PDF Privacy Policy (GDPR‑Compliant)

Understand how we protect your documents and data. Our simple, transparent privacy policy ensures your client work stays secure. GDPR-compliant protection for freelancers and small teams.

Last updated: August 25, 2025

1. Introduction

PDFTrackr's privacy policy ensures your documents and data remain secure when sharing PDFs online. Our GDPR-compliant platform protects your privacy while providing powerful PDF analytics and tracking features. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our PDF sharing and analytics platform. For more information about our tracking capabilities, see our PDF tracking guide and FAQ page.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

Account information (email, name) when you create an account
PDF files you upload to our platform
Communication data when you contact us for support
Payment information (if applicable for future paid plans)

2.2 Automatically Collected Information

We automatically collect certain information when you use our service:

Device information (browser type, operating system, device type)
Usage data (pages visited, time spent, features used)
IP address (anonymized for analytics)
Geographic location (country level only)
Referrer information (how you found our site)

2.3 Google Analytics Data

We use Google Analytics 4 (GA4) to collect website usage data. Google Analytics collects:

Page views and navigation patterns
Time spent on pages
Geographic location (country level)
Device and browser information
User interactions (clicks, form submissions)

Important: Google Analytics data is collected only after you provide explicit consent. You can withdraw consent at any time.

3. How We Use Your Information

We use the collected information for the following purposes:

Service Provision: To provide, maintain, and improve our PDF sharing and analytics services
Analytics: To analyze usage patterns and improve user experience
Security: To detect and prevent fraud, abuse, and security threats
Communication: To respond to your inquiries and provide customer support
Legal Compliance: To comply with applicable laws and regulations

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on the following legal grounds:

Consent: For analytics and marketing purposes (you can withdraw at any time)
Contract Performance: To provide our services as agreed
Legitimate Interest: To improve our services and ensure security
Legal Obligation: To comply with applicable laws

5. Data Sharing and Third Parties

5.1 Google Analytics

We use Google Analytics, a service provided by Google LLC. Google Analytics processes data in accordance with their Privacy Policy. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

5.2 Service Providers

We may share data with trusted service providers who assist us in operating our platform:

Cloud storage providers (DigitalOcean Spaces)
Authentication services (Clerk)
Email service providers
Security and virus scanning services

5.3 Legal Requirements

We may disclose your information if required by law or to protect our rights, property, or safety.

6. Data Retention

We retain your data for the following periods. Our automated data retention system ensures compliance:

Account Data: Until you delete your account or request deletion
PDF Files: Until you delete them or your account is deleted
Analytics Data: 26 months (Google Analytics default), automatically deleted
Session Data: 30 days, automatically deleted
Email Captures: 12 months, automatically deleted
Log Data: 30 days for security and debugging purposes
Orphaned Files: 90 days after user deletion, automatically cleaned up
Legal Records: As required by applicable laws

Our automated cleanup job runs daily to ensure expired data is permanently deleted from our systems.

7. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including:

Standard Contractual Clauses (SCCs) for EU data transfers
Adequacy decisions where applicable
Other appropriate safeguards as required by law

8. Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have the following rights:

Right of Access: Request a copy of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing: Request limitation of data processing
Right to Data Portability: Request transfer of your data to another service
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent for analytics at any time

9. How to Exercise Your Rights

You can exercise your rights in several ways:

Online Form: Use our Data Rights Request Form to:
- Access your data: Get a complete copy of all personal data we hold about you
- Rectify your data: Update your profile information (name, email)
- Delete your data: Permanently delete your account and all associated data
- Export your data: Download your data in machine-readable format
Use our Data Rights Request Form
Postal Address: [Your Business Address]

We will respond to your request within 30 days. For deletion requests, your account will be permanently removed immediately upon confirmation. You also have the right to lodge a complaint with your local data protection authority.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

Secure cloud storage with private access controls
TLS/SSL encryption for all data in transit
Regular security assessments and updates
Access controls and authentication
Virus scanning for uploaded files
Secure data centers and infrastructure

11. Cookies and Tracking Technologies

We use cookies and similar technologies for:

Essential Cookies: Required for basic site functionality
Analytics Cookies: Google Analytics (with consent)
Preference Cookies: Remember your settings and choices

You can manage cookie preferences through your browser settings or our consent banner.

12. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

14. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Use our Data Rights Request Form
Postal Address: [Your Business Address]

15. Supervisory Authority

If you are in the EEA and have concerns about our data processing, you have the right to lodge a complaint with your local data protection authority. You can find your authority's contact information at: https://edpb.europa.eu/about-edpb/board/members_en