Privacy Policy

Effective Date: December 02, 2025

PDFData ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our website and services ("Services").

1. Information We Collect

Some uploads/data may include highly sensitive personal or financial information (invoices, bank statements, medical info, etc.), and we treat them with extra security.

a. Account Information
  • Email address (required for registration and verification).
  • Password (encrypted and never stored in plain text).
b. Payment Information
  • We use Stripe to handle all payments and payment methods.
  • We do not store your full credit card details on our servers.
  • Stripe may collect billing information such as your name, card type, and billing address.
c. Uploaded Files
  • When you upload PDF files for data extraction, we temporarily store them for processing.
  • Files are automatically deleted after processing.
  • We do not share, analyze, or use your uploaded files for any purpose other than processing them for your request.
d. Usage Data
  • IP address.
  • Browser type.
  • Operating system.
  • Date and time of access.
  • Actions performed in your account (e.g., file uploads, balance top-ups).

We use this data to improve our service, secure our platform, and analyze usage trends.

Data Security and Encryption

We take the protection of your sensitive information — including uploaded files (PDFs), extracted data (bank/financial data, medical information, invoices/receipts, resumes, insurance claims, etc.), and stored account data — very seriously. To safeguard this data, we implement a comprehensive set of security measures, as described below:

  • Encryption in transit and at rest:
    • All data exchanged between your browser (or client) and our servers is transmitted over secure TLS/HTTPS connections.
    • Data stored on our infrastructure — including uploaded files and database records — is encrypted at rest.
  • Application-level encryption for sensitive content:
    • For data classified as especially sensitive (e.g. financial account numbers, bank statements, medical information, etc.), we use application-level encryption (AES-256-GCM or equivalent) in addition to infrastructure-level encryption. This ensures that even if underlying storage or backups are compromised, the content remains unreadable without the decryption key.
    • Encryption keys are handled securely: master encryption keys are stored only as secrets, separate from code, and not committed to any public or shared repository.
  • Strict key management and access control:
    • Encryption keys and other secrets are stored in a secured configuration.
    • Access to these keys is limited to authorized backend processes.
  • Security review, maintenance, and best-practice configuration:
    • We perform regular security reviews and updates to dependencies, encryption libraries, and server configurations.
    • We enforce principles of “privacy by design”: data minimization, least privilege, retention limits, and secure defaults.
Transparency and User Rights
  • We provide you with the ability to request deletion of your stored data (both original files and extracted data).
  • We handle all data in compliance with applicable data-protection laws/regulations, and are committed to maintaining high standards of data confidentiality, integrity, and availability.
Limitation of Guarantees
  • While we use state-of-the-art encryption and access controls, no system is 100% immune to risks. We cannot guarantee absolute security, but we continuously monitor, audit, and improve our security posture to minimize any potential risks.

2. How We Use Your Data

We use the collected information to:

  • Provide and maintain our Services
  • Process payments and maintain your account balance.
  • Protect the confidentiality, integrity, and availability of your data through encryption, controlled access, and secure handling.
  • Communicate with you (e.g., email confirmations, service updates).
  • Improve and secure our Services.
  • Comply with legal obligations.

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share data with:

  • Stripe for payment processing
  • Legal authorities if required by law or subpoena
  • Service providers that help us operate the platform (e.g., cloud hosting)

All third-party services are required to comply with applicable data protection laws.

4. Cookies and Tracking

We may use cookies and similar technologies to:

  • Authenticate users.
  • Track session activity.
  • Analyze platform performance.

You can control cookies through your browser settings.

5. Data Retention

  • Account data: Retained as long as your account is active or as required by law.
  • Uploaded PDF files: Automatically deleted in 7 days after processing.
  • Payment logs: Retained for financial and legal compliance.

6. Your Rights

Depending on your location, you may have the right to:

  • Access your data.
  • Correct or delete your data.
  • Object to certain processing.
  • Request data portability.

7. Data Security

We implement industry-standard measures to protect your data, including:

  • Encryption (in transit and at rest).
  • Access controls and audit logs.
  • Regular security reviews.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the Service after changes constitutes acceptance.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us at [email protected].