Privacy Policy

PDFCraft is committed to safeguarding the privacy of users of our website (https://pdfcraft.net) and our mobile application, PDF Converter (com.pdf.converter.pdfeditor) (collectively, the “Services”). This Privacy Policy (the “Policy”) delineates the manner in which PDFCraft collects, uses, stores, discloses, and protects your personal and non-personal data in compliance with applicable laws, including the laws of the United Arab Emirates (UAE), the General Data Protection Regulation (GDPR) of the European Union, and the California Consumer Privacy Act (CCPA). By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree, please refrain from using our Services.

This Policy should be read in conjunction with our Terms of Service, available at https://pdfcraft.net/terms.

1. Definitions

For clarity and consistency, the following terms used in this Policy have the meanings ascribed below:

• You or User: The individual or legal entity accessing or using the Services, referred to as the “Data Subject” under GDPR or “Consumer” under CCPA.
• Company, We, Us, or Our: PDFCraft, a legal entity operating under the laws of the UAE, acting as the Data Controller under GDPR.
• Personal Data: Any information relating to an identified or identifiable natural person, as defined under GDPR and CCPA.
• Non-Personal Data: Aggregated or anonymized data that does not identify an individual.
• Service Provider: Any natural or legal person processing data on behalf of PDFCraft, considered a Data Processor under GDPR.
• Usage Data: Data collected automatically through your interaction with the Services, such as device identifiers or IP addresses.
• Third-Party Service: External services integrated with our Services, such as Google Drive, Dropbox, or advertising networks.
• Do Not Track (DNT): A browser setting indicating a user’s preference to opt out of online tracking, as defined by the California Online Privacy Protection Act (CalOPPA).

2. Scope and Application

This Policy applies to all data collected through the Services, including:

• The PDFCraft website (https://pdfcraft.net) and its subdomains.
• The PDF Converter mobile application (com.pdf.converter.pdfeditor) available on iOS and Android devices.

The Services enable users to perform various functions, including but not limited to:

• Converting PDFs to and from formats such as Word, Excel, PowerPoint, and images.
• Compressing, rotating, merging, splitting, protecting, or unlocking PDFs.
• Signing PDFs electronically.
• Scanning documents via the mobile app.
• Integrating with cloud storage services (e.g., Google Drive, Dropbox).

This Policy governs data collected for these purposes and any related activities, such as analytics, advertising, and customer support.

3. Information We Collect

We collect only the data necessary to provide, enhance, secure, and personalize our Services. The categories of data we collect include:

3.1 Files and Metadata

• Uploaded Files: PDF files or other documents you upload for conversion, editing, compression, signing, or scanning. These files are processed solely to fulfill your request and are not accessed beyond what is necessary for the Service.
• Metadata: Technical details associated with uploaded files, such as file size, format, creation date, and processing timestamps.

3.2 Account Information

You may choose to create an account to access additional features such as premium subscriptions or saved file history. Registration can be completed using your email address or by signing in through third-party services (e.g., Google, Facebook).

When you register, we may collect the following information:

• Email address
• Name or profile identifier provided by the third-party service
• Preferred language or region (if available)
• Subscription status and billing information (processed securely via third-party payment providers)

You are not required to register to use the core features of the Services. However, registration is necessary to access premium features.

3.3 Cloud Integration Data

If you integrate with cloud storage services (e.g., Google Drive, Dropbox), we access only the files you explicitly select, with your express consent.

3.4 Device Information

• Hardware Details: Device model, manufacturer, screen size, and density.
• Operating System: OS name, version, and build number.
• Network Information: IP address, carrier name, and country.
• Identifiers: Unique device identifiers (e.g., Identifier for Advertising [IDFA] for iOS, Android Advertising ID).
• Other: Language, time zone, device mute status (for reminder functions).

3.5 Usage Data

• Interaction Data: Information about how you use the Services, including:
  • Pages visited, features accessed (e.g., conversion tools), session duration, and click patterns.
  • Error logs and crash reports for troubleshooting.
• Analytics: Collected via third-party tools (e.g., Google Analytics, Firebase, Adjust, Fabric) for usage trends, A/B testing, and performance optimization.

3.6 Cookies and Tracking Technologies (Website Only)

• Essential Cookies: Required for core functionality, such as session management and authentication.
• Analytics Cookies: Track user behavior to improve the website (e.g., Google Analytics).
• Advertising Cookies: Enable personalized ads (e.g., Google AdSense, if applicable).
• Other Technologies: Pixels or beacons for tracking engagement.

3.7 Advertising Identifiers (Mobile App Only)

Non-permanent identifiers (e.g., IDFA, Android Advertising ID) used for personalized advertising in the mobile app, if enabled.

3.8 Exclusions

We do not collect sensitive data, including health, financial, medical, or classified information. We strongly recommend against uploading such content to our Services.

