Privacy Policy

PDF Tools API ("we", "us", or "our") provides REST API endpoints for PDF operations including conversion, merging, splitting, and manipulation. This privacy policy explains how we collect, use, and safeguard your information when you use our API services.

2.1 Account Information

• Email address (used for account registration, authentication, and password recovery)
• Hashed password (we never store or transmit plaintext passwords)
• API keys (generated for authenticating API requests, stored securely)

2.2 API Usage Data

• API call logs (endpoint accessed, timestamp, response status)
• Usage statistics (number of API calls, file sizes processed)
• IP address (for rate limiting, fraud prevention, and security monitoring)

2.3 Uploaded Files

• PDF files uploaded via API for processing
• Processing parameters specified in API requests
• Output files generated by our processing service

2.4 Billing Information

• Payment processing is handled by third-party payment processors (Creem)
• We do NOT store full credit card numbers or sensitive payment data
• We retain transaction history and subscription status

We use your information for the following purposes:

• To authenticate API requests and provide our services
• To manage your account, subscriptions, and billing
• To monitor API usage, enforce rate limits, and prevent abuse
• To process and complete PDF operations you request
• To send important service notifications (security updates, service changes)
• To respond to your support requests
• To improve our API performance, features, and reliability
• To comply with legal obligations

Data Type	Retention Period
Uploaded PDF Files	Automatically deleted 24 hours after processing
Processed Output Files	Automatically deleted 24 hours after generation
API Call Logs	Retained for 30 days for debugging and monitoring
Account Information	Retained while your account is active
Usage Statistics	Retained for 12 months for billing and analytics

We implement industry-standard security measures to protect your data:

• All API communications are encrypted via HTTPS (TLS 1.2+)
• Files are stored encrypted at rest
• API keys are hashed and never transmitted in plaintext
• Passwords are hashed using bcrypt with strong work factors
• Regular security audits and penetration testing
• Role-based access control for internal systems

You have the right to:

• Access your personal data and request a copy
• Request correction of inaccurate personal data
• Request deletion of your account and personal data
• Restrict or object to certain processing activities
• Export your data in a machine-readable format
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

We use only essential cookies necessary for website functionality:

• Session cookies to maintain your authentication status
• CSRF tokens for security
• We do NOT use tracking cookies, analytics cookies, or advertising cookies
• We do NOT share cookie data with third parties

If you have any questions about this privacy policy or our data practices, please contact us at: