GDPR Compliance: This Privacy Policy complies with the General Data Protection Regulation (GDPR) and other applicable privacy laws. We are committed to protecting your privacy and personal data.
1. Introduction
This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our PDF conversion service ("Service"). We are committed to ensuring that your privacy is protected and that we comply with all applicable data protection laws, including the GDPR.
1.1 Data Controller
For the purposes of data protection law, we are the data controller of your personal information. This means we determine how and why your personal data is processed.
2. Information We Collect
2.1 Files and Content
| Data Type |
Purpose |
Legal Basis |
Retention Period |
| Uploaded Files |
PDF conversion processing |
Legitimate Interest |
24 hours maximum |
| File Metadata |
Security scanning, format validation |
Legitimate Interest |
30 days for security logs |
| Converted Files |
Download provision |
Contract Performance |
24 hours maximum |
2.2 Technical Information
| Data Type |
Purpose |
Legal Basis |
Retention Period |
| IP Address |
Security, rate limiting, analytics |
Legitimate Interest |
30 days |
| Browser Information |
Service optimization, compatibility |
Legitimate Interest |
30 days |
| Session Data |
Service functionality, security |
Legitimate Interest |
Session duration |
| Usage Statistics |
Service improvement, performance monitoring |
Legitimate Interest |
12 months (anonymized) |
2.3 Cookies and Tracking
We use cookies and similar technologies for:
- Essential Cookies: Required for service functionality (no consent required)
- Analytics Cookies: Usage statistics and performance monitoring (consent required)
- Security Cookies: Protection against abuse and attacks (legitimate interest)
For detailed information, please see our Cookie Policy.
3. How We Use Your Information
3.1 Primary Purposes
- File Conversion: Processing your files to convert them to PDF format
- Security Scanning: Detecting and preventing malicious content
- Service Delivery: Providing download links and managing conversions
- Rate Limiting: Preventing abuse and ensuring fair usage
3.2 Secondary Purposes
- Service Improvement: Analyzing usage patterns to enhance functionality
- Security Monitoring: Detecting and preventing security threats
- Legal Compliance: Meeting regulatory and legal requirements
- Technical Support: Troubleshooting and resolving service issues
4. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
4.1 Legitimate Interest (Article 6(1)(f))
- Security scanning and threat detection
- Service optimization and performance monitoring
- Fraud prevention and abuse detection
- Technical troubleshooting and support
4.2 Contract Performance (Article 6(1)(b))
- File conversion processing
- Providing download links
- Service delivery and functionality
4.3 Consent (Article 6(1)(a))
- Analytics and usage tracking (where required)
- Marketing communications (if applicable)
- Optional service enhancements
5. Data Sharing and Disclosure
Important: We do not sell, rent, or trade your personal information to third parties for marketing purposes.
5.1 Service Providers
We may share data with trusted service providers who assist in:
- Cloud hosting and infrastructure (with data processing agreements)
- Security services and threat detection
- Analytics and performance monitoring (anonymized data only)
5.2 Legal Requirements
We may disclose information when required by law or to:
- Comply with legal obligations or court orders
- Protect our rights, property, or safety
- Prevent fraud or security threats
- Cooperate with law enforcement investigations
6. Data Security
We implement comprehensive security measures to protect your data:
6.1 Technical Safeguards
- Encryption: Data encrypted in transit (HTTPS/TLS) and at rest
- Access Controls: Strict authentication and authorization
- Security Monitoring: Continuous threat detection and response
- Regular Updates: Security patches and system updates
6.2 Organizational Safeguards
- Data Minimization: Collecting only necessary information
- Staff Training: Regular privacy and security training
- Incident Response: Procedures for security breach management
- Regular Audits: Security assessments and compliance reviews
7. Data Retention
7.1 Retention Periods
| Data Type |
Retention Period |
Reason |
| Uploaded Files |
Maximum 24 hours |
Automatic deletion after processing |
| Converted Files |
Maximum 24 hours |
Automatic deletion after download period |
| Security Logs |
30 days |
Security monitoring and threat detection |
| Usage Analytics |
12 months (anonymized) |
Service improvement and optimization |
| Session Data |
Session duration only |
Deleted when session ends |
7.2 Automatic Deletion
We have implemented automated systems to ensure data is deleted according to our retention schedule. Files are automatically removed from our servers, and we do not maintain permanent copies of user content.
8. Your Rights (GDPR)
Under GDPR and other privacy laws, you have the following rights:
8.1 Access Rights
- Right to Access: Request information about data we hold about you
- Right to Portability: Receive your data in a structured format
8.2 Control Rights
- Right to Rectification: Correct inaccurate personal data
- Right to Erasure: Request deletion of your personal data
- Right to Restrict Processing: Limit how we use your data
- Right to Object: Object to processing based on legitimate interests
8.3 Consent Rights
- Right to Withdraw Consent: Withdraw consent for data processing
- Right to Object to Marketing: Opt-out of marketing communications
8.4 Exercising Your Rights
9. International Data Transfers
If we transfer your data outside the European Economic Area (EEA), we ensure adequate protection through:
- Adequacy Decisions: Transfers to countries with adequate protection
- Standard Contractual Clauses: EU-approved data transfer agreements
- Certification Schemes: Privacy Shield or similar frameworks
- Binding Corporate Rules: Internal data protection policies
10. Children's Privacy
Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.
11. Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours
- Inform affected individuals without undue delay
- Provide clear information about the breach and our response
- Take immediate steps to contain and remedy the breach
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will post the updated policy on this page
- We will update the "Last Updated" date
- For significant changes, we will provide additional notice
- Your continued use constitutes acceptance of changes
14. Additional Information
14.1 Related Policies
14.2 Compliance
This policy complies with:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Other applicable privacy laws
