Privacy Policy
Boat Paper LTD · paperboat.world
Last updated: 25 April 2026 · Version 8.4
Introduction
Your privacy matters to us. This policy explains what information Paper Boat collects, why we collect it, and how we use it. It is written in plain English, because you deserve to understand what you are agreeing to.
This policy applies to our website at https://paperboat.world and the Paper Boat app on iOS and Android. By using either, you agree to what is described here. If anything is unclear, please contact us at [email protected].
Paper Boat is operated by Boat Paper LTD, a company registered in England and Wales. Our registered address is Unit 2, Wayners, Ashton, Leominster, HR6 0DN.
Definitions
The following terms are used throughout this policy:
| Term | Meaning |
|---|---|
| Company / we / us | Boat Paper LTD, registered at Unit 2, Wayners, Ashton, Leominster, HR6 0DN. We make Paper Boat. |
| Country | The United Kingdom, where Paper Boat is based. |
| Device | Any internet-connected device — phone, tablet, or computer — used to access Paper Boat. |
| IP address | A number assigned to your device when it connects to the internet. It can indicate your approximate location. |
| Personal Data | Any information that can identify you, directly or in combination with other information. |
| Service | The Paper Boat app (iOS and Android) and website at https://paperboat.world. |
| Snap grid | A private shared space between two Paper Boat users where images and text messages can be exchanged. Snap grid content is not visible to any other users. |
| SSO | Single Sign-On. A method of registering or logging in using an existing account with a third-party provider — in Paper Boat's case, Google or Apple. |
| You | The person using Paper Boat. |
What We Collect
Account Data
You may register for Paper Boat in one of three ways: directly with your email address and a password, via Google Sign-In, or via Apple Sign In. In all cases, the following is collected:
- Your email address — or, if you choose Apple Sign In and select Hide My Email, an Apple-generated relay address that forwards to your real inbox. In this case Paper Boat never sees your real email address.
- Your age — collected at registration to confirm you are 18 or over. Paper Boat is an adult platform. Age is not displayed to other users.
- Your password — all users set a Paper Boat password regardless of registration method. Passwords are stored using bcrypt one-way hashing and cannot be read by us.
Where you register via Google Sign-In or Apple Sign In, we also receive and store a unique provider ID from Google or Apple. This is used to verify your identity when you sign in using those services. No other data is requested from those providers beyond what is listed above.
Search Visibility Preferences
Paper Boat does not collect or store your gender as a profile attribute. Instead, you control your own discoverability through search visibility preferences — choosing which groups of users can find you. These preferences are stored server-side against your account and are necessary to provide the search and discovery features of the service.
Because visibility preferences may, in combination, allow inferences about a user's characteristics — including characteristics protected under data protection law, such as sexual orientation — we process these preferences on the basis of your explicit consent under Article 9(2)(a) UK GDPR. Before you set your visibility preferences for the first time, we ask for your explicit consent with a clear explanation of what that processing involves. You may withdraw or change your preferences at any time within the app, and withdrawal does not affect the lawfulness of any processing that took place before withdrawal.
Snap Grid Content
When you use a snap grid with another user, the images and text messages you share are stored on our servers. This content is private between the two users sharing that space — it is not accessible to any other users of Paper Boat.
Profile images are the only images shared more broadly — these are visible to other users as part of your public profile.
Push Notification Tokens
If you grant permission for push notifications, we store your Firebase Cloud Messaging (FCM) token against your account. This token is used solely to send you service notifications — such as new snap grid activity. We do not use it for advertising or share it with third parties. You may withdraw this permission at any time through your device settings.
Your Connections and Snap Grid Lifecycle
Paper Boat gives you meaningful control over your connections and the content you share. The following explains how different connection states affect your data.
Forget
You may choose to forget a connection. When you do, the snap grid and all shared content is hidden from both users but preserved on our servers. The connection may be restored at any time by either user, at which point the snap grid content reappears exactly as it was. Forgotten content is retained until either user permanently deletes their account, at which point it is deleted immediately.
Remove
You may choose to remove a connection. This is permanent. The connection and all shared snap grid content — images and messages — is immediately and permanently deleted for both users. This action cannot be undone.
Report
When you report another user, the following occurs immediately and automatically:
- The connection between you and the reported user is broken.
- The reported user's account is automatically suspended pending review.
- The shared snap grid content is no longer accessible to either user.
- The reported content is submitted for automated scanning (see Content Moderation below).
If the suspension is lifted following admin review, the reported user will not reappear in your connections or search results. The separation is permanent from your perspective regardless of the outcome.
