Privacy Policy

Last Updated: January 23, 2026

Notice for California Residents: If you are a California resident, please see Section 17 below for important information about your privacy rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Introduction

PaperMind Puzzles (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and puzzle generation services at papermindpuzzles.io (the “Service”).

Please read this Privacy Policy carefully. By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

1. Information We Collect

1.1 Personal Information You Provide

When you register for an account or use our Service, we may collect:

  • Account Information: Name, email address, username, and password
  • Payment Information: Billing address and payment method details (processed securely by our payment processor – we do not store credit card numbers)
  • Profile Information: Any additional information you choose to provide in your profile
  • Communications: Messages, feedback, or support requests you send to us

1.2 Automatically Collected Information

When you use our Service, we automatically collect:

  • Usage Data: Puzzle generation history, puzzle types created, download activity, and feature usage
  • Device Information: IP address, browser type, operating system, device identifiers
  • Cookies and Tracking Technologies: Session data, preferences, and analytics information (see Section 5 for details)
  • Log Data: Access times, pages viewed, referring URLs, and error reports

1.3 Information We Do NOT Collect

  • Puzzle Content: We do not store the actual puzzles you generate or their solutions
  • Payment Card Details: Credit card information is processed directly by our payment processor and never stored on our servers

2. How We Use Your Information

We use your information for the following purposes:

2.1 Service Delivery

  • Create and manage your account
  • Generate and deliver puzzles based on your specifications
  • Process payments and manage subscriptions
  • Track usage limits for free-tier users
  • Provide customer support and respond to inquiries

2.2 Service Improvement

  • Analyze usage patterns to improve our puzzle algorithms
  • Develop new features and puzzle types
  • Fix bugs and optimize performance
  • Conduct research and analytics

2.3 Communications

  • Send account-related notifications (password resets, subscription updates)
  • Provide customer support responses
  • Send service announcements and important updates
  • Market our services (with your consent – see Section 8)

2.4 Legal and Security

  • Comply with legal obligations and enforce our Terms of Service
  • Detect and prevent fraud, abuse, or security threats
  • Protect our rights, property, and safety and that of our users

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide our Service to you
  • Legitimate Interests: Improving our Service, preventing fraud, and ensuring security
  • Consent: Marketing communications and optional analytics (you may withdraw consent at any time)
  • Legal Obligations: Compliance with applicable laws and regulations

4. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us:

  • Payment Processing: Stripe, PayPal, or other payment processors (for subscription billing)
  • Hosting Services: Cloud hosting providers (e.g., AWS, DigitalOcean) that store our data
  • Email Services: Email delivery services for account notifications
  • Analytics Providers: Google Analytics or similar services (see Section 5)

All service providers are contractually obligated to protect your data and use it only for specified purposes.

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

  • Legal process (subpoenas, court orders)
  • Government or regulatory requests
  • Protection of our rights, property, or safety
  • Investigation of fraud or security issues

4.3 Business Transfers

If PaperMind Puzzles is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different Privacy Policy.

4.4 With Your Consent

We may share information with third parties when you explicitly consent or direct us to do so.

5. Cookies and Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our Service.

5.2 Types of Cookies We Use

Essential Cookies (Required)

  • Session management and authentication
  • Security and fraud prevention
  • Required for the Service to function

Functional Cookies (Optional)

  • Remember your preferences and settings
  • Improve user experience

Analytics Cookies (Optional)

  • Google Analytics or similar services
  • Track usage patterns and site performance
  • Help us improve the Service

5.3 Your Cookie Choices

You can control cookies through:

  • Browser Settings: Most browsers allow you to refuse or delete cookies
  • Opt-Out Tools: Google Analytics opt-out browser add-on
  • Do Not Track: We honor Do Not Track signals from your browser

Note: Disabling essential cookies may prevent you from using certain features of our Service.

6. Your Privacy Rights (GDPR & CCPA)

Depending on your location, you have the following rights:

6.1 Access and Portability

  • Request a copy of the personal data we hold about you
  • Receive your data in a structured, machine-readable format

6.2 Correction and Update

  • Correct inaccurate or incomplete personal data
  • Update your account information at any time

6.3 Deletion (“Right to be Forgotten”)

  • Request deletion of your personal data
  • We will delete your data unless we have a legal obligation to retain it

6.4 Restriction and Objection

  • Restrict processing of your data in certain circumstances
  • Object to processing based on legitimate interests

6.5 Withdraw Consent

  • Withdraw consent for marketing communications or optional data processing
  • Does not affect the lawfulness of processing before withdrawal

6.6 Data Portability

  • Receive your data in a portable format
  • Transmit your data to another service provider

6.7 Lodge a Complaint

  • File a complaint with your local data protection authority
  • EU users: Contact your national supervisory authority
  • UK users: Contact the Information Commissioner’s Office (ICO)
  • California users: See Section 17 for CCPA rights

To exercise these rights, contact us at: privacy@papermindpuzzles.io

We will respond to your request within 30 days (or as required by applicable law).

