Paradocs

Last updated: May 18, 2026

Privacy Policy for Paradocs

Last updated: May 18, 2026

Paradocs is a local-first AI workspace for documents, data, code, and research workflows. Our core privacy principle is simple: your files, embeddings, knowledge graphs, and research context should remain under your control by default.

This Privacy Policy explains how Paradocs handles personal data, research data, and connected third-party data during the closed beta and future use of the service.

Paradocs is currently operated by Oscar Fonsati and Kaleb Girmay, private individuals based in Sweden. Until Paradocs AB is incorporated and assumes formal responsibility, Oscar Fonsati and Kaleb Girmay act as joint data controllers for the personal data described in this policy.

You can contact us at:

Email: hello@paradocs.ink
Country: Sweden

When Paradocs AB is incorporated, this policy will be updated with the company name, registration number, and formal controller details.

1. Our Privacy Philosophy

Paradocs is built around a local-first architecture.

By default, Paradocs processes your files and workspace data locally on your own device or infrastructure. This includes, where technically applicable:

  • Documents
  • PDFs
  • Spreadsheets
  • Code files
  • Jupyter notebooks
  • Local embeddings
  • Local vector databases
  • Local knowledge graphs
  • Research queries and workspace context

This means that, by default, your research files and local AI context do not leave your device.

Some features may require optional external processing, such as cloud sync, connected storage, hosted inference, or bring-your-own-key AI providers. These features are opt-in and are described below.

2. Who This Policy Applies To

This policy applies to:

  • Visitors to the Paradocs website
  • Closed beta users
  • Users who create a Paradocs account
  • Users who connect third-party services such as Google Drive or Workspace
  • Users who contact us for support
  • Future individual, team, and enterprise users

Paradocs is not intended for individuals under the age of 18.

3. What Data We Collect

We aim to collect as little personal data as possible.

3.1 Account Data

When you register for Paradocs, join the beta, or manage your account, we may collect:

  • Name
  • Email address
  • Institutional or company affiliation
  • Role or research area, if you provide it
  • Login and authentication information
  • Subscription or plan status

We use this data to create and manage your account, provide access to the beta, communicate with you, and provide support.

3.2 Billing Data

If you become a paying user, we may process billing-related data such as:

  • Name
  • Email address
  • Billing address
  • Subscription plan
  • Payment status
  • Invoice information

Payment card details are processed by our payment provider and are not stored directly by Paradocs.

Payment provider: Stripe

3.3 Website and Cookie Data

When you visit our website, we may process basic technical data such as:

  • IP address
  • Browser type
  • Device information
  • Approximate location based on IP address
  • Pages visited
  • Login session data

We use strictly necessary cookies to provide secure login sessions and core website functionality.

We do not use third-party advertising cookies or cross-site tracking cookies unless this policy is updated and you are given appropriate notice and choice.

3.4 Technical Metadata

To maintain software stability, security, and compatibility, Paradocs may collect limited technical metadata such as:

  • Application version
  • Operating system
  • Device type
  • Error logs
  • Crash reports
  • Performance metrics
  • Local inference performance metrics

Technical metadata is used to improve reliability, debug issues, and prevent misuse.

Technical metadata should not include the contents of your files, research queries, prompts, embeddings, or knowledge graphs.

3.5 Support Communications

If you contact us by email, form, or another support channel, we may process:

  • Your name
  • Your email address
  • Your message
  • Attachments or screenshots you choose to send
  • Any technical details you provide

Please avoid sending sensitive research data, patient data, confidential documents, or other sensitive information through support channels unless we have explicitly agreed on a secure support process.

4. Local Workspace Data

Paradocs is designed so that workspace data is processed locally by default.

Local workspace data may include:

  • Files you open in Paradocs
  • Document contents
  • Code
  • Notebooks
  • Spreadsheets
  • PDFs
  • Notes
  • Citations
  • Workspace structure
  • Embeddings
  • Vector databases
  • Knowledge graphs
  • Local AI context
  • Local agent memory
  • Research queries and responses

By default, this data remains on your device or infrastructure.

Paradocs does not access, upload, sell, or train models on your local workspace data.

You are responsible for managing the security of your own device, local storage, backups, and access permissions.

5. Connected Third-Party Services

Paradocs may allow you to connect third-party services such as:

  • Google Drive
  • Google Workspace
  • Local file systems
  • Network drives
  • Email accounts
  • Calendar services
  • Git repositories
  • Other storage or productivity tools

These integrations are optional.

