Privacy policy

Last updated: February 13, 2026

1. Privacy-by-design approach

PDFine processes documents on the user device. PDF files are not uploaded to servers for editing.

Product principle: what we do not want for ourselves, we do not want for others.

2. Data controller

Controller: Legal owner of PDFine (see legal notice).

Privacy and data rights contact: [email protected]

If a Data Protection Officer (DPO) is legally required and appointed, their contact channel will be published here.

3. Data processed

Document data: processed locally in the browser to run PDF tools.
Minimal technical data: hosting access logs and aggregated service usage metrics.
No commercial profiling and no sale of personal data.

4. Legal basis (where GDPR or equivalent applies)

Performance of the service requested by the user.
Legitimate interest in security, stability and technical service improvement.
Consent where local law requires it for non-essential analytics/cookies.

5. Analytics

PDFine uses technical aggregated analytics with a data minimization approach. Current settings are oriented to service usage metrics and not to behavioral advertising.

This analytics layer is not intended to learn about any individual user, but to understand overall service use, stability, and adoption.

6. Retention

Local browser data (preferences, cache, IndexedDB) remains on the user device.
Strict confidential mode reduces local persistence when session/browser closes.

7. User environment security

The confidentiality of local processing also depends on the user environment, including the device, browser, operating system, installed extensions, and the user's own security measures.

PDFine cannot guarantee confidentiality when the user's device or browser is compromised by malware, unauthorized access, invasive third-party software, or insecure configurations outside the service.

8. Data subject rights

Where applicable (GDPR, CCPA or equivalent), you may exercise rights of access, rectification, erasure, objection, restriction and portability via the published legal contact channel.

9. International transfers

If any technical provider processes data outside your country, the controller must apply adequate safeguards (standard contractual clauses or another valid transfer mechanism).

10. Supervisory authorities

You may lodge a complaint with the competent data protection authority in your jurisdiction.