GDPR

GDPR considerations

PaperAPI is designed to be self-hosted, giving you full control over where HTML and PDF data is processed. That means GDPR compliance is managed by the operator running the service.

Data controller

You decide how personal data is collected and processed when running PaperAPI. Ensure your own privacy policy reflects this workflow.

Retention

Configure logging and storage to match your retention requirements. PaperAPI can be run without storing PDFs beyond the response.

Security

Secure your deployment with network controls, access tokens, and TLS to protect data in transit and at rest.

Need help? Contact info@paperapi.de for guidance on PaperAPI setup.