When you connect a third-party service, Paradocs only requests access needed to provide the feature you choose to use.

For example, if you connect Google Drive, Paradocs may need permission to list, read, index, or retrieve files that you authorize Paradocs to access.

You can revoke third-party access through the third-party provider's settings or, where available, through Paradocs.

6. Google Drive and Google Workspace Data

If you choose to connect Google Drive or Google Workspace, Paradocs may process Google user data only to provide user-facing features inside Paradocs.

Paradocs' use and transfer of information received from Google APIs will comply with the Google API Services User Data Policy, including the Limited Use requirements.

This means:

  • We only use Google data to provide or improve user-facing Paradocs features.
  • We do not sell Google user data.
  • We do not use Google user data for advertising.
  • We do not use Google user data to train general-purpose AI models.
  • We do not allow humans to read your Google files except where strictly necessary for security, abuse prevention, legal compliance, or support requested by you.
  • We do not transfer Google user data except as necessary to provide Paradocs, comply with law, or protect security.

If Paradocs stores Google access tokens, they are used only to maintain the connection you authorize. You may revoke access at any time.

When you disconnect Google from Paradocs or delete your account, we will delete stored Google access tokens and any Google-derived data stored by Paradocs, unless retention is required by law or necessary for security.

7. AI Processing

Paradocs uses AI features to help users work with documents, data, code, and research context.

AI features may include:

  • Document analysis
  • Code assistance
  • Querying workspace context
  • Knowledge graph reasoning
  • Summarization
  • Notebook or data workflow assistance
  • Agent-based workspace actions

You remain in control of which workspaces, files, and tools an AI agent may access.

Paradocs supports multiple AI processing modes.

8. Local AI Mode

Local AI mode is the default privacy-preserving mode.

In local AI mode:

  • AI processing runs on your device where technically possible.
  • Your local embeddings and knowledge graph remain local.
  • Paradocs does not log your prompts, responses, files, or research queries.
  • Your local workspace data is not used to train general AI models.

This is the recommended mode for sensitive, unpublished, confidential, or regulated work.

9. Optional Hosted Inference

For heavier reasoning tasks, Paradocs may offer optional hosted inference through secure infrastructure.

This mode is opt-in.

When you use hosted inference, selected prompts, files, snippets, embeddings, or workspace context may be transmitted to Paradocs-controlled or Paradocs-approved infrastructure for processing.

Hosted inference will only process the data needed to provide the requested feature.

Hosted inference is designed to use:

  • EU or Swedish infrastructure
  • Zero-logging or minimal-logging configurations
  • Encryption in transit
  • Strict access controls
  • Data processing agreements with infrastructure providers

Hosted inference data is not used to train general-purpose AI models.

Before using hosted inference for highly sensitive data, regulated research data, patient-related data, confidential business data, or unpublished research, you should confirm that the selected processing mode is appropriate for your legal, institutional, and contractual obligations.

10. Bring Your Own Key Providers

Paradocs may allow you to connect your own API keys for external AI providers.

Examples may include:

  • OpenAI
  • Anthropic
  • Google
  • Other model providers

This is optional.

If you choose to use your own API key, the data you send through that provider will be processed by the external provider according to its own terms and privacy policy.

Paradocs does not control how external providers process data sent through your own API key.

Paradocs does not store, access, or log the content sent to external AI providers through your own API key unless explicitly stated in the product interface or required to provide the feature.

You should review the relevant provider's terms and privacy policy before using BYOK mode, especially for sensitive or regulated data.

11. Legal Bases for Processing

We process personal data only when we have a legal basis under GDPR.

Data categoryPurposeLegal basis
Account dataCreate and manage your account, provide beta access, communicate with youContract or steps prior to contract
Billing dataProcess payments, invoices, accountingContract and legal obligation
Website session dataSecure login, authentication, website functionalityContract and legitimate interest
Technical metadataDebugging, security, stability, abuse preventionLegitimate interest
Support communicationsRespond to questions and provide helpContract or legitimate interest
Google access tokensProvide connected Google Drive or Workspace featuresConsent and contract
Optional hosted inference dataProvide AI processing requested by youContract or consent, depending on feature
Legal recordsComply with Swedish and EU legal obligationsLegal obligation

Where processing is based on consent, you may withdraw your consent at any time. Withdrawal of consent does not affect processing that happened before consent was withdrawn.

