services from outside the United States, your information may be processed in the United States or other countries where our providers operate.
9. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version here and update the Effective Date above.
10. Contact information
For privacy questions or requests: [email protected]