Privacy Policy

Last updated: March 28, 2026

PDF Platform ("we", "us", or "our") operates the PDF Platform website and API services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Username
• Password (stored securely using industry-standard hashing)

Payment Information

When you purchase credits or subscriptions, payment processing is handled by Stripe. We do not store your full credit card number. We receive and store transaction identifiers and subscription status from Stripe.

Files You Upload

When you use our PDF processing services, you may upload documents. Uploaded files are processed in memory or temporary storage and are automatically deleted after processing is complete. We do not retain copies of your uploaded files beyond the processing window.

Usage Data

We automatically collect certain information when you access our services, including:

• API request logs (endpoint, timestamp, response status)
• Credit usage and transaction history
• IP address and browser user agent

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and manage your account
• Track credit usage and enforce rate limits
• Send transactional emails (account verification, password resets, billing receipts)
• Monitor for abuse and ensure service security
• Comply with legal obligations

3. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

• Payment processors: Stripe, for processing transactions
• Infrastructure providers: Cloud hosting services that store our databases and serve our application
• Legal requirements: When required by law, regulation, or legal process

4. Data Retention

We retain your account information for as long as your account is active. Uploaded files are deleted immediately after processing. API logs are retained for up to 90 days. You may request deletion of your account and associated data at any time by contacting us.

5. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS/HTTPS)
• Secure password hashing
• API key authentication with JWT tokens
• Rate limiting to prevent abuse

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Data portability

To exercise these rights, please contact us at [email protected].

7. Cookies

We use essential cookies to maintain your session and authentication state. We do not use third-party tracking or advertising cookies.

8. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for any international transfers of personal data in accordance with applicable law.

9. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at [email protected].