Free originality & AI detection reports with each order
Log in Place an order
HomePrivacy Policy

Privacy Policy

Last Updated: March 13, 2026

We recognise that your privacy is our responsibility. For this reason, we have adopted this Privacy Policy, which applies to all users of ChalkyPapers.

By accessing or continuing to use our Website or Services, you acknowledge that you have read and understood this Privacy Policy and agree to the processing of your personal data as described herein.

Please read this Privacy Policy carefully to understand what personal data we collect, how it is used, and the rights available to you under applicable European Union data protection law. If you do not agree with any part of this Privacy Policy, you must immediately discontinue use of the Website and Services.

Data Controller

For the purposes of Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”), ChalkyPapers acts as the data controller in relation to personal data processed through the Website and Services.

The data controller determines the purposes and means of processing personal data and is responsible for ensuring compliance with applicable EU data protection legislation.

Information We Collect

For the purposes of providing our Services and operating the Website, we collect and process personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”) and other applicable EU data protection legislation.

Personal data means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, online identifier, or other factors specific to that individual.

We collect personal data in the following ways:

  • Voluntarily provided information – Personal data you provide directly when registering an account, placing an order, communicating with us, or otherwise using the Services.
  • Automatically collected information – Data collected automatically when you access or use the Website, including technical and usage information.

Voluntarily Provided Information

The scope and nature of voluntarily provided personal data depend on how you interact with the Website and Services. This information may include:

  • Identification and contact details
    When you register an account or place an order, you may provide your name, email address, telephone number, and other contact details. This information is used to administer your account, process orders, communicate regarding Services or request clarifications, and provide customer support.
  • Account credentials
    Login credentials are stored in encrypted form for authentication and account security purposes. ChalkyPapers personnel do not have access to passwords, and credential processing is automated.
  • Transaction and billing information
    Payments are processed through secure third-party payment service providers. ChalkyPapers does not store full payment card details or bank account numbers. Transaction records, payment confirmations, and limited billing identifiers may be processed for accounting, fraud prevention, and compliance purposes.

ChalkyPapers does not intentionally collect special categories of personal data within the meaning of Article 9 GDPR, including data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data.

Automatically Collected Information

When you access or use the Website, certain information is collected automatically. This data does not, by itself, directly identify you but may constitute personal data under GDPR where it can be linked to an identifiable individual.

Automatically collected information may include:

  • Device type and technical characteristics
  • IP address
  • Browser type and operating system
  • Approximate geographic location (country or region)
  • Language settings
  • Referring and exit URLs
  • Date, time, and duration of visits
  • Pages viewed and interaction data

This information is collected to ensure the security and functionality of the Website, to diagnose technical issues, to prevent fraud or misuse, and to analyse usage trends for service improvement. Processing of automatically collected information is carried out in accordance with GDPR and applicable EU Member State data protection laws.

We process personal data only where a lawful basis exists, in accordance with Article 6 GDPR. Depending on the nature of the interaction and the purpose of processing, one or more of the following legal bases may apply:

  • Consent under Article 6(1)(a) GDPR
    Where you have given freely given, specific, informed, and unambiguous consent to the processing of your personal data for one or more specified purposes. You may withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
  • Performance of a contract under Article 6(1)(b) GDPR
    Where processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into such a contract, including the provision and administration of the Services.
  • Compliance with a legal obligation under Article 6(1)(c) GDPR
    Where processing is necessary to comply with a legal obligation to which ChalkyPapers is subject under applicable EU law or the law of a Member State.
  • Legitimate interests under Article 6(1)(f) GDPR
    Where processing is necessary for the purposes of legitimate interests pursued by ChalkyPapers or a third party, provided that such interests are not overridden by your fundamental rights and freedoms. Legitimate interests may include ensuring network and information security, preventing fraud, improving services, and maintaining the integrity of the Website.

Each processing activity is assessed to ensure that the chosen legal basis is appropriate and that the requirements of the GDPR are met.

Protection of Personal Data under GDPR

ChalkyPapers implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR.

These measures are designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access, and include, where appropriate:

  • Access controls limiting data access to authorised personnel only
  • Secure authentication mechanisms
  • Encryption and secure transmission of data where appropriate
  • Regular monitoring and maintenance of systems
  • Internal policies governing data handling and confidentiality

While we take reasonable steps to safeguard personal data, no method of transmission over the internet or method of electronic storage is completely secure. Accordingly, we cannot guarantee absolute security, but we continuously review and improve our safeguards to meet the standards.

Data Retention and Storage Limitation

ChalkyPapers retains personal data only for as long as is necessary to fulfil the purposes for which it was collected and processed, in accordance with the principle of storage limitation set out in Article 5(1)(e) GDPR.

Retention periods are determined by reference to:

  • The nature and purpose of the processing
  • Legal, regulatory, or contractual obligations
  • The need to establish, exercise, or defend legal claims

Where personal data is no longer required for the purposes for which it was collected, and no legal basis for continued retention exists, the data is securely deleted or anonymised.

