“Open-source orchestration for zero-human companies”
Paperclip is a self-hosted open-source platform for orchestrating teams of AI agents. The tool organizes agents as “employees” with an org chart, roles, budgets, governance, tasks/tickets, heartbeats, and audit trails.
Paperclip is explicitly a Control Plane, not an Execution Plane: the agents run externally via adapters such as Claude Code, Codex, Gemini, Cursor, OpenClaw, shell processes, or HTTP webhooks.
Paperclip AI
The human control plane for AI labor
Location: USA ⓘ the official Terms name Paperclip Labs, Inc. and subject the Services to the law of the U.S. state of Delaware; additionally, the Privacy Policy mentions international transfers including the USA. A precise operational headquarters is not publicly stated.
Target audience
Paperclip is aimed primarily at technically savvy founders, indie hackers, AI builders, and small product teams that want to coordinate not just a single assistant, but multiple specialized agents. The official product description clearly positions Paperclip as a system for companies made up of AI agents, not as a traditional chat tool. According to the manufacturer’s own analysis of the public GitHub footprint, founder-led product building, small teams, and experimental builders are the most visible user groups; at the same time, game/simulation projects, content businesses, and specialized SaaS/product teams also appear.
Outstanding features
What stands out is the focus on organization rather than prompts: Paperclip maps company structures with CEO, reporting lines, roles, board governance, budgets, goal alignment, and heartbeats. Technically, it is an adapter-agnostic control plane that brings together various agent runtimes such as Claude Code, Codex, Gemini, Cursor, OpenClaw, Shell, or HTTP. It also includes audit and traceability functions, persistent task/status models, multi-company isolation, and budget limits so that autonomous agents do not continue running unchecked.
1Key application areas
Paperclip is suitable for agent teams focused on product development, content, marketing, research, QA, outreach, or operational routine work. Officially, the project describes scenarios in which many agents are aligned toward a shared business goal and work is coordinated through tasks, projects, goals, and regular heartbeats. According to the manufacturer’s blog, the tool is already being used publicly for real product projects, media/creator businesses, games/simulations, and various vertical business setups.
Usage & notes
Usage starts locally via CLI, typically with npx paperclipai onboard --yes; Paperclip can start without an external database using embedded PostgreSQL. For production, the official documentation refers to self-hosting with your own PostgreSQL instance; this means a lot of control, but also technical responsibility. Important for evaluation and data protection: according to the repo, telemetry is enabled by default, but can be disabled; at the same time, the Terms mention data processing, possible international transfers including the USA, and optional Detailed Telemetry. For companies with GDPR requirements, a properly configured self-hosted installation on their own EU infrastructure is therefore significantly more favorable than using hosted services that are neither clearly priced nor documented.
| Target audience | Assessment |
|---|---|
| Private individuals | Rather unsuitable – Paperclip is technical and agent-oriented, not a normal end-user AI tool. |
| Developers / AI builders | Very suitable – for people who want to orchestrate multiple AI agents, Claude Code sessions, Codex, Cursor, scripts, or webhooks. |
| Startups / technical teams | Suitable – especially if AI agents are to be managed with roles, budgets, tickets, governance, and audit logs. |
| SMEs / companies | Conditionally suitable – technically exciting, but a young open-source project; for productive use, security review, hosting, logging, model providers, and governance are crucial. |
| Compliance-critical organizations | Suitable only after review – self-hosting is a positive, but official DPA/data processing agreement and enterprise compliance information are not publicly robust enough. |
Hosting & Data
1) On-prem / local hosting
Meaning: The company operates the solution on its own hardware or within its own infrastructure. In the strictest sense, not only the application runs locally, but ideally the model as well.
2) Private cloud / data center
Meaning: The solution runs in a dedicated or more clearly separated cloud environment, often with a hosting provider or hyperscaler, but in a German data center or in a particularly controlled environment.
3) EU SaaS / managed
Meaning: The provider operates the solution itself as a service. The company uses the tool as a ready-made cloud service, ideally with EU data residency.
4) Hybrid
Meaning: One part of the processing remains internal / local / in a private cloud, while another part runs in an external cloud or EU SaaS.
