Privacy Policy

1. Introduction

PDF Toolkit ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and other applicable laws.

2. Data We Collect

• Uploaded files: PDF files you upload are processed on our servers and deleted immediately after you download the result. We do not store, read, or share the contents of your files.
• IP addresses: We log your IP address solely for rate limiting (to enforce fair usage of the free tier). Rate limit records are automatically deleted after 24 hours.
• Payment information: If you subscribe to our Pro plan, payment is processed entirely by our payment providers (Stripe and/or Lemon Squeezy). We store your email address and subscription status but never have access to your credit card details.
• Operation logs: We log the type of operation performed (merge, split, compress), file count, and file size for service monitoring. These logs are associated with your IP address.

3. How We Use Your Data

• Rate limiting: IP addresses are used to enforce usage limits on the free tier (5 operations per 24 hours).
• Payment processing: Email addresses are used to manage subscriptions and communicate payment-related information.
• Service improvement: Aggregated, anonymized operation statistics help us understand usage patterns and improve the service.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Data Retention

• Uploaded files: Deleted immediately after processing and download. Any temporary files are purged within 1 hour at most.
• Rate limit data: Automatically deleted after 24 hours.
• Operation logs: Retained for up to 90 days for service monitoring, then automatically purged.
• Subscription data: Retained for the duration of your subscription and for up to 12 months after cancellation for legal and accounting purposes.

5. Cookies and Tracking

We do not use tracking cookies. Our analytics are powered by Plausible Analytics, which is a privacy-friendly, cookieless analytics tool. It does not collect personal data or use cookies. No consent banner is required.

6. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: You can request a copy of all data we hold about you.
• Right to erasure: You can request that we delete all data associated with you.
• Right to data portability: You can request your data in a machine-readable format.
• Right to rectification: You can request correction of any inaccurate data.
• Right to restrict processing: You can request that we limit how we use your data.
• Right to object: You can object to our processing of your data.

To exercise any of these rights, you can use our self-service data endpoints (GET /api/v1/my-data and DELETE /api/v1/my-data) or contact us at the email below.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (HTTPS/TLS), secure server infrastructure, and strict access controls. Uploaded files are processed in isolated temporary storage and deleted immediately.

8. Third-Party Services

• Stripe: Payment processing. See Stripe's Privacy Policy.
• Lemon Squeezy: Payment processing. See Lemon Squeezy's Privacy Policy.
• Plausible Analytics: Cookieless website analytics. See Plausible's Data Policy.

9. Contact

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

[email protected]

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the service after changes constitutes acceptance of the revised policy.