Privacy Policy
1. Data Controller
PDFUS (pdf-us.com) is operated by Georgy Shchelkanov, a self-employed individual
(autónomo) registered in Spain.
Address: C/ Garganta de los Montes 22, Madrid, Spain
Contact: privacy@pdf-us.com
2. What Data We Collect
We collect and process the following personal data:
- Email address — collected when you create an account or sign in via one-time password (OTP). Used solely for authentication.
- Analytics data — if you consent, we use PostHog to collect usage events (e.g. which tools you use, file sizes processed, feature interactions), your browser type, operating system, and IP address. PostHog may store an analytics identifier in your browser's localStorage.
- Payment data — if you subscribe to Pro, payment is processed directly by Stripe. We receive only a customer ID and subscription status; we never store your card details.
- PDF files — processed entirely in your browser. Your files are never uploaded to our servers and never leave your device.
3. Legal Basis for Processing
- Email / authentication — performance of a contract (Art. 6(1)(b) GDPR): necessary to provide the service.
- Analytics — your consent (Art. 6(1)(a) GDPR), given via the cookie banner on first visit. You may withdraw consent at any time via the cookie preferences link in the footer.
- Payment processing — performance of a contract (Art. 6(1)(b) GDPR).
4. Third-Party Processors
We share data with the following sub-processors, each located in the United States:
- Supabase, Inc. — authentication and user database hosting. Privacy policy. Data transfers to the US are covered by Standard Contractual Clauses (SCCs).
- PostHog, Inc. — product analytics (only if you consent). Privacy policy. Data transfers covered by SCCs.
- Stripe, Inc. — payment processing. Privacy policy. Data transfers covered by SCCs.
- Google LLC — analytics and advertising measurement via Google Analytics 4 (GA4), Google Ads, and Google Tag Manager. Google Analytics operates under Google's privacy policy. All Google tags default to consent denied mode — no analytics cookies are set until you give consent via the cookie banner. Data transfers to the US are covered by the EU–US Data Privacy Framework and SCCs.
We do not sell your personal data to any third party.
5. Data Retention
- Account data (email, Pro status): retained while your account is active. Deleted upon your request or after 2 years of inactivity.
- Analytics events: retained for 1 year in PostHog, then automatically deleted.
- Payment records: retained by Stripe in accordance with their policy and applicable tax law (typically up to 7 years).
6. Your Rights Under GDPR
As a data subject you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your data ("right to be forgotten").
- Restriction — ask us to limit processing of your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — for analytics, at any time without affecting prior processing.
To exercise any right, email privacy@pdf-us.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Spanish data protection authority: Agencia Española de Protección de Datos (AEPD), C/ Jorge Juan 6, 28001 Madrid.
7. Cookies and Tracking
See our Cookie Policy for a full list of what is stored in your browser and how to manage your preferences.
8. Security
PDF processing happens entirely in your browser — files are never transmitted to any server. Account data is protected by Supabase's infrastructure, including encryption at rest and in transit. We do not have access to your Stripe payment details.
9. Children
PDFUS is not directed at children under 16. We do not knowingly collect personal data from minors. If you believe a minor has provided data, contact us for immediate deletion.
10. Changes to This Policy
We may update this policy from time to time. The "Last updated" date at the top indicates when the latest changes were made. Continued use of the service after changes constitutes acceptance of the updated policy.
11. Contact
For any privacy-related questions, email privacy@pdf-us.com.