5) AVV / DPA
Meaning: This is the data processing agreement or Data Processing Addendum. It governs that the provider processes personal data on behalf of the customer and is bound by the customer's instructions.
6) No training
Meaning: The provider does not use your prompts, uploads, attachments, chat histories, or outputs for training or improving the general model — ideally excluded by contract.
7) Open-source / transparency path
Meaning: There is a path toward greater technical transparency and sovereignty, for example through:
- open models
- documented components
- self-hostable parts
- traceable architecture
- export / switching options
| On-prem / local hosting | ✅ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ❓ |
| Hybrid | ⚠️ |
| DPA / AVV | ❓ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ✅ |
On-Prem / local hosting: covered
The website explicitly describes Paperclip as self-hosted, runnable locally, and not requiring a Paperclip account. It mentions a local instance, a single Node.js process, embedded Postgres, local files, and alternatively your own Postgres.
Private Cloud / data center: partial
The website mentions a 'remote deploy' and the use of your own Postgres. This suggests deployment in your own or isolated infrastructure. However, a dedicated private cloud offering from the provider or an EU/EEA data center is not specifically stated.
EU SaaS / managed: unclear
While the website does mention 'Services operated by Paperclip Labs, Inc.' and refers to hosted infrastructure, there is no indication of an EU SaaS variant, EU data residency, or EU/EEA data centers.
Hybrid: partial
According to the website, the product is a control plane and integrates external agents, adapters, shell processes, or HTTP webhooks. In addition, both local and remote deployments are possible. This means a hybrid operating model can generally be inferred, but it is not described as a formal hosting offering from the provider.
DPA: unclear
No DPA and no corresponding contractual page were found on the website.
No training: partial
For detailed telemetry, the website explicitly states that it is only collected after explicit activation. At the same time, if detailed telemetry is enabled, the website allows its use for operation, improvement, development, commercialization, as well as the training and improvement of machine-learning models. A general contractual exclusion of training for all content is not stated on the website.
Open source / transparency path: covered
The website clearly describes Paperclip as open source under the MIT license, self-hosted, and not requiring a Paperclip account. It also highlights that users can fork, audit, customize, and transfer the code into their own deployments.
Data processing
According to the website, Paperclip can be operated locally or remotely by the user. For local operation, embedded Postgres and local files are mentioned; alternatively, your own Postgres can be used. According to the website, Paperclip is a control plane, while the actual agents run externally via adapters. For the services operated by Paperclip Labs, the privacy policy mentions data collection relating to account, usage, telemetry, device, and communication data, as well as possible transfers to the USA. Subprocessors, specific data centers, and EU data residency are not stated on the website.
Conclusion
For an EU/EEA tool directory, Paperclip is viewed positively primarily because of the clearly documented self-hosting and open-source path. The best available GDPR path is self-hosting in EU/EEA infrastructure. The provider’s own services, by contrast, are weakly documented from a documentation perspective: no DPA can be found, no subprocessors, no EU data residency, no certifications, and data transfer to the USA is mentioned. Therefore, the positive GDPR assessment here is tied to self-hosted use, not to a documented EU SaaS offering from the provider.
Sources
| On-prem / local hosting | ✅ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ❓ |
| Hybrid | ⚠️ |
| DPA / AVV | ❓ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ✅ |
On-Prem / local hosting: covered
The website explicitly describes Paperclip as self-hosted, runnable locally, and not requiring a Paperclip account. It mentions a local instance, a single Node.js process, embedded Postgres, local files, and alternatively your own Postgres.
Private Cloud / data center: partial
The website mentions a 'remote deploy' and the use of your own Postgres. This suggests deployment in your own or isolated infrastructure. However, a dedicated private cloud offering from the provider or an EU/EEA data center is not specifically stated.
EU SaaS / managed: unclear
While the website does mention 'Services operated by Paperclip Labs, Inc.' and refers to hosted infrastructure, there is no indication of an EU SaaS variant, EU data residency, or EU/EEA data centers.
Hybrid: partial
According to the website, the product is a control plane and integrates external agents, adapters, shell processes, or HTTP webhooks. In addition, both local and remote deployments are possible. This means a hybrid operating model can generally be inferred, but it is not described as a formal hosting offering from the provider.
