Legal
Privacy Policy
Last updated: May 13, 2026
This Privacy Policy explains how Pagr ("we", "us", or "our") collects, uses, and protects information when you use our Service at pagr.link. We are committed to handling your data responsibly and in accordance with applicable data protection law, including the General Data Protection Regulation (GDPR) where applicable.
1. Data We Collect
1.1 Account information
When you sign up or log in, authentication is handled by Clerk. We receive and store your email address, name (if provided), and a unique user identifier from Clerk. We do not store your password — that is handled exclusively by Clerk.
1.2 Uploaded files
HTML files you upload are stored in Cloudflare R2 object storage and served publicly via uc.pagr.link/[slug]. File metadata (title, size, creation date, plan tier, optional password hash, custom slug) is stored in Cloudflare Workers KV. Do not upload files containing personal data unless you have a lawful basis for doing so and have considered the implications of that data being publicly accessible.
1.3 Analytics events
When a visitor views a page you have published, an analytics event is recorded in a Cloudflare D1 database. Each event stores: the page slug, timestamp, approximate country (derived from Cloudflare's edge infrastructure), and the HTTP referrer. We do not store IP addresses or persistent visitor identifiers. Bot traffic (identified by User-Agent) is filtered out and not recorded.
1.4 Payment information
Payments for Pro and Team plans are processed by Stripe. We never see or store your full card details. Stripe provides us with a customer ID, subscription status, and plan tier. Stripe's own privacy policy applies to your payment data: stripe.com/privacy.
1.5 Usage data and logs
Cloudflare processes HTTP request logs at the edge as part of standard infrastructure operation. These may include IP addresses and User-Agent strings and are subject to Cloudflare's privacy policy. We do not access these raw logs for any purpose beyond investigating security incidents.
1.6 Marketing site analytics
The getpagr.co marketing site uses Cloudflare Web Analytics, a privacy-first analytics solution that does not use cookies and does not track users across sites. No consent banner is required.
2. How We Use Your Data
We use the data we collect to:
- Provide and operate the Service, including serving your uploaded files and enforcing plan quotas.
- Authenticate your identity via Clerk and manage your session.
- Process payments and manage your subscription via Stripe.
- Display page-level analytics (views, referrers, countries) to you as the file owner.
- Send transactional emails (e.g., payment receipts, account notices) via Resend.
- Investigate abuse, security incidents, and DMCA takedown requests.
- Improve the Service based on aggregate, anonymised usage patterns.
We do not sell your personal data to third parties. We do not use your data for advertising.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:
- Contract — processing necessary to provide the Service you have signed up for.
- Legitimate interests — security monitoring, abuse prevention, and aggregate analytics.
- Legal obligation — compliance with applicable law, including DMCA and similar copyright frameworks.
4. Data Sharing and Sub-processors
We share your data only with the following service providers, each acting as a data processor on our behalf:
| Provider | Purpose | Data location |
|---|---|---|
| Clerk | Authentication | US (SOC 2 certified) |
| Cloudflare | File storage (R2), KV, D1, edge network | EU/EEA edge, R2 in EEUR |
| Stripe | Payment processing | US/EU (PCI DSS compliant) |
| Resend | Transactional email | US |
We may disclose your information if required by law, regulation, court order, or governmental authority.
5. Cookies and Local Storage
The Pagr application (app.getpagr.co) uses browser localStorage to persist your UI preferences (e.g., plan progress state). Clerk may set session cookies necessary for authentication. We do not use third-party tracking cookies. The marketing site (getpagr.co) uses no cookies at all.
Password-protected pages set a short-lived HttpOnly cookie to track unlocked access; this cookie contains no personal data and expires when the browser session ends.
6. Data Retention
We retain your account data and uploaded files for as long as your account is active. Analytics events are retained for a rolling 90 days. If you delete your account, we will delete your files, metadata, and analytics data within 30 days. Stripe may retain payment records as required by financial regulations.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — request deletion of your data (you can also delete your account directly in the app).
- Portability — receive your data in a machine-readable format.
- Objection — object to certain types of processing.
- Restriction — ask us to restrict processing in certain circumstances.
To exercise any of these rights, email us at privacy@getpagr.co. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
8. Security
We implement reasonable technical and organisational measures to protect your data, including HTTPS for all connections, HttpOnly cookies, JWT-based authentication verified with Clerk-issued tokens, and API keys stored as SHA-256 hashes. No system is completely secure; if you believe your account has been compromised, contact us immediately at security@getpagr.co.
9. Children's Privacy
The Service is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a notice in the application. The "last updated" date at the top of this page reflects the most recent revision.
11. Contact
For privacy-related enquiries, please contact us at privacy@getpagr.co.