7. Data Retention

We retain your personal data only as long as necessary:

  • Active Accounts: Data retained while your account is active
  • Inactive Accounts: Deleted after 12 months of inactivity (with prior notice)
  • Usage History: Puzzle generation history retained for 30 days
  • Payment Records: Billing information retained for 7 years (tax/legal compliance)
  • Marketing Lists: Removed immediately upon unsubscribe

After deletion, we may retain anonymized or aggregated data for analytics purposes.

8. Marketing Communications

8.1 Opt-In

We only send marketing emails with your explicit consent (opt-in).

8.2 Opt-Out

You can unsubscribe from marketing emails:

  • Click “Unsubscribe” in any marketing email
  • Adjust preferences in your account settings
  • Email us at privacy@papermindpuzzles.io

8.3 Transactional Emails

You cannot opt out of essential service emails (e.g., password resets, subscription renewals) as they are required for the Service.

9. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: HTTPS/TLS encryption for data in transit
  • Secure Storage: Encrypted databases and secure servers
  • Access Controls: Limited employee access on a need-to-know basis
  • Regular Audits: Security assessments and vulnerability testing
  • Password Protection: Secure password hashing (bcrypt or similar)

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

10. Children’s Privacy

Our Service is not intended for children under 13 (or 16 in the EEA). We do not knowingly collect personal data from children.

If you are a parent or guardian and believe your child has provided us with personal information, contact us immediately at privacy@papermindpuzzles.io, and we will delete it.

11. International Data Transfers

If you are located outside the United States, your data may be transferred to and processed in California, U.S., where our servers may be, and business operations are located.

For EEA/UK users:

  • We use Standard Contractual Clauses (SCCs) approved by the European Commission
  • We ensure adequate safeguards are in place for international transfers
  • You have the right to request information about these safeguards

12. Third-Party Links

Our Service may contain links to third-party websites or services (e.g., Amazon KDP, social media). We are not responsible for the privacy practices of these third parties. Please review their privacy policies before providing them with information.

13. Commercial Use and Puzzle Rights

Important: While you have full commercial rights to the puzzles you generate (as stated in our Terms of Service), this Privacy Policy governs only your personal data, not the puzzles themselves.

  • Your Puzzles: You own the puzzles you create and can use them commercially
  • Your Data: We own and control your account and usage data as described in this policy

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date.

For Material Changes:

  • We will notify you via email (if you have an account)
  • We may display a prominent notice on our website
  • Continued use of the Service after changes constitutes acceptance

We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us:

PaperMind Puzzles
Email: privacy@papermindpuzzles.io
For GDPR/EEA Users:
If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.

For California Residents:
See Section 17 below for information about exercising your CCPA/CPRA rights.

16. GDPR Compliance Summary

For EU/EEA users, we comply with the General Data Protection Regulation (GDPR):

✓ Lawful Processing: We process data based on contract, consent, or legitimate interests
✓ Data Minimization: We collect only necessary data
✓ Purpose Limitation: Data used only for stated purposes
✓ Accuracy: You can update your data anytime
✓ Storage Limitation: Data retained only as long as necessary
✓ Security: Industry-standard protection measures
✓ Your Rights: Full access to rights outlined in Section 6

17. CALIFORNIA RESIDENTS: YOUR PRIVACY RIGHTS

Effective Date: This section applies as of January 1, 2023, under the California Privacy Rights Act (CPRA).

17.1 Notice at Collection

As required by California law, we provide the following notice about the personal information we collect:

Categories of Personal Information Collected (Last 12 Months):

CategoryExamplesCollected?Business Purpose
IdentifiersName, email, username, IP address✅ YesAccount creation, service delivery, communication
Commercial InformationSubscription history, payment records✅ YesBilling, subscription management
Internet ActivityBrowsing history, puzzle generation history✅ YesService improvement, analytics
Geolocation DataIP-based location✅ YesSecurity, fraud prevention
InferencesPreferences, puzzle difficulty patterns✅ YesPersonalization, service improvement
Sensitive Personal InformationAccount credentials (password)✅ YesAuthentication, security
Financial InformationPayment method, billing address✅ YesPayment processing (via third-party processor)

Not Collected:

  • Social Security numbers
  • Driver’s license numbers
  • Precise geolocation
  • Race, ethnicity, religious beliefs
  • Health information
  • Sexual orientation
  • Biometric data

17.2 Sources of Personal Information

We collect personal information from:

  1. Directly from you: Account registration, profile updates, support requests
  2. Automatically: Cookies, analytics tools, server logs
  3. Third parties: Payment processors (transaction confirmations)

17.3 Business/Commercial Purposes for Collection

We use your personal information for:

  • Service delivery: Providing puzzle generation services
  • Account management: Creating and maintaining your account
  • Payment processing: Billing for Pro subscriptions
  • Customer support: Responding to inquiries and support requests
  • Security: Fraud prevention and platform security
  • Analytics: Improving service quality and user experience
  • Communications: Sending service updates and marketing (with consent)
  • Legal compliance: Meeting legal and regulatory obligations

17.4 Categories of Third Parties We Share With

We share personal information with:

  • Service Providers: Payment processors, hosting providers, email services, analytics platforms
  • Professional Advisors: Lawyers, accountants (as needed)
  • Government Entities: When required by law or legal process

We do NOT sell or share personal information for cross-context behavioral advertising.

17.5 Retention Periods

See Section 7 for detailed retention periods. Summary:

  • Active account data: Duration of account + 12 months
  • Payment records: 7 years (legal compliance)
  • Usage data: 30 days
  • Marketing consent: Until withdrawn

17.6 Your California Privacy Rights

Under the CCPA/CPRA, California residents have the following rights:

Right to Know

Request disclosure of:

  • Categories and specific pieces of personal information we’ve collected
  • Categories of sources from which we collected it
  • Our business/commercial purposes for collecting it
  • Categories of third parties we share it with
  • Specific pieces of personal information we hold about you

Right to Delete

Request deletion of your personal information (subject to certain exceptions).

Right to Correct

Request correction of inaccurate personal information.

Right to Opt-Out of Sale/Sharing

We do NOT sell or share your personal information for cross-context behavioral advertising. If our practices change, we will provide a “Do Not Sell or Share My Personal Information” link.

Right to Limit Use of Sensitive Personal Information

Request limitation on the use of sensitive personal information (e.g., passwords). We only use sensitive information for permitted purposes (authentication, security).

Right to Non-Discrimination

You have the right to exercise your privacy rights without receiving discriminatory treatment, including:

  • Denial of services
  • Different prices or rates
  • Different quality of service
  • Suggestion that you’ll receive different pricing or quality

We will NEVER discriminate against you for exercising your CCPA/CPRA rights.

17.7 How to Exercise Your California Rights

Submitting Requests:

You can exercise your rights by:

  1. Email: privacy@papermindpuzzles.io (Subject: “California Privacy Rights Request”)
  2. Account Dashboard: [Link to privacy settings if available]
  3. Phone: [Your contact number – optional]

What to Include in Your Request:

  • Your full name
  • Email address associated with your account
  • Type of request (Know, Delete, Correct, Opt-Out)
  • Specific information you’re requesting (if applicable)

Verification Process:

To protect your privacy, we will verify your identity before processing requests:

  1. We’ll ask you to confirm the email address associated with your account
  2. For “Right to Know” requests involving sensitive data, we may require additional verification
  3. You may designate an authorized agent to make requests on your behalf (agent must provide proof of authorization)

Response Timeline:

  • We will acknowledge receipt within 10 business days
  • We will respond to your request within 45 days (may extend up to 90 days for complex requests with notice)
  • If we deny your request, we will explain why

17.8 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. The agent must:

  • Provide written authorization signed by you
  • Verify their own identity
  • Provide proof of authorization (power of attorney or signed permission)

We may still require you to verify your identity or confirm you authorized the agent.

17.9 California “Shine the Light” Law

Under California Civil Code Section 1798.83, California residents may request information about our disclosure of personal information to third parties for direct marketing purposes.

Our Practice: We do not share personal information with third parties for their direct marketing purposes.

If you have questions, contact us at privacy@papermindpuzzles.io with “California Shine the Light Request” in the subject line.

17.10 California Do Not Track Disclosure

We honor “Do Not Track” (DNT) signals from browsers. When we detect a DNT signal:

  • We will not track your activity across third-party websites
  • We will limit analytics collection to essential functions only

Note: Some essential cookies are still required for the Service to function.

17.11 California Minors

If you are a California resident under 18 and have an account, you may request removal of content or information you posted. Contact privacy@papermindpuzzles.io.

Note: Removal does not ensure complete deletion (e.g., if reposted by others or required by law to retain).

17.12 Notice of Financial Incentive

We do not currently offer financial incentives (e.g., discounts, rewards programs) that require collection of personal information. If we introduce such programs, we will provide a separate notice describing:

  • Material terms of the program
  • How to opt-in
  • How the incentive relates to the value of your data
  • How to withdraw

17.13 California Contact for Privacy Questions

For California-specific privacy inquiries:

PaperMind Puzzles – California Privacy Rights
Email: privacy@papermindpuzzles.io
Subject Line: “CCPA Privacy Rights Request”

We will respond to all verified California privacy requests within the timeframes required by law.

18. Summary of Key Points

What we collect: Name, email, payment info, usage data, IP address
Why we collect it: Provide service, process payments, improve platform
Who we share with: Service providers only (payment processors, hosting, analytics)
Your rights: Access, delete, correct, opt-out (varies by location)
Selling data: We do NOT sell your personal information
California residents: See Section 17 for CCPA/CPRA rights
EU residents: See Sections 3 & 16 for GDPR rights
Contact us: privacy@papermindpuzzles.io

Scroll to Top