Privacy Policy | pdfs.to

1. Overview

pdfs.to ("we", "us", "our") operates the PDF processing service at pdfs.to. This Privacy Policy explains how we collect, use, and protect information when you use our service.

We are committed to protecting your privacy and have designed our service with privacy in mind from the ground up. The most important thing to know: we do not store, read, or share the files you upload. Files exist only in memory during processing and are immediately discarded afterward.

2. Information We Collect

Account Information (if you register)

Email address	Used to identify your account and send service-related emails
Full name	Optional — used to personalize your experience
Password	Stored as a one-way cryptographic hash (bcrypt). We cannot read your password.
Subscription plan	Free, Pro, or Business — determines your usage limits

Usage Data (all users)

IP address — for rate limiting and fraud prevention
Browser and device type (User-Agent) — for compatibility and analytics
Which PDF tool was used (e.g., "merge", "compress") and whether it succeeded
File size in MB and page count — for usage analytics and limit enforcement
Timestamp of each operation

We do not log file names, file contents, or any information about what your documents contain.

Payment Information

Payment is handled by Paddle. We never see or store your credit card number, CVV, or full card details. We receive only a Paddle customer identifier and subscription status, which we use to apply the correct plan limits to your account.

Anonymous Use

You can use the service without creating an account. In this case, we collect only your IP address and usage data (tool name, file size, success/failure) for rate limiting. This data is not linked to any personal identity.

3. File Privacy — Our Core Commitment

How your files are handled:

1.You upload a file over an encrypted HTTPS connection.
2.The file is loaded into the server's memory (RAM) for processing. It is never written to permanent disk storage.
3.The processed output is returned to your browser.
4.Both the input and output data are immediately released from memory. There is no copy left on any server.

We do not read the content of your files. Our processing code operates on binary PDF structure — it does not parse, index, or analyze the human-readable content of your documents.

No employee, contractor, or automated system at pdfs.to has access to the content of files you upload.

4. How We Use Your Information

We use the information we collect to:

Provide and operate the PDF processing service
Enforce usage limits based on your plan (free, Pro, Business)
Send transactional emails: account confirmation, password reset, billing receipts
Detect and prevent abuse, fraud, and unauthorized access
Understand aggregate usage patterns to improve the service (e.g., which tools are most popular)
Comply with legal obligations

We do not use your information to serve targeted advertising. We do not sell your data to any third party.

5. Data Sharing and Third Parties

We share minimal information with third parties, only as necessary to operate the service:

Paddle (Payment Processing)

We share your email address with Paddle to create a billing customer and manage your subscription. Paddle processes payments and is subject to its own privacy policy and PCI-DSS compliance requirements. Paddle's Privacy Policy.

Hosting Infrastructure

Our servers are hosted on cloud infrastructure. While servers have physical access to memory during operation, files exist in RAM only during the milliseconds of processing and are not persisted in any form accessible to infrastructure providers.

Legal Requirements

We may disclose information if required by law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of pdfs.to, our users, or the public.

We do not share your data with advertisers, data brokers, analytics companies, or any other third parties beyond those described above.

6. Cookies and Tracking

What we use

We use a minimal set of browser storage mechanisms:

Authentication token — stored in localStorage to keep you signed in. Contains only your user ID and expiry; no sensitive data.
Theme preference — stored in localStorage to remember your light/dark mode choice.

What we don't use

We do not use:

Third-party advertising cookies
Cross-site tracking pixels
Google Analytics or similar behavioral tracking services
Social media tracking buttons

You can clear your browser's localStorage at any time to remove stored tokens and preferences. This will sign you out of the service.

7. Data Retention

Uploaded files	Never stored. Deleted from memory immediately after processing.
Account data	Retained until you delete your account or request deletion.
Usage logs	Retained for 90 days, then automatically purged. Used for rate limiting and aggregate analytics.
Billing records	Retained for 7 years as required for financial compliance.
Audit logs	Retained for 1 year for security and fraud investigation.

To request deletion of your account and associated data, email us at privacy@pdfs.to. We will complete deletion within 30 days, except for data we are required to retain by law.

8. Security

We take security seriously and have implemented the following safeguards:

All data in transit is encrypted with TLS (HTTPS)
Passwords are hashed using bcrypt with a per-user salt — we cannot recover them
Authentication tokens expire after 7 days
Rate limiting prevents brute-force attacks on login endpoints
File processing is sandboxed per request with no cross-user data access
Payment processing is handled entirely by Paddle (PCI-DSS compliant)

No system is 100% secure. If you discover a security vulnerability, please report it responsibly to privacy@pdfs.to.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access — request a copy of the personal data we hold about you
Correction — request correction of inaccurate data
Deletion — request deletion of your account and associated personal data
Portability — request your data in a machine-readable format
Objection — object to processing based on legitimate interest
Withdrawal of consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at privacy@pdfs.to. We will respond within 30 days.

10. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected information from a child, contact us and we will delete it promptly.

11. International Users

pdfs.to operates globally. By using the Service, you acknowledge that your information may be processed on servers located in countries that may have different data protection laws than your country of residence.

We apply the same privacy standards to all users regardless of location and comply with applicable data protection regulations including GDPR principles for users in the European Economic Area.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will update the effective date at the top of this page and, for significant changes, notify you by email or a notice within the Service at least 14 days before the changes take effect.

We encourage you to review this page periodically. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our privacy team:

Email: privacy@pdfs.to

Website: pdfs.to

We aim to respond to all privacy-related inquiries within 5 business days.