Privacy Policy

This Privacy Policy is effective June 28, 2026. It explains how Paprika collects, uses, stores, shares, and protects information submitted through the website, Start Here intake flow, file upload channels, scheduling tools, and service communications.

Paprika may collect your name, email, LinkedIn URL, website, CV or resume metadata, field or industry, current location, current visa status if provided, target visa or goal, timeline, existing press, existing judging, existing scholarly articles, attorney status, budget range, service needs, uploaded file metadata, scheduling details, and question or additional context.

• Professional and profile information, such as background, achievements, field, public links, and work history.
• Service-fit information, such as target goals, timeline, budget range, attorney status, and requested services.
• Technical information, such as IP address, device data, browser data, page events, bot-protection signals, and server logs.

CV or resume files are not stored directly in PostgreSQL. Files should be handled through Paprika-controlled private storage or a selected upload provider such as Uploadcare, S3, or Cloudflare R2, with PostgreSQL storing only metadata such as file key, URL, type, size, and related lead. Upload access should be limited to Paprika personnel and vendors who need the information to process the request.

Paprika uses information to review intake submissions, determine service fit, respond to inquiries, prepare proposals, provide services, schedule calls, create evidence-support materials, maintain internal records, prevent spam and abuse, improve website performance, satisfy legal obligations, and protect Paprika, clients, and third parties.

Paprika may sync intake data to a CRM such as self-hosted EspoCRM, HubSpot, or Airtable and use an email provider such as Resend or Postmark for confirmations, internal notices, proposals, and follow-up messages. Paprika does not sell intake submissions or CV files.

Paprika may use a CMS such as self-hosted Directus or Sanity to manage public blog, resource, and FAQ content. CMS content systems should not store Start Here intake submissions, CV or resume files, or internal AI analysis records unless a later architecture decision explicitly approves that use with appropriate access controls.

Paprika may use analytics tools such as self-hosted Umami, GA4, or PostHog and monitoring or error-reporting tools such as GlitchTip or Sentry. Sensitive CV text and open-text form answers should not be sent to analytics events or monitoring logs. If session replay is enabled, form fields must be masked. Paprika may use privacy-conscious bot protection such as self-hosted ALTCHA or Cloudflare Turnstile to verify form integrity and reduce spam, abuse, and automated submissions.

Calendly or similar scheduling tools may be shown after intake, including on the Thank You page. Scheduling tools may collect meeting times, names, email addresses, calendar metadata, and call notes under their own terms and privacy policies. Calls happen after Paprika has reviewed the submitted profile context.

Paprika may use OpenAI or similar providers for internal summaries, classification, draft recommendations, and compliance review after server-side processing. AI outputs require human review and are not presented as legal advice. Paprika should avoid sending unnecessary sensitive identifiers, government identity documents, financial account details, medical information, or children's information to AI tools.

Paprika may share information with service providers that host the website, process forms, store files, run analytics, provide CRM, send email, support scheduling, assist with security, provide AI processing, or help deliver agreed services. Paprika may also share information with independent attorneys, press outlets, article venues, judging organizers, or other third parties when you authorize that sharing or when it is necessary for the requested service.

Paprika keeps information for as long as needed for intake review, service delivery, client records, dispute prevention, security, legal compliance, and legitimate business operations. Paprika uses administrative, technical, and organizational safeguards designed to protect information, but no website, upload channel, email system, AI provider, or storage service can be guaranteed completely secure.

Depending on where you live, you may have rights to request access, correction, deletion, portability, restriction, objection, or information about certain processing activities. You may also request that Paprika stop non-essential follow-up communications. Paprika will respond to verifiable requests as required by applicable law and may need to keep limited records for legal, security, or service reasons.

Paprika's services are intended for adults and professional users. Do not submit information about children. Do not submit highly sensitive information unless Paprika specifically requests it through an approved channel for a defined service purpose.

Paprika may update this Privacy Policy as the website, vendors, services, and legal requirements change. Material changes will be reflected on this page. Privacy questions or rights requests should be sent through the contact channels listed on the Paprika website.