← Back to Home

Privacy Policy

Last updated: January 21, 2025

1. Introduction

PageSpace is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect information in our cloud-based workspace platform.

2. Cloud-Based Privacy Approach

PageSpace is designed with privacy and security as core principles:

  • Secure Cloud Storage: Your data is stored securely in our cloud infrastructure with access controls and monitoring
  • Authentication Security: Passwords are securely hashed using bcrypt, and sessions are managed with JWT tokens
  • Data Protection: Sensitive information like API keys is encrypted using AES-256-GCM encryption
  • Transparency: Clear information about how we handle your data and what security measures we implement

3. Information We Collect

3.1 Account and Content Data

Information we collect and store includes:

  • User account information (username, email, securely hashed password)
  • Pages, documents, and content you create (stored as plain text in our database)
  • File organization and workspace structure
  • Application settings and preferences
  • Chat messages and AI conversation history (stored as plain text in our database)
  • Usage analytics and subscription billing information (via Stripe)
  • Your personal API keys for AI services (encrypted using AES-256-GCM)

3.2 Technical Information

We collect technical information to maintain and improve the service:

  • IP addresses and device information
  • Browser type and version
  • Error logs for troubleshooting
  • Performance metrics for optimization
  • Feature usage statistics

4. Third-Party AI Services

When you use AI features, we work with external AI providers:

  • OpenRouter: Subject to OpenRouter's privacy policy
  • Google AI: Subject to Google's privacy policy
  • Anthropic (Claude): Subject to Anthropic's privacy policy
  • OpenAI: Subject to OpenAI's privacy policy

Important: When using AI services, we send your prompts and relevant context to AI providers to generate responses. We do not share your personal information or unrelated workspace data with AI providers.

5. Data Processing and Storage

5.1 Cloud Processing

Data processing occurs on our secure cloud infrastructure, including:

  • Content creation and editing
  • Search and indexing
  • File organization
  • Real-time collaboration
  • AI model inference through third-party providers

5.2 Database Storage

Your data is stored in our cloud database infrastructure with industry-standard security measures, including:

  • Access Controls: Database access is restricted and monitored
  • Password Security: User passwords are securely hashed using bcrypt
  • API Key Encryption: Personal AI service API keys are encrypted using AES-256-GCM
  • Connection Security: Database connections use secure protocols
  • Content Storage: Document content and chat messages are currently stored as plain text in our database

Note: For enhanced security needs, consider our self-hosted deployment option where you have full control over data encryption and storage.

6. Data Sharing

PageSpace does not sell or rent your personal data. We may share your data only in these situations:

  • With AI service providers when you use AI features
  • When you explicitly share or collaborate with other users
  • With service providers who help us operate the platform (under strict confidentiality agreements)
  • When required by law or to protect our legal rights
  • In connection with a business transfer (merger, acquisition, etc.)

7. Data Security

We implement comprehensive security measures including:

  • Data in Transit: Secure HTTPS connections for all web traffic
  • Password Security: bcrypt hashing with salt rounds for user passwords
  • Session Management: JWT tokens with proper expiration and validation
  • API Key Protection: AES-256-GCM encryption for user-provided AI service keys
  • Database Access: Restricted access controls and connection monitoring
  • Input Validation: Comprehensive sanitization and validation of user inputs
  • Rate Limiting: Protection against abuse and excessive API usage
  • CSRF Protection: Built-in protection against cross-site request forgery

While we implement strong security measures, no system is 100% secure. We encourage users to use strong passwords and follow good security practices.

8. Your Rights and Control

You have complete control over your data:

  • Access: All your data is accessible through the application interface
  • Modification: Edit or update any content at any time
  • Deletion: Delete individual items or your entire workspace
  • Export: Data export available by request - contact us for assistance
  • Portability: Your data is stored in standard formats

9. Children's Privacy

PageSpace is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

11. Data Retention

We retain your data for as long as:

  • Your account remains active
  • Needed to provide you with services
  • Required by law or for legitimate business purposes

When you delete your account, we will delete your personal data within a reasonable timeframe, except where we are required to retain it by law.

12. International Users and Data Processing

PageSpace is operated from the United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated.

By using our service, you consent to the transfer of your information to the United States and processing in accordance with this Privacy Policy.

13. Payment and Billing Information

When you purchase a subscription, payment processing is handled by Stripe, Inc. We do not store your credit card information on our servers. Stripe's privacy policy governs the collection and use of payment information.

We receive and store information about your subscription status, billing history, and usage metrics necessary for providing our services and managing your account.

14. Data Security Incidents

In the event of a data security incident that affects your personal information, we will notify affected users via email within 72 hours of discovering the incident, in accordance with applicable data protection laws.

15. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

  • Email: hello@pagespace.ai
  • Support: Available through the in-app help system
  • Community: PageSpace Discord

For data protection requests (access, deletion, portability), please use the subject line "Data Protection Request" in your email.