Privacy & Security

Overview

PDF99 provides browser-first PDF utilities (conversion, merge, split, compress, OCR). We design the service to minimise data transfer and keep files private. This policy explains what we collect, how we use it, and how we protect it.

Local-first processing

Wherever possible, processing happens locally in your browser - this means files do not leave your device. Many conversions and transformations run client-side to protect user privacy and reduce latency.

When server processing is required

Some operations (advanced conversions, OCR, heavy transforms) require temporary server-side processing. In those cases we:

• Transmit files over encrypted channels (HTTPS/TLS).
• Store files temporarily only for processing and remove them automatically after a short retention window.
• Limit access to processing infrastructure and log only minimal metadata necessary for debugging and performance monitoring.

File retention & deletion

Server-stored files are deleted automatically after a short expiry (typically minutes to a few hours). If you need immediate removal of a file, contact [email protected] with the file reference and we'll assist. We do not retain processed files after the expiry period.

Data we collect

We strive to collect as little personal data as possible. Examples of data we may collect:

• Files you upload (for processing) - these are User Content and are treated according to this policy.
• Minimal usage metadata (e.g., timestamps, tool used, file size) for debugging and performance.
• Optional contact information when you email or use the contact form (name, email, message).
• Cookies and analytics data (see below).

Cookies & analytics

We use cookies and third-party analytics to monitor site performance, detect errors and improve the product. We do not store file contents in analytics. You can opt out of non-essential tracking via your browser or cookie controls where provided.

Third-party services

PDF99 may rely on third-party providers for hosting, storage, analytics, and ancillary services. Those providers process limited data on our behalf under contracts that require compliance with security and privacy standards.

Security measures

We apply industry-standard security practices to protect data, including:

• HTTPS/TLS for all network traffic.
• Access controls and least-privilege principles on server infrastructure.
• Regular updates and patching of software components.
• Monitoring and alerting for suspicious activity.

While we work to secure the service, no system is 100% secure - avoid uploading highly-sensitive personal data unless you have appropriate safeguards.

User rights (GDPR and similar)

If you are located in jurisdictions with privacy laws (e.g., GDPR), you may have rights to access, correct, or request deletion of your personal data. To exercise these rights or ask questions, contact [email protected]. We will respond following applicable law.

Data export & portability

We do not maintain long-term user file storage by default. If you need assistance exporting logs or account data (for paid/registered services), contact support for available options.

Abuse, copyright and legal requests

If you believe content on the service violates your rights or the law, contact us at [email protected] with relevant details. We process lawful requests and follow applicable procedures for copyright or abuse reports.

Children

The Service is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13; if you believe we have such data, contact support to request deletion.

Changes to this policy

We may update this Privacy & Security policy periodically. Material changes will be posted with an updated effective date. Continued use of the Service after changes indicates acceptance of the updated policy.

Contact

Questions, requests or concerns about privacy may be sent to [email protected] or via our Contact page.

Effective date: October 1, 2025