GDPR Policy

Effective Date: April 02, 2025

PDFData ("we", "us", or "our") is committed to protecting the personal data of users and complying with the General Data Protection Regulation (GDPR) (EU) 2016/679. This GDPR Policy explains what personal data we collect, how we use it, your rights, and how we ensure your data is secure.

1. Who This Applies To

This policy applies to all users of our services who are located in the European Union (EU), European Economic Area (EEA), or the United Kingdom.

2. Legal Basis for Processing

We process your personal data under one or more of the following legal bases:

  • Contractual necessity: To create and manage your account, process payments, and deliver services.
  • Consent: Where applicable, such as email marketing communications.
  • Legal obligations: To comply with tax, accounting, or legal requirements.
  • Legitimate interests: To improve and secure our platform.

3. What Personal Data We Collect

We may collect the following categories of personal data:

  • Identity Data: Email address
  • Account Data: Login credentials (hashed passwords), session tokens
  • Financial Data: Billing information (handled securely via Stripe; we do not store card details)
  • Technical Data: IP address, browser type, operating system, device information
  • Uploaded Files: PDF documents uploaded for processing (stored temporarily)

4. How We Use Your Data

We use your personal data for the following purposes:

  • To register and manage your user account
  • To process payments and maintain your balance
  • To provide PDF data extraction services
  • To send important service notifications
  • To respond to support requests
  • To improve our services and website
  • To comply with legal and tax obligations

5. Data Retention

  • Account and billing data is retained as long as you maintain an account and as required by law (e.g., accounting retention periods).
  • Uploaded files are automatically deleted after processing or within 24 hours.
  • You can delete your account at any time by contacting support.

6. Your GDPR Rights

Under GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data.
  • Right to Rectification: Request corrections to inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data ("right to be forgotten").
  • Right to Restrict Processing: Limit how we use your data.
  • Right to Data Portability: Request your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on our legitimate interests.
  • Right to Withdraw Consent: If processing is based on consent, you may withdraw it at any time.

To exercise your rights, contact us at [email protected]. We will respond within 30 days.

7. International Data Transfers

Your data may be processed in countries outside the EEA (e.g., United States) where our servers or service providers (like Stripe) are located. We ensure that appropriate safeguards (such as Standard Contractual Clauses) are in place to protect your data.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • HTTPS encryption for all communications
  • Secure data centers and access controls
  • Automatic file deletion after processing
  • Stripe integration for PCI-compliant payment handling

9. Processors and Subprocessors

We work with trusted third-party providers that help us operate our services:

  • Stripe – Payment processing
  • Cloud hosting providers – Hosting and storage
  • Analytics services – Platform performance analysis

All processors are GDPR-compliant and act under our instructions.

10. Contact Us

If you have any questions about our GDPR Policy or wish to exercise your rights, please contact us at [email protected].