Privacy Policy

Last updated: 11 June 2026

1. The short version

We built GetPDFPro to be the PDF tool we wished existed: fast, free, and respectful of your files. The TL;DR:

• We don't store your files. Files you upload are processed in memory and discarded immediately. We don't keep a copy, we don't back them up, we don't train on them.
• We don't sell your data. No data brokers, no ad networks selling your info, no "partners" we hand it to.
• You don't need an account to use the tools. Anonymous users can do 1 task per day, no signup, no email, no tracking beyond a privacy-respecting browser cookie.
• If you create an account, we keep what we need to keep it working. Email, hashed password, usage counters. That's it.
• You can delete your account and all its data at any time. One button in the account page, or email privacy@getpdfpro.com.

2. What we collect

2.1 Files you upload

Files are streamed to our API server, processed in memory using PyMuPDF, and the response is sent back to your browser. We do not write uploaded files to disk. The processing server retains the file in RAM only for the duration of the request (typically < 5 seconds). Once the response is sent, the file is garbage-collected by the Python runtime.

Exception: If you explicitly opt into a feature that requires storage (for example, saving processing history to your account), that data is stored until you delete it. Such features will be clearly labeled and opt-in.

2.2 Account information

If you create an account, we collect:

• Email address (used for sign-in and important service notices)
• Password (stored as a bcrypt hash — we cannot read it)
• OAuth profile (name, avatar URL) if you sign in with Google or GitHub
• Subscription status (Free / Pro / Beta) if you upgrade
• Daily usage counter (how many tasks you've run today)

We do not collect your real name, phone number, address, or any government identifier.

2.3 Automatically collected data

When you visit our site, our hosting providers (Vercel for the web app, Railway for the API) log standard request metadata: IP address, user agent, request URL, response status, bytes served. These logs are retained for 30 days for abuse detection and capacity planning, then deleted.

We use Cloudflare in front of the API for DDoS protection and rate limiting. Cloudflare may set cookies or process requests for bot detection.

2.4 Cookies

We set the following cookies:

• getpdfpro:anon_id — a random UUID stored in your browser so we can track your anonymous daily quota. Expires after 30 days of inactivity.
• getpdfpro:quota:* — your daily usage counter (localStorage, not actually a cookie, but same idea).
• sb-*-auth-token — Supabase authentication session cookie. Set only after you sign in.

We do not use advertising cookies, third-party tracking cookies, or cross-site tracking cookies.

3. How we use your data

• To process your PDF tasks (the core product)
• To enforce daily usage limits for free/anonymous users
• To authenticate you and protect your account (Supabase)
• To send you essential service emails (password reset, quota warnings, security alerts) — never marketing
• To respond to legal requests (court orders, valid subpoenas — none received as of this writing)

We do not use your data for: advertising, profiling, training AI models, or selling to third parties.

4. Who we share data with

We share data only with the following sub-processors, each contractually obligated to protect it:

• Vercel — web hosting (privacy policy: vercel.com/legal/privacy-policy)
• Railway — API hosting (privacy policy: railway.com/legal/privacy)
• Supabase — auth and database (privacy policy: supabase.com/privacy)
• Cloudflare — CDN and DDoS protection (privacy policy: cloudflare.com/privacypolicy)
• Stripe — payment processing (privacy policy: stripe.com/privacy) — we share only your email and subscription status; never your card details

We do not share data with advertising networks, data brokers, analytics providers (beyond what our hosting providers collect), social media platforms, or any other third party.

5. Your rights

You can at any time:

• Access your data — visit /account or email privacy@getpdfpro.com
• Download a copy of your account data (JSON export, coming soon)
• Correct inaccurate data — email privacy@getpdfpro.com
• Delete your account and all associated data — one click in the account page, or email privacy@getpdfpro.com
• Object to processing or request restriction — email privacy@getpdfpro.com
• Port your data to another service (data portability) — JSON export, coming soon

We respond to all data-subject requests within 30 days, as required by GDPR Article 12(3).

6. International transfers

Our servers are hosted in the United States (Railway, Vercel edge network) and the European Union (Supabase primary region). When you use GetPDFPro from outside these regions, your data may be transferred across borders to provide the service.

We rely on Standard Contractual Clauses (SCCs) for transfers from the EEA, UK, and Switzerland to the US, in compliance with GDPR Chapter V.

7. Children

GetPDFPro is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us data, email privacy@getpdfpro.com and we will delete it.

8. Security

We use industry-standard security measures:

• TLS 1.2+ for all data in transit (HSTS enabled)
• Bcrypt-hashed passwords (we cannot read them, ever)
• Files processed in memory only, never written to disk on our servers
• Row-level security in our database
• Rate limiting and DDoS protection via Cloudflare
• Regular security reviews and dependency audits

Report vulnerabilities to security@getpdfpro.com. We respond within 48 hours.

9. Cookies & tracking

We use only the cookies listed in section 2.4. We do not use Google Analytics, Facebook Pixel, or any cross-site tracking technology.

Google AdSense may set its own cookies when displaying ads. See Google's cookie policy for details on how those cookies work.

10. Changes to this policy

If we make material changes, we'll email signed-in users and post a notice on the home page at least 30 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent change.

11. Contact

Email privacy@getpdfpro.com for any privacy-related question. We respond within 30 days.

Data controller: Salim, operating as a sole proprietor. Based in India.