12. International Transfers

Where possible, Paradocs aims to use Swedish or EU-based infrastructure.

Some providers may process data outside the EU/EEA. Where personal data is transferred outside the EU/EEA, we rely on appropriate safeguards, such as:

  • Adequacy decisions
  • Standard Contractual Clauses
  • Data processing agreements
  • Additional technical and organizational safeguards where required

For local-first processing, your local workspace data remains on your own device or infrastructure unless you choose to use a feature that sends data externally.

13. Data Retention

We keep personal data only for as long as necessary for the purposes described in this policy.

Data typeRetention period
Account dataFor as long as your account is active, then deleted or anonymized within a reasonable period after account deletion
Billing and invoice dataAs required under applicable Swedish accounting and tax law
Support emailsFor as long as needed to resolve the issue and maintain reasonable business records
Technical logsFor a limited period needed for security, debugging, and reliability
Google access tokensUntil you disconnect Google, revoke access, or delete your account
Local filesStored locally by you. Paradocs does not control retention
Local embeddings and knowledge graphsStored locally by you. Paradocs does not control retention
Hosted inference dataRetained only as needed to provide the feature, unless otherwise stated in the product interface

Backups may persist for a limited period before deletion is fully completed.

14. Security

We use technical and organizational measures designed to protect personal data, including where applicable:

  • Local-first processing by default
  • Encryption in transit
  • Access controls
  • Least-privilege internal access
  • Secure authentication
  • Vendor due diligence
  • Data processing agreements
  • Logging minimization
  • Separation between local workspace data and account data

No system is completely secure. You are responsible for securing your own device, accounts, passwords, local files, and any external services you connect to Paradocs.

15. Sensitive and Regulated Data

Paradocs is designed for data-sensitive work, but users remain responsible for determining whether Paradocs is appropriate for their specific legal, ethical, contractual, or institutional obligations.

This is especially important for:

  • Patient data
  • Health data
  • Genetic or genomic data
  • Unpublished research data
  • Trade secrets
  • Legal documents
  • Confidential business information
  • Export-controlled or defense-related information
  • Personal data relating to other individuals

Do not use optional external providers, hosted inference, or connected services with sensitive data unless you have confirmed that the processing mode is appropriate for your obligations.

Institutional or enterprise use may require a separate data processing agreement, security review, or enterprise contract.

16. Your Rights Under GDPR

If GDPR applies to you, you have the right to:

  • Access your personal data
  • Correct inaccurate personal data
  • Request deletion of your personal data
  • Restrict certain processing
  • Object to certain processing
  • Request data portability
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with a supervisory authority

To exercise your rights, contact us at:

hello@paradocs.ink

You may also lodge a complaint with the Swedish Authority for Privacy Protection, Integritetsskyddsmyndigheten, at:

https://www.imy.se

17. Account Deletion

You may request deletion of your account by contacting:

hello@paradocs.ink

When your account is deleted, we will delete or anonymize personal data associated with your account unless we need to retain certain information for legal, accounting, fraud prevention, dispute resolution, or security purposes.

Deleting your Paradocs account does not automatically delete files, embeddings, knowledge graphs, or other data stored locally on your own device or infrastructure.

You are responsible for deleting local workspace data from your own device if you wish to remove it.

18. Beta Period Notice

Paradocs is currently in closed beta.

During the beta period:

  • Some features may change.
  • Some integrations may be experimental.
  • Some processing modes may not yet be available.
  • Infrastructure and subprocessors may change as the product develops.
  • Paradocs AB may replace the current individual controllers once incorporated.

We will update this policy as the product, company structure, and processing activities evolve.

Beta users will be notified of material changes where appropriate.

19. Changes to This Policy

We may update this Privacy Policy from time to time.

When we make material changes, we will update the "Last updated" date and, where appropriate, notify users by email or in-product notice.

Your continued use of Paradocs after an updated policy becomes effective means that the updated policy applies to your use of the service.

20. Contact

For privacy questions, account deletion requests, or GDPR rights requests, contact:

Paradocs
Email: hello@paradocs.ink
Country: Sweden

Until Paradocs AB is incorporated, Paradocs is operated by Oscar Fonsati and Kaleb Girmay as private individuals based in Sweden.

Privacy Policy for Paradocs