Data & Privacy

01. Session-Scoped Data Processing. For authenticated users, manuscript content is temporarily persisted in the PagePerfect database for the sole purpose of session recovery (preventing data loss from page refreshes, network interruptions, or browser crashes). This data is automatically deleted (a) upon user-initiated sign-out, or (b) within 24 hours of the last edit, whichever occurs first. For anonymous (unauthenticated) users, no server-side manuscript storage occurs; text is held in temporary server memory solely for the duration of each compilation and purged immediately upon completion or failure. In both cases, eazyaccess ltd does not perform any content analysis, machine learning training, or natural language processing on user manuscripts. Local browser storage (IndexedDB) is used independently for client-side session recovery and is not transmitted to eazyaccess ltd servers.

02. Account Data. Upon registration, the following personal data is collected and stored in our self-hosted PocketBase database: email address, display name (optional, user-provided), authentication method (email/password or OAuth provider token), subscription tier (Drafter, Publisher, or Studio), and Stripe customer/subscription identifiers for paying users. Manuscript content is stored temporarily for session recovery as described in Section 01 and is not considered permanent account data. No additional personal data is collected, inferred, or purchased from third-party data brokers. eazyaccess ltd does not sell, rent, license, or otherwise commercialise user personal data to any third party under any circumstances.

03. Payment Processing. All financial transactions are processed by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. Card numbers, CVVs, and banking credentials are transmitted directly from the user’s browser to Stripe’s infrastructure via Stripe.js and are never received by, transmitted through, or stored on eazyaccess ltd servers. eazyaccess ltd receives only: a payment confirmation token, the associated Stripe customer ID, and subscription status. Stripe’s privacy policy governs the handling of payment data on their systems.

04. Third-Party Authentication. Users may authenticate via Google OAuth 2.0 or GitHub OAuth. Upon successful authentication, eazyaccess ltd receives: email address, display name, and a provider-scoped access token. We do not request, receive, or store the user’s password from any OAuth provider. Token scope is limited to profile identification. Users may revoke PagePerfect’s access at any time via their Google or GitHub account settings.

05. Compilation Metadata. For each compilation request, the following non-content metadata is recorded: user ID (if authenticated), template identifier, page size identifier, compilation status (success/failure), compilation duration in milliseconds, and error classification (if applicable). This metadata is used solely for service reliability monitoring, rate limiting, and aggregate usage analytics. No manuscript content, titles, headings, or textual fragments are included in compilation metadata records.

06. Data Hosting & Infrastructure. User account data is stored in a self-hosted PocketBase instance running on a dedicated Digital Ocean virtual machine managed by eazyaccess ltd via the Coolify deployment platform. The database engine is SQLite, operating within a single-tenant environment. The backend compilation service runs in an isolated Docker container on the same infrastructure. No user data is stored on third-party SaaS platforms beyond the payment processing described in Section 03.

07. Data Deletion & Portability. Users may request complete account deletion by contacting privacy@pageperfect.studio. Upon verified request, eazyaccess ltd will permanently delete: the user record, all associated manuscript data (if any session-scoped records remain), all compilation metadata, and the Stripe customer association (note: Stripe retains its own records per their data retention policy and applicable financial regulations). Deletion is executed within 30 calendar days of verified request. Users may export their account data in JSON format prior to deletion upon request.

08. Cookies & Telemetry. PagePerfect uses strictly necessary cookies for session authentication (PocketBase auth token). Functional telemetry is collected for service reliability monitoring (error rates, compilation success rates, page load performance). No third-party advertising cookies, tracking pixels, or cross-site identifiers are deployed. See our Tracking & Telemetry page for the complete cookie inventory.

09. Policy Amendments. eazyaccess ltd reserves the right to amend this policy. Material changes — defined as any modification affecting the collection, processing, sharing, or retention of personal data — will be communicated to all registered users via the email address on file no fewer than 30 calendar days before the effective date. The “Effective” date at the top of this document reflects the date of the most recent revision. Continued use of the service after the effective date constitutes acceptance of the amended terms.

10. Data Controller. The data controller for all personal data processed under this policy is eazyaccess ltd, a company registered in England and Wales. For all data protection inquiries, subject access requests, or complaints, contact: privacy@pageperfect.studio. If you believe your data protection rights have not been adequately addressed, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.