# Privacy Policy — Paperclip Relay for Android

**Last updated: 26 June 2026**

This Privacy Policy explains how **WILDSOFT LTD** ("WILDSOFT", "we", "us") handles
information in connection with the **Paperclip Relay** mobile application for Android
(the "App"). It is written in plain language so you can understand exactly what the
App does and does not do with data.

- **Publisher:** WILDSOFT LTD
- **Website:** https://wildsoft.io
- **Privacy contact:** legal@wildsoft.io

---

## At a glance

- Paperclip Relay is a **client app for a Paperclip AI server that you (or your
  organisation) run yourselves.** WILDSOFT does **not** operate a server behind the
  App and does **not** receive the agents, tasks, approvals, costs, or other content
  you view in it.
- The App talks to **one destination only: the Paperclip server address you enter.**
  It does not send your data to WILDSOFT or to any third party.
- The App contains **no analytics, no advertising, no crash-reporting, and no
  third-party tracking SDKs.** It uses only Android's own platform APIs and Google
  Play's billing and review services.
- The only things stored on your device are your **access token** (in encrypted
  storage backed by the Android Keystore) and a few **settings** (server address,
  selected company, app-lock preference). Content fetched from your server is held in
  memory and discarded when you close the App.
- The optional **fingerprint or face unlock** is used only to lock the App on your
  device. Your biometric data never leaves your phone and is never seen by the App or
  WILDSOFT.
- **Purchases and subscriptions** are processed by **Google**, not by WILDSOFT.
- We do **not** sell or share your personal information.

---

## 1. Who this policy covers and what it applies to

This policy applies to the Paperclip Relay Android App distributed through the Google
Play Store. It does **not** cover:

- The **Paperclip AI server** you connect to. That server is operated by you or your
  organisation. The data inside it (agents, issues, budgets, comments, activity, and
  so on) is controlled by whoever runs that server, under their own policies. For
  data held on that server, **you or your organisation are the data controller**, and
  WILDSOFT is neither the controller nor a processor of it; we never receive it.
- The Paperclip platform itself, the Paperclip Relay marketing website, or any
  third-party websites the App may link to.

## 2. How the App is built (and why that matters for your privacy)

Paperclip Relay has **no backend of its own.** Every screen reads and writes directly
through the documented `/api` interface of the Paperclip server address you provide.
There is no WILDSOFT server, no separate data store, and no "shadow" copy of your
data. As a result, the operational data you work with in the App flows only between
your device and your own server.

## 3. Information stored on your device

The App stores the following locally on your Android device:

| What | Where it is stored | Why | When it is removed |
| --- | --- | --- | --- |
| **Access token** for your Paperclip server (an opaque bearer token, e.g. `pcp_board_…`) | **EncryptedSharedPreferences**, encrypted with a key held in the **Android Keystore**, readable only on this device | So you stay signed in to your server between launches | When you sign out, or when you uninstall the App |
| **Server address** you last connected to | App settings (SharedPreferences) | To pre-fill the connection screen | When you change it, or uninstall the App |
| **Selected company** identifier | App settings (SharedPreferences) | To remember which of your companies you were viewing | When you change it, or uninstall the App |
| **App-lock preference** (on/off) | App settings (SharedPreferences) | To remember whether you asked the App to lock | When you change it, or uninstall the App |
| **In-app rating reminders** (a small count and timestamps) | App settings (SharedPreferences) | So the standard Google Play "rate this app" prompt is not shown too often | When you uninstall the App |

Content fetched from your server (dashboards, agents, issues, approvals, costs,
routines, activity, company logos) is held **in memory only** while you use the App
and is **not written to disk or cached**. It is discarded when the App closes.

The App does **not** use a local database (no Room store) to retain your server's
content.

## 4. Information WILDSOFT collects

For the core functionality of the App, **WILDSOFT collects no personal information
about you.** We do not have servers that receive your activity, and the App contains
no analytics or telemetry.

The limited exceptions, which are handled by **Google** rather than by us, are:

- **Google Play distribution and purchases.** When you download the App or buy a
  subscription, Google processes that transaction. Google may share with us, through
  the **Google Play Console**, aggregated and limited reports (such as download
  counts, subscriber numbers, order identifiers, product names, and territory/financial
  summaries). We do **not** receive your name, address, or payment-card details. See
  Section 8.
- **Crash and performance diagnostics from Google.** If you have enabled "Usage &
  diagnostics" in your Android settings, Google may provide us with **aggregated,
  anonymised** crash and stability reports through the Google Play Console (Android
  vitals). This is controlled entirely by your device settings and by Google, not by
  the App.

We do not combine, enrich, or sell any of this information.

## 5. Information we do NOT collect or use

To be explicit, the App does **not**:

- send your agents, tasks, approvals, comments, budgets, or any server content to
  WILDSOFT or any third party;
- include any third-party analytics, advertising, attribution, or crash-reporting
  SDK (for example: Firebase, Google Analytics, Crashlytics, Sentry, Amplitude,
  Segment, Meta, or any ad network);
- collect or use the Android Advertising ID (AAID), and it does no cross-app
  tracking;
- request access to your **camera, microphone, photos, contacts, location, calendar,
  health data, or physical-activity sensors**;
- request access to your **phone number, call log, or SMS messages** (see Section 10);
- register for or send **push notifications**;
- log your credentials or server content to any diagnostic or analytics system.

## 6. How information is used

The information described in Section 3 is used only to make the App work:

- to keep you signed in to **your** Paperclip server (the access token);
- to reconnect to the right server and company when you reopen the App (server
  address and selected company);
- to lock the App with your fingerprint, face, or device screen lock if you turn that
  on (the preference flag);
- to space out Google Play's optional "rate this app" prompt (the local timestamps).

We do not use any of this for profiling, advertising, or marketing.

## 7. You and your Paperclip server (the data inside the App)

The substantive data you see in Paperclip Relay lives on **your** Paperclip server:
agent rosters and status, issues and comments, approvals, spend and budgets, activity
logs, routines, and company details. The App is a window onto that server, using the
permissions already assigned to your board-user account.

Because that data never reaches WILDSOFT:

- requests to **view, create, comment on, approve, or update** records are sent
  straight from your device to your server;
- responsibility for the lawful collection, storage, retention, and deletion of that
  data rests with **you or your organisation** as the operator of the server;
- to access, export, correct, or delete that data, or to close your board-user
  account, you should use your Paperclip server (or contact whoever administers it),
  not WILDSOFT.

## 8. Google Play, in-app purchases and subscriptions

Paperclip Relay offers paid features through an **auto-renewing subscription**
(monthly and yearly options) purchased via Google Play's billing system.

- **Google is the merchant of record.** Your purchase, billing, and payment details
  are handled by Google under [Google's Privacy Policy](https://policies.google.com/privacy)
  and the Google Play terms. WILDSOFT does not see or store your payment information.
- On your device, the App uses the **Google Play Billing** library to check whether
  you currently hold an active subscription. This check returns only a subscription
  status; it does not transmit personal data to WILDSOFT, and the App does not
  validate your subscription against any WILDSOFT server.
- WILDSOFT receives the limited, largely aggregated transaction and subscriber
  reports that Google makes available to developers (see Section 4).
- To manage or cancel a subscription, open the **Google Play Store app → your profile
  → Payments & subscriptions → Subscriptions**. Cancellation is handled by Google.

## 9. Fingerprint and face unlock

If you enable the optional app lock, Paperclip Relay uses Android's **BiometricPrompt**
API to require your fingerprint, face, or device screen lock (PIN, pattern, or
password) before the App can be opened.

- Your **biometric data never leaves your device.** It is processed by Android's
  secure hardware (the Trusted Execution Environment, or a StrongBox secure element
  where available); the App only receives a yes/no result of whether authentication
  succeeded.
- WILDSOFT never receives any biometric information.

## 10. Device permissions

The App declares only a small set of Android permissions, none of which expose
sensitive personal data:

- **Internet:** to reach the Paperclip server address you enter.
- **Use biometric:** to show the system fingerprint or face prompt for the optional
  app lock.
- **Billing:** to offer the Google Play subscription.

It requests no runtime permissions for your camera, microphone, location, contacts,
or storage. The App's manifest also marks telephony hardware as *required* so that
Google Play offers the App to phones only (matching the iPhone-only iOS version). This
is a distribution setting that affects which devices can install the App; it grants
the App no access to telephony data. The App does not request the phone, call-log, or
SMS permissions and cannot read your phone number, call history, or messages.

## 11. Data sharing and third parties

We do not sell, rent, or share your personal information. The App has no advertising
or data-broker relationships.

The only parties involved in the App's operation are:

- **Your Paperclip server:** the destination you choose, controlled by you or your
  organisation.
- **Google:** for Google Play distribution, in-app purchases and subscriptions, and
  (if you opt in via your Android settings) aggregated diagnostics. Google acts under
  its own privacy policy.

We may disclose information **only if required by law**, for example to comply with a
valid legal request, but note that we hold almost no information about you to disclose
(see Sections 3–5).

## 12. International data transfers

WILDSOFT does not receive your operational data, so there is no transfer of that data
to us across borders. Connections from the App go directly to the server address you
configure, which may be located wherever you or your organisation host it.

Google Play and subscription information is processed by Google, which operates
globally; those transfers are governed by Google's policies.

## 13. Data retention

- **On your device:** the access token and settings remain until you sign out, change
  them, or uninstall the App. Fetched server content is kept only in memory and is
  discarded when the App closes.
- **With WILDSOFT:** we retain no operational data about your use of the App. Google
  Play and subscription reports provided by Google are retained by us only as long as
  needed for accounting, tax, and business records, in line with applicable law.
- **On your Paperclip server:** retention is determined by you or your organisation.

## 14. Security

- The access token is stored in **EncryptedSharedPreferences**, encrypted with a key
  held in the **Android Keystore** and restricted to your device.
- Connections to remote servers are protected by **TLS (HTTPS)**, enforced by the
  App's network security configuration. Plain, unencrypted connections are permitted
  **only** to local development addresses (such as `localhost`, `127.0.0.1`, or
  private `192.168.x.x` / `.local` hosts) that you choose to point the App at on your
  own network.
- The optional fingerprint / face lock adds a further barrier to opening the App.
- No method of storage or transmission is completely secure; we cannot guarantee
  absolute security, but the App is designed to keep credentials on your device and
  out of any third party's hands.

## 15. Your privacy rights

Depending on where you live, you may have rights over personal data, including the
rights to **access, correct, delete, restrict, port, or object** to processing, and
(in the EU/UK) to lodge a complaint with a supervisory authority, or (in California
under the CCPA/CPRA) to know, delete, correct, and opt out of "sale"/"sharing".

Because WILDSOFT holds essentially no personal data about you through the App:

- For the **content on your Paperclip server**, exercise your rights through your
  server or its administrator, who is the controller of that data.
- For **Google Play / subscription** data, contact **Google**, which controls it.
- For anything WILDSOFT does hold (for example, if you email us), or to ask questions
  about this policy, contact us at **legal@wildsoft.io**. We will respond within the
  time required by applicable law.

We do not discriminate against you for exercising any privacy right.

## 16. Children's privacy

Paperclip Relay is a professional tool for operators of Paperclip AI companies and is
**not directed to children**. It is intended for a general, professional audience. We
do not knowingly collect personal information from children. If you believe a child
has provided information through the App, contact us at legal@wildsoft.io.

## 17. Changes to this policy

We may update this policy as the App changes. When we make a material change, we will
update the "Last updated" date above and, where appropriate, provide notice in the
App or on https://wildsoft.io. Your continued use of the App after an update means you
accept the revised policy.

## 18. Contact us

If you have questions about this Privacy Policy or about privacy in Paperclip Relay:

- **WILDSOFT LTD**
- Email: **legal@wildsoft.io**
- Website: **https://wildsoft.io**