4. How We Use Your Information

We process your data for the following purposes:

• Service Delivery: To process your files for conversion, editing, compression, signing, scanning, or cloud integration.
• Customer Support: To respond to inquiries and manage user requests.
• Service Improvement: To analyze usage patterns, troubleshoot issues, and optimize features via analytics tools (e.g., Google Analytics, Firebase, Adjust).
• Personalized Advertising: To deliver targeted ads in the mobile app using advertising identifiers (if applicable).
• Communications: To send updates, security alerts, or promotional materials (with an opt-out option for marketing).
• Security: To detect and prevent fraud, unauthorized access, or security breaches.
• Legal Compliance: To comply with applicable laws, including UAE data protection regulations, GDPR, CCPA, and other jurisdictional requirements.

5. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance user experience, analyze performance, and deliver relevant advertisements.

• Essential Cookies: Enable core functionality such as secure login, session management, and load balancing.
• Analytics Cookies: Help us understand how users interact with the website (e.g., Google Analytics).
• Advertising Cookies: Enable interest-based advertising through platforms like Google AdSense and other advertising partners.

You can manage your cookie preferences through your browser settings or our cookie consent banner displayed upon first visit. Please note that disabling certain cookies may limit the functionality of the Services.

In the mobile app, you can opt out of personalized advertising through device settings:

• iOS: Enable “Limit Ad Tracking”
• Android: Select “Opt Out of Ads Personalization”

Some third-party partners may also use tracking technologies (e.g., pixels, SDKs) for analytics and advertising. For details on third-party tracking, refer to their privacy policies (e.g., Google: https://policies.google.com/privacy).

6. Data Storage and Security

We prioritize the security of your data through robust measures:

• Temporary File Storage: Uploaded files are automatically deleted within 2 hours of processing completion.
• Encryption:
  • SSL/TLS (Transport Layer Security) for data transmission.
  • AES-256 for data at rest, where applicable.
• Server Security: Data is hosted on secure facilities (e.g., AWS) with restricted access, firewalls, and regular audits.
• Vulnerability Management: Periodic vulnerability scanning and penetration testing.
• Data Integrity: Controls to prevent unauthorized alterations.
• Impact Assessments: Regular data protection impact assessments to ensure compliance.

While we employ commercially reasonable safeguards, no method of transmission or storage is entirely secure. We cannot guarantee absolute security but strive to protect your data to the fullest extent possible.

7. Sharing Your Information

We do not share your data with third parties except as outlined below:

• Cloud Integrations: Google Drive or Dropbox, with your explicit consent.
• Service Providers: Third parties processing data on our behalf:
  • Analytics: Google Analytics, Firebase, Adjust, Fabric.
  • Advertising: Google AdMob, AppLovin, Chartboost, Amazon Publisher Services, InMobi, and others (see Section 8).
  • Payments: Paddle – (https://www.paddle.com/legal/privacy) – our payment and merchant of record provider, responsible for processing subscriptions, handling invoices, and managing tax compliance (e.g., VAT).
  • Cloud Infrastructure: AWS for secure storage and file processing.

These providers are contractually obligated to protect your data and comply with applicable privacy regulations.

8. Advertising Networks

Our mobile app may serve personalized ads through third-party advertising networks, which may collect device identifiers (e.g., IDFA, Android Advertising ID), IP addresses, and usage data for ad delivery and optimization. Below is a comprehensive list of key ad networks and their privacy policies:

Important: We do not share your uploaded files or account personal data with advertisers.

You may opt out of personalized ads via:

• Device settings:
  • iOS: “Limit Ad Tracking”
  • Android: “Opt Out of Ads Personalization”
• Individual ad network opt-out links (see table above)

Under the California Consumer Privacy Act (CCPA), data sharing by ad networks may be considered a “sale” of personal information. If you are a California resident and wish to opt out of such processing, please contact us at support@pdfcraft.net.

9. International Data Transfers

PDFCraft processes and stores data using third-party cloud service providers (e.g., Amazon Web Services) with data centers located in various countries, including the United States and European Union member states. Your personal data may therefore be transferred to and processed in jurisdictions outside your country of residence.

We take appropriate measures to ensure that such transfers comply with applicable data protection laws, including:

• The General Data Protection Regulation (GDPR), using safeguards such as Standard Contractual Clauses (SCCs) where required.
• The California Consumer Privacy Act (CCPA), for users residing in California.

By using our Services, you acknowledge and agree that your information may be transferred to, stored in, and processed in countries that may have different data protection standards than your home jurisdiction.

10. Your Rights

You have specific rights regarding your Personal Data, depending on your jurisdiction:

10.1 GDPR Rights (EU/EEA Residents)

• Access: Request a copy of your Personal Data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data when no longer necessary.
• Restriction: Limit processing in certain circumstances.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Data Portability: Receive your data in a structured, machine-readable format.
• Withdraw Consent: Revoke consent for processing (e.g., marketing emails).

