Enterprise-Grade Security
Papermark is committed to the security and privacy of our customers' data. We provide industry-leading security features to protect your sensitive documents and ensure compliance with global data protection regulations.
Last updated: October 29, 2025
Data Hosting Locations
Your documents are stored with enterprise-grade infrastructure, ensuring high availability and security at all times.
Out of the box, Papermark is hosted in Europe by default.
EU Region
GDPR-compliant hosting in eu-central-1 (Frankfurt) for European customers requiring data residency.
US Region
Hosted on AWS infrastructure in us-east-1 (N. Virginia) with automatic backups and disaster recovery.
Enterprise Data Residency Controls
Region Selection
Choose your preferred hosting region via Enterprise plan
38+ Global Locations
Access to 38+ data centers worldwide for optimal performance and compliance
Compliance Guarantee
Automatic compliance with GDPR, CCPA, and local regulations
Data Sovereignty
Full control over where your sensitive documents are stored
Encryption of All Data
Papermark provides industry-standard encryption to protect your sensitive documents at every stage.
Encryption at Rest (AES-256)
All documents stored on our servers are encrypted using AES-256 encryption, the same standard used by banks and government institutions.
Encryption in Transit (TLS/HTTPS)
All data transmitted between your browser and our servers is encrypted using TLS 1.2, protecting against interception and tampering.
Data Protection Controls
Secure Key Management
Automatic key rotation and secure storage of encryption keys
Data Exfiltration Prevention
Advanced controls to prevent unauthorized data extraction
Secure Infrastructure
Network isolation with strict access controls and monitoring
Zero-Knowledge Architecture
End-to-end encryption ensures only you can access your data
Open Source Transparency and Security
Papermark is available as SaaS and open source, meaning our code is publicly reviewable by the community and security researchers. Open development leads to transparent security practices, faster vulnerability discovery, and rapid patching.
Community-Reviewed Code
Independent audits and peer review reduce hidden risks and improve overall security posture.
Active Maintainers and Contributors
- Stars: 6000+
- Contributors: 60+
- Forks: 800+
Supply Chain Transparency
Clear dependencies, public change history, and reproducible builds enhance trust and compliance.
Granular Security Permissions
Control exactly who can access your documents and what they can do with them.
File & Folder Level Permissions
Granular access at file and folder level, with inherited permissions for consistency.
Allow & Block Lists
Restrict access by domain, email, or IP with organization-wide allow/deny lists.
Document Versions
Maintain version history and control which version is visible to viewers.
Dynamic Watermarks
Apply custom watermarks with viewer email or name to prevent unauthorized sharing.
Download Control
Allow viewing only or enable downloads based on your requirements.
NDA Gate
Require NDA acceptance prior to access with auditable records.
Enterprise Permission Features
Password Protection
Require a password to access documents for an extra security layer
White-labeling
Share documents on-brand with custom themes and logos
Email Verification
Restrict access to specific email addresses or domains only
Screenshot Protection
Block screenshots and screen recordings on supported browsers
Team Collaboration
Manage team access and permissions across all documents
Permission Inheritance
Folder-level permissions cascade to all documents within
Comprehensive Audit Trails
Track every interaction with your documents for complete visibility and compliance.
Real-Time Notifications
Get instant notifications when someone views your documents, including who accessed it and when.
Page-by-Page Analytics
See exactly which pages were viewed, for how long, and how many times each page was accessed.
Viewer Identification
Capture viewer details including email, location, device, and browser information.
Tracked Activities
Document Access Logs
Complete record of who accessed which documents and when
Download Tracking
Monitor all document downloads with timestamp and user details
Export Capabilities
Export audit logs for compliance and reporting purposes
Enterprise-Grade Infrastructure
Regular Backups
Automated daily backups with point-in-time recovery to protect against data loss.
DDoS Protection
Built-in protection against distributed denial-of-service attacks for high availability.
SSO Integration
Enterprise single sign-on support with SAML for seamless and secure authentication.
Self-Hosted Option
Open-source and available for self-hosting for maximum control over your data.
Advanced Infrastructure Capabilities
99.9% Uptime SLA
Enterprise SLA guarantees with redundant infrastructure
CDN Distribution
Global CDN ensures fast document delivery worldwide
API Access
Full API access for custom integrations and automation
Priority Support
Dedicated support team with guaranteed response times
Compliance & Data Protection
We are committed to meeting the highest standards of data protection and privacy regulations.
SOC 2 Type II Compliance
Papermark has achieved SOC 2 Type II certification, demonstrating our commitment to the highest standards of security, availability, and confidentiality.
Independent Audit
Our SOC 2 Type II report is issued by an independent third-party auditor, validating our security controls over an extended period.
Trust Service Criteria
We meet all five Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
SOC 2 Coverage Areas
Security Controls
Comprehensive security policies and procedures to protect customer data
Access Management
Strict access controls and authentication mechanisms
Change Management
Controlled processes for system changes and updates
Incident Response
Documented procedures for detecting and responding to security incidents
GDPR Data Protection Rights
If you are a resident of the EU/EEA, you have certain rights under the GDPR. We take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. Learn more at EUR-Lex.
Access & Deletion
Request access to, update, or deletion of the information we hold about you.
Rectification
Correct inaccurate or incomplete personal information.
Object & Restrict
Object to processing or request restriction of processing in certain cases.
Data Portability
Receive a copy of your data in a structured, machine-readable format.
Withdraw Consent
Withdraw consent at any time where processing relies on consent.
To exercise your rights or request removal of your data, email support@papermark.io.
CalOPPA
CalOPPA requires commercial websites to post a privacy policy and disclose how personal information is collected and shared. Learn more at ConsumerCal.
Users can visit our site anonymously.
Our Privacy Policy link includes the word "Privacy" and is easy to find.
Users will be notified of privacy policy changes on our Privacy Policy page.
Users can update personal information by emailing support@papermark.com.
CCPA Rights
California residents are entitled to learn what data we collect, request deletion, and opt out of sale (sharing). Learn more at the California Legislative Information website.
Know What We Collect
Request the categories, sources, business purpose, third parties, and specific pieces of personal information we hold.
Delete Your Data
Request deletion of personal information we hold about you, subject to applicable exceptions.
No Sale of Personal Info
We do not sell or rent your personal information to any third parties.
To exercise your CCPA rights, email support@papermark.io.
Related Policies
Review our Subprocessors and Terms of Service.