Account Deletion
When you delete your account, all of your connections are dissolved immediately. All shared snap grid content — including content in forgotten connections — is deleted immediately from our servers. Your account and profile data is permanently deleted within 60 days.
Content Moderation
Keeping our users safe is central to what Paper Boat is about. We operate a systematic, evidence-based moderation process.
How Moderation Works
When a report is submitted, the following occurs automatically and in sequence:
- The reported content (images and/or messages) is submitted to Google Cloud Vision AI and Google Cloud Natural Language API for automated scanning.
- Vision AI analyses reported images for nudity and violence, returning a likelihood score across content categories.
- Natural Language API analyses the reported user's toggle text for sentiment, returning a sentiment score and magnitude.
- Both scan scores are stored against the report record in our database.
- The reported user's account is automatically suspended pending human review.
An administrator then reviews the report together with the scan scores and makes one of three decisions: uphold the suspension, reinstate the account, or escalate for further investigation.
Both Google Cloud services process content transiently — images and messages are processed in memory and are not stored on Google's servers. Google temporarily logs request metadata (timestamp and request size) for service improvement purposes.
Automated Decision-Making Disclosure
The automatic suspension of a reported user's account constitutes automated decision-making under UK GDPR Article 22, as it has a significant effect on that user. We are transparent about this: every suspension triggers an immediate human admin review. The automated suspension is a precautionary safety measure — the substantive decision about the account is made by a human administrator with the benefit of the scan evidence.
Paper Boat's search and discovery features match users based on shared visibility preferences. We do not use automated scoring, ranking, or profiling of users for discovery purposes. No inference about individual users is made or stored beyond the explicit preferences each user sets.
If your account is suspended, you have the right to request human review of that decision by contacting [email protected]. We will respond within one month.
What We Store
When a report is made, the following is stored in our database:
- The report record — who made the report, who was reported, and which content was reported.
- The scan scores returned by Google Vision AI and Google Natural Language API.
- The moderation decision — upheld, reinstated, or escalated.
- A timestamp.
The reported content itself is referenced from the original snap grid record — it is not duplicated into the moderation record. Moderation records are retained for up to one year after the reported user's account deletion, then permanently deleted.
Lawful Basis for Content Moderation
We process data for content moderation primarily on the basis of legitimate interests — specifically, protecting our users from harmful content and maintaining the safety and integrity of the platform. We also process data for moderation purposes to meet our obligations under the Online Safety Act 2023.
Where we process data on the basis of legitimate interests for safety and moderation purposes, your right to object to that processing may be limited where continued processing is necessary to protect other users or to comply with our legal obligations.
How We Use Your Data
We use the information we collect to:
- Run and improve the Paper Boat service.
- Verify your identity when you sign in via Google Sign-In or Apple Sign In.
- Enable search and discovery features based on your visibility preferences.
- Keep the platform safe through content moderation.
- Send you service notifications via push notification, with your permission.
- Respond to support requests.
We do not sell your personal data. We do not share your data with advertisers. We do not use your data for any purpose beyond what is described in this policy.
Who We Share Your Data With
We share your data only with the service providers that are strictly necessary to run Paper Boat. We do not share your data with advertisers, data brokers, or any third party for commercial purposes. Our service providers act as data processors — they process data only on our instructions and are bound by data processing agreements.
Digital Ocean LLC (USA)
Our hosting provider. Your account data, snap grid content, and all primary database records are stored on a Digital Ocean server located in the United Kingdom. No international transfer applies to this data.
Google LLC (USA)
Google provides three services to Paper Boat: Google Sign-In (identity verification at login); Cloud Vision AI and Natural Language API (content moderation of reported content only); and Firebase Cloud Messaging (push notifications). All Google services are governed by the Google Cloud Data Processing Addendum (accepted 2026-05-04). Content moderation data is processed transiently in memory and is not stored by Google. The transfer of data to Google's US infrastructure — including FCM notification token processing — is governed by the UK Addendum to the EU Standard Contractual Clauses, incorporated under the Google Cloud Data Processing Addendum.
Apple Inc. (USA)
Apple provides Apple Sign In for identity verification at login. Apple receives only the authentication request. Paper Boat receives from Apple the provider ID and email address or relay address depending on user preference. Apple acts as an independent data controller for data processed during Apple Sign In — Paper Boat does not control, instruct, or have access to Apple's processing of that authentication event. For Apple's privacy practices, see https://www.apple.com/uk/legal/privacy.
We may also disclose personal data to law enforcement or legal authorities where we are required by law, or where we genuinely believe it is necessary to protect the safety of our users or others.
Payments
Paper Boat does not handle your payment details. All purchases made through the app are processed by Google Play (Google LLC) or the Apple App Store (Apple Inc.). We never see, store, or have access to your card or financial information at any point.
How Long We Keep Your Data
We retain your data only for as long as necessary. The following retention periods apply:
| Data category | Retention period | Basis |
|---|---|---|
| Active account data | Retained for as long as your account is open. | Contract |
| Snap grid content (active / forgotten connections) | Deleted immediately on account deletion by either user. | Contract / erasure obligation |
| Snap grid content (removed / reported connections) | Deleted immediately on removal or report. | Contract / erasure obligation |
| Account and profile data (including SSO provider IDs) | Permanently deleted within 60 days of account deletion. | UK GDPR Article 17 |
| Reported user data and moderation records | Retained for up to one year after account deletion where a report has been made. Deleted permanently after one year. | Legitimate interests / OSA 2023 |
| Push notification tokens | Deleted on account deletion or on withdrawal of notification permissions, whichever is earlier. | Contract |
| Payment data | Not held by Paper Boat. All payment processing is handled by Google Play and the Apple App Store. | N/A |
Where a report has been made against an account, we retain the relevant account data, moderation records, and report records for up to one year after account deletion. This allows us to investigate complaints, respond to legal requests, and protect other users. After one year, this data is permanently deleted.
If we discover that a user is under 18, we immediately delete their account and all associated data, including any snap grid content shared with other users.
How We Protect Your Data
All data in transit between your device and our servers is encrypted using SSL/TLS, terminated at DigitalOcean App Platform. Our PostgreSQL database is encrypted at rest by DigitalOcean using AES-256. Our servers are hosted by Digital Ocean in the United Kingdom. Access to personal data is restricted to authorised personnel only. Our content moderation pipeline uses Google Cloud services certified to ISO 27001, SOC 2, and GDPR standards.
No system is entirely secure. We cannot guarantee absolute security, but we take our responsibilities seriously and will act quickly if something goes wrong.
Data Breaches
In the event of a personal data breach that poses a risk to your rights and freedoms, we are required by law to notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of it. Where the breach is likely to result in a high risk to you personally, we will also notify you directly without undue delay.
Information Stored on Your Device
Under UK law (PECR, as updated by the Data (Use and Access) Act 2025), we are required to tell you about any information we store on or access from your device.
Paper Boat stores only what is strictly necessary to provide the service: your login session token, and your FCM push notification token if you have granted notification permissions. We do not use advertising trackers, behavioural analytics, or third-party tracking technologies on your device.
International Transfers
Paper Boat is based in the United Kingdom. Our primary server infrastructure is hosted by Digital Ocean in the United Kingdom — your account data and snap grid content does not leave the UK.
The only international transfers of personal data are to Google LLC and Apple Inc., both based in the USA:
- Google Cloud — reported content processed transiently by Vision AI and Natural Language API; push notification tokens transmitted to Firebase FCM. FCM is a global Google service; notification tokens may be processed in the US. All Google services governed by the Google Cloud Data Processing Addendum incorporating the UK Addendum to EU Standard Contractual Clauses.
- Google Sign-In — authentication request processed by Google at login. Governed by Google's standard terms and the Google Cloud Data Processing Addendum.
- Apple Sign In — authentication request processed by Apple at login. Governed by Apple's Developer Program terms.
We do not transfer your personal data to any other country or organisation.
Your Rights
You have the following rights over your personal data. To exercise any of them, contact us at [email protected]. We will respond within one month.
| Right | What it means |
|---|---|
| Access | You may ask for a copy of the personal data we hold about you. |
| Correction | You may ask us to correct inaccurate or incomplete data. |
| Deletion | You may ask us to delete your data, or do this directly by deleting your account in the app. |
| Restriction | You may ask us to limit how we use your data in certain circumstances. |
| Portability | You may ask us to provide your data in a machine-readable format. |
| Objection | You may object to certain types of processing. Where we process data on the basis of legitimate interests for safety and moderation purposes, your right to object may be limited where continued processing is necessary to protect other users or comply with our legal obligations. |
| Withdraw consent | Where we rely on your consent — for push notifications and visibility preferences — you may withdraw that consent at any time through the app or by contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal. |
| Human review of automated decisions | If your account is suspended automatically as a result of a report, you have the right to request human review of that decision by contacting [email protected]. |
If you believe we have mishandled your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
UK GDPR
Paper Boat operates under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.