To exercise these rights, contact support@pdfcraft.net. We will respond within 30 days. You may also lodge a complaint with your local Data Protection Authority (e.g., the Information Commissioner’s Office in the UK).

10.2 CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request details about your data and third-party sharing.
• Right to Access: Obtain a copy of your Personal Data from the last 12 months.
• Right to Delete: Request deletion of your data.
• Right to Opt-Out: Opt out of the “sale” of Personal Data.
• Right to Non-Discrimination: No discrimination for exercising your rights.

To exercise these rights, contact support@pdfcraft.net. We will respond within 45 days.

10.3 Other Jurisdictions

Residents outside the EU or California may have rights under their local data protection laws. Contact support@pdfcraft.net.

11. Data Retention

We retain your data only as long as necessary for the purposes outlined in this Policy:

• Uploaded Files: Deleted within 2 hours of processing completion.
• Usage Data: Retained in anonymized form for up to 24 months.
• Support Requests: Deleted after 24 months unless legally required.
• Logs: IP addresses and session logs retained for up to 12 months.
• Advertising Data: Retained by ad networks as per their policies.

We may retain data longer if required by law (e.g., for tax or legal purposes).

12. Children’s Privacy

Our Services are not intended for individuals under the age of 16 (per GDPR) or 13 (per CCPA and CalOPPA). We do not knowingly collect Personal Data from children. If you are a parent or guardian and believe your child has provided us with data, please contact support@pdfcraft.net to request deletion. We will promptly remove such data from our systems.

California residents under 18 who post content publicly may request its removal by contacting support@pdfcraft.net, though removal may not be comprehensive if shared by others.

13. Third-Party Services

We integrate with third-party services to enhance functionality, analytics, and advertising:

• Cloud Storage: Google Drive (https://policies.google.com/privacy), Dropbox (https://www.dropbox.com/privacy).
• Analytics: Google Analytics, Firebase, Adjust (https://policies.google.com/privacy).
• Advertising: See Section 8 for ad networks.
• Payments: Paddle (https://www.paddle.com/legal/privacy).
• Cloud Infrastructure: AWS (https://aws.amazon.com/privacy).

We are not responsible for the privacy practices of these third parties. We encourage you to review their policies before using their services.

14. Do Not Track (DNT) Signals

Our Services do not currently respond to DNT signals, as no universal standard exists. However, you can manage tracking via:

• Browser settings to disable cookies.
• Device settings to limit ad tracking.
• Opt-out links provided by ad networks (see Section 8).

15. Security Incidents

In the unlikely event of a data breach, we will:

• Notify affected users within 72 hours, as required by GDPR, or as mandated by other laws.
• Take immediate steps to mitigate harm and secure our systems.
• Cooperate with authorities and provide necessary disclosures.

16. Changes to This Privacy Policy

We may update this Policy to reflect changes in our practices, technology, or legal requirements. Updates will be posted on our website with a revised “Last Updated” date. For significant changes, we may notify you via email or through the Services. Your continued use of the Services after updates constitutes acceptance of the revised Policy.

17. Contact Information

If you have questions, concerns, or wish to exercise your data protection rights, please contact our Data Protection Officer at:

• Email: support@pdfcraft.net
• Company: TropiSoft FZ-LLC (operating PDFCraft)
• Legal Address: Business Center 5, Al Nakheel, Ras Al Khaimah, United Arab Emirates

For GDPR-related matters, you may contact your local Data Protection Authority.

For CCPA inquiries, please email us to submit a verifiable request.

We respond to all legitimate privacy-related requests within the timeframe required by applicable laws.

18. Legal Basis for Processing (GDPR)

We process Personal Data based on the following legal bases under the GDPR:

• Consent (Article 6(1)(a)): When you provide explicit consent, such as for personalized advertising or integration with cloud services.
• Contractual Necessity (Article 6(1)(b)): To provide and operate the Services as requested by you.
• Legal Obligation (Article 6(1)(c)): To comply with legal requirements under applicable laws.
• Legitimate Interests (Article 6(1)(f)): To analyze performance, improve the Services, prevent fraud, and ensure security—provided that such interests do not override your fundamental rights and freedoms.

If you would like more information about the legal basis applicable to a specific data processing activity, please contact us.

19. California Privacy Rights (CalOPPA and Business & Professions Code § 22581)

In addition to CCPA rights, California residents have:

• The right to know if their data is shared with third parties for marketing (we do not engage in such sharing outside ad networks).
• For users under 18, the right to request removal of publicly posted content (contact support@pdfcraft.net).

20. Links to Other Websites

Our Services may contain links to third-party websites or services (e.g., Google Drive, Dropbox). We are not responsible for the content, privacy practices, or terms of use of these third-party sites. We encourage you to review their privacy policies before providing any personal information.

By using PDFCraft, you acknowledge that you have read, understood, and agree to this Privacy Policy.