DPA: unclear
No DPA and no corresponding contractual page were found on the website.
No training: partial
For detailed telemetry, the website explicitly states that it is only collected after explicit activation. At the same time, if detailed telemetry is enabled, the website allows its use for operation, improvement, development, commercialization, as well as the training and improvement of machine-learning models. A general contractual exclusion of training for all content is not stated on the website.
Open source / transparency path: covered
The website clearly describes Paperclip as open source under the MIT license, self-hosted, and not requiring a Paperclip account. It also highlights that users can fork, audit, customize, and transfer the code into their own deployments.
Data processing
According to the website, Paperclip can be operated locally or remotely by the user. For local operation, embedded Postgres and local files are mentioned; alternatively, your own Postgres can be used. According to the website, Paperclip is a control plane, while the actual agents run externally via adapters. For the services operated by Paperclip Labs, the privacy policy mentions data collection relating to account, usage, telemetry, device, and communication data, as well as possible transfers to the USA. Subprocessors, specific data centers, and EU data residency are not stated on the website.
Conclusion
For an EU/EEA tool directory, Paperclip is viewed positively primarily because of the clearly documented self-hosting and open-source path. The best available GDPR path is self-hosting in EU/EEA infrastructure. The provider’s own services, by contrast, are weakly documented from a documentation perspective: no DPA can be found, no subprocessors, no EU data residency, no certifications, and data transfer to the USA is mentioned. Therefore, the positive GDPR assessment here is tied to self-hosted use, not to a documented EU SaaS offering from the provider.
Sources
Strengths & weaknesses at a glance
| Strengths | Weaknesses |
|---|---|
| • Open Source / MIT, self-hosted, no Paperclip account required. | • Not a classic end-user SaaS with clearly documented pricing tiers publicly available. |
| • Fast local setup with embedded PostgreSQL, without an external database. | • Technical barrier to entry: self-hosting, Node.js/pnpm, and agent adapter setup required. |
| • Governance and control features: board approval, budgets, audit trail, roles/reporting. | • According to the README, not intended for single-agent use; often overengineered for simple chat/assistant use cases. |
| • Adapter-agnostic and technically flexible. | • Important points such as multiple human users, cloud deployments, and desktop app are still only on the public roadmap. |
| • Clear multi-agent/multi-company positioning instead of individual prompt windows. | • Privacy/compliance documentation for enterprise procurement currently does not appear to be as developed as that of established SaaS providers. This assessment is based on publicly available sources. |
Reviews
0 reviews in total
There are no confirmed reviews for this tool yet.
Submit review
Your review will only become visible after email confirmation. This protects the portal against abuse.
Report review
Please select the reason why this review should be checked.
GDPR-compliant usage possible?
For the EU/EEA area, Paperclip can be considered usable in a GDPR-compliant manner in the best available usage form, because the website describes a clear self-hosting/local deployment path without requiring a Paperclip account. This allows a user to operate the software in their own EU/EEA infrastructure. The services operated by Paperclip Labs are significantly more critical from a GDPR perspective, because the website mentions data transfers to the USA, does not specify EU data residency, and describes the use of data for improvement and training.
Positive
Positive aspects are the explicit self-hosting approach, the MIT license, the statement 'no Paperclip account required', local execution with embedded Postgres or the user's own Postgres, as well as the possibility of local or remote deployment. For EU/EEA users, this opens a practical way to process data exclusively within their own European infrastructure.
Negative
Negative is that, for the services operated by Paperclip Labs, the website specifies neither EU data centers nor EU data residency, DPA/AVV, subprocessors, or certifications. The privacy policy also states that data may be transferred to the USA. In addition, the website describes that data may be used to improve the services and to train or improve machine-learning models and algorithms; this is explicitly mentioned for detailed telemetry.
Server location
For self-hosting, the server location can be freely chosen by the user and may be within the EU/EEA area. For the services operated by the provider, no specific server or data center location is stated on the website; the privacy policy merely states that data may be transferred to and processed in the USA, among other places.