If immediate deletion or anonymisation is not technically feasible (e.g., where data is contained in backup systems) the data will be isolated, protected from further processing, and securely retained only until deletion can be completed.

Your Rights as a Data Subject under GDPR

Under the GDPR (Articles 12–22), you have specific rights regarding your personal data that ChalkyPapers processes:

  • Right to Access (Article 15 GDPR) – You may request confirmation of whether we process your personal data and obtain a copy of that data, along with information about its processing purposes, categories, recipients, retention, and source.
  • Right to Rectification (Article 16 GDPR) – You may request correction of inaccurate or incomplete personal data we hold about you.
  • Right to Erasure (“Right to Be Forgotten”) (Article 17 GDPR) – You may request deletion of your personal data where lawful grounds exist, such as when the data is no longer necessary for the purposes collected or where processing was based on consent that you have withdrawn. Please note that some data may be retained if required by law, for compliance, accounting, or legal defence purposes. Requests for erasure should be submitted to [email protected].
  • Right to Restriction of Processing (Article 18 GDPR) – You may request temporary suspension of processing in certain circumstances, such as during verification of accuracy or while disputing the lawfulness of processing.
  • Right to Data Portability (Article 20 GDPR) – You may request a copy of personal data you provided to us in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller where technically feasible.
  • Right to Object (Article 21 GDPR) – You may object to processing of your personal data on grounds relating to your particular situation, including profiling or direct marketing.
  • Rights in Relation to Automated Decision-Making and Profiling (Article 22 GDPR) – You may not be subject to decisions based solely on automated processing that have legal or similarly significant effects, unless certain safeguards are in place.

ChalkyPapers will respond to requests to exercise these rights without undue delay and in accordance with GDPR timeframes.

Data Breach Notification

In compliance with Articles 33 and 34 GDPR, ChalkyPapers has procedures in place to detect, report, and investigate personal data breaches.

  • Notification to Supervisory Authority – In the event of a breach likely to result in a risk to your rights and freedoms, the relevant EU supervisory authority will be notified within 72 hours of detection.
  • Notification to Data Subjects – Where a breach is likely to result in a high risk to your rights and freedoms, you will be informed without undue delay and informed about the nature of the breach, potential consequences, and the measures taken or proposed to address it.
  • Internal Response Measures – Breaches are investigated promptly, and appropriate steps are taken to contain and remediate the incident, including technical measures and updates to security policies.

Third-Party Providers and Affiliates

ChalkyPapers may share your personal data with carefully selected third-party providers and affiliates to enable the provision of our Services. This includes but is not limited to:

  • Payment processors and financial institutions for order and transaction handling
  • IT service providers, hosting companies, and cloud storage providers
  • Marketing and analytics partners for insights and service optimization
  • Auditors or legal advisors as required for compliance purposes

All third-party providers are contractually required to process personal data in compliance with GDPR, maintain appropriate technical and organisational safeguards, and use personal data only for the purposes specified by ChalkyPapers. We do not authorise third parties to use your personal data for unrelated purposes.

International Data Transfers

ChalkyPapers primarily processes personal data within the EU/EEA. Where personal data is transferred outside the EU/EEA, we ensure that:

  • Transfers are made to countries recognised by the European Commission as providing adequate protection, or
  • Standard contractual clauses approved by the European Commission are in place to safeguard your data, or
  • Other lawful safeguards under GDPR are implemented, such as binding corporate rules or explicit consent where required

We take all reasonable measures to ensure that your personal data remains protected in accordance with GDPR, regardless of where it is processed.

Privacy of Minors under GDPR

ChalkyPapers does not knowingly collect personal data from individuals under the age of 18 without parental or guardian consent, in accordance with Article 8 of the General Data Protection Regulation (GDPR).

By using our Services, you represent that you are at least 18 years old, or that you are the parent or guardian providing consent for your minor dependent to use our Services.

If we become aware that personal data from a user under 18 has been collected without appropriate consent, we will:

  • Deactivate the account associated with the minor
  • Take reasonable steps to delete the personal data in a timely manner

If you become aware that personal data from a minor has been submitted to ChalkyPapers without consent, please contact us immediately at [email protected].

Limitations to This Policy

This Privacy Policy applies only to personal data collected through ChalkyPapers’ online platform. It does not cover:

  • Data collected through offline interactions or external channels not operated by ChalkyPapers
  • Data processed by third-party services not contracted or controlled by ChalkyPapers

All data collected and processed through our Website is handled in accordance with GDPR and relevant EU member state data protection laws.

Updates to This Privacy Policy

ChalkyPapers may update this Privacy Policy from time to time to reflect changes in legislation, technology, or business practices.

  • The date at the top of this Policy indicates when it was last updated
  • Updated versions will be published on this page and take effect immediately upon publication

We encourage you to review this Privacy Policy periodically to stay informed about how your data is protected

Contact Information

If you have questions about this Privacy Policy, wish to exercise your data subject rights under GDPR, or have concerns about your personal data, please contact us at:

Email: [email protected]