We process your personal data on the following lawful bases. A full lawful basis table, mapping each processing activity to its legal basis and retention period, is provided in Annex A of this document.
Summary of Lawful Bases
- Contract: To provide the Paper Boat service, including account management, snap grid functionality, search and discovery features, and identity verification via SSO.
- Legitimate interests: To improve the service, prevent fraud, and protect users through content moderation — where our interests are not overridden by your rights. We have documented a legitimate interests assessment for each such processing activity, a copy of which is available on request.
- Legal obligation: To comply with applicable law, including the Online Safety Act 2023 and UK GDPR requirements around data subject rights and breach notification.
- Consent: For push notifications via Firebase Cloud Messaging, and for the processing of search visibility preferences, where you have explicitly granted permission. Consent may be withdrawn at any time.
Note: The Data (Use and Access) Act 2025 introduced a seventh lawful basis — Recognised Legitimate Interest (RLI) — for five specific public interest scenarios. This does not currently apply to Paper Boat's processing activities.
EU GDPR
Paper Boat is currently available in the United Kingdom only. EU GDPR does not apply at this time. This section will be updated before Paper Boat becomes available in the European Economic Area.
Cookies and Device Storage
Paper Boat does not use advertising cookies or third-party tracking technologies. The app stores only information that is strictly necessary to provide the service: your login session token and, if you have granted permission, your push notification token.
Adults Only
Paper Boat is an adult platform intended for users aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. Age is verified at registration and access is restricted accordingly.
If you believe someone under 18 has registered, please contact us at [email protected] and we will remove the account and delete all associated data promptly.
Changes to This Policy
We may update this policy from time to time. If we make significant changes, we will notify you through the app before they take effect. Continued use of Paper Boat after changes are posted constitutes acceptance of the updated policy. If you do not agree, you may delete your account.
Get In Touch
Questions about this policy or how we handle your data? We are easy to reach.
- Email: [email protected]
- Website: https://paperboat.world
- Post: Boat Paper LTD, Unit 2, Wayners, Ashton, Leominster, HR6 0DN
Annex A — Lawful Basis Table
This table maps each processing activity to its lawful basis and retention period under UK GDPR.
| Processing activity | Data processed | Lawful basis | Retention period | Notes |
|---|---|---|---|---|
| Account creation and management | Email address or relay address, age, password hash, SSO provider ID | Contract (Art. 6(1)(b)) | Active: indefinite. Post-deletion: SSO IDs nulled immediately; full purge within 60 days. | No name or username collected at registration. |
| Identity verification via SSO (Google / Apple) | SSO provider ID, email or relay address | Contract (Art. 6(1)(b)) | 60 days post account deletion | SSO provider IDs must be included in the 60-day purge. |
| Search and discovery — visibility preferences | Visibility toggle preferences | Art. 9(2)(a) explicit consent (and Art. 6(1)(a) consent) | Active: until changed or account deleted. Post-deletion: 60 days. | Art. 9 almost certainly applies — inference of sexual orientation possible. Standalone consent UI at preference-setting required before EU launch. Solicitor to confirm. |
| Snap grid — content storage (active / forgotten connections) | Images and text messages | Contract (Art. 6(1)(b)) | Deleted immediately on account deletion by either user. | |
| Snap grid — content storage (removed / reported connections) | Images and text messages | Contract / erasure obligation | Deleted immediately on removal or report. | |
| Push notifications | FCM token | Consent (Art. 6(1)(a)) | Until account deletion or permission withdrawal. | |
| Content moderation — automated scanning | Reported images and messages (transient) | Legitimate interests (Art. 6(1)(f)) / Legal obligation (OSA 2023) | Transient — not stored by Google. Scan scores stored in PostgreSQL for 1 year post account deletion. | Google Cloud processes content in memory only. |
| Content moderation — report records | Report record, scan scores, moderation decision, timestamp | Legitimate interests (Art. 6(1)(f)) / Legal obligation (OSA 2023) | 1 year post account deletion of reported user. | |
| Automated account suspension | Account status | Legitimate interests (Art. 6(1)(f)) | Until human admin review completes. | Constitutes ADM under Art. 22. Human review follows every suspension. |
| Account deletion — data purge | All account and profile data | Legal obligation (UK GDPR Art. 17) | Within 60 days of deletion trigger. | CONFIRMED: AccountPurgeService runs nightly at 03:00 UTC, 60 days after deletedAt. SSO provider IDs nulled immediately on deletion trigger. |
| Law enforcement disclosure | Variable — depends on request | Legal obligation (Art. 6(1)(c)) | As required by law. |