Privacy & Data Stewardship Policy

1. Introduction

pdfjuggler.com offers browser-first PDF utilities—including our merge PDF tool, split PDF feature, Remove Pages tool, Repair PDF flow, Rotate PDF tool, Redact PDF workspace, OCR PDF pipeline, compression modules, format converters, Edit PDF workspace, and signing assistant—designed for fast results without forcing you to open an account. Most actions run locally in your browser, while tasks that require server-side rendering are executed through short-lived jobs on Vercel infrastructure. To help you navigate every option, we maintain a curated tools overview, an evolving FAQ for PDF tasks, and references to our Terms & Conditions and Legal Disclaimer so you can see how operational commitments align across the site. Our privacy program is built around three simple principles: - Keep processing as close to the user as possible so that PDFs remain on the originating device whenever feasible. - Collect only the telemetry needed to stabilize features, detect abuse, and report aggregated usage, without retaining identifiable histories. - Communicate changes in plain language so readers can match the words on this page with what the product actually does. The sections below explain the data life cycle, the partners who support pdfjuggler.com, and the controls available to you.

2. Data Controller & How to Reach Us

pdfjuggler.com is operated by a small remote team responsible for the personal data described in this policy. You can request clarification, raise objections, or lodge rights requests by emailing hello@pdfjuggler.com. If you prefer web forms, submit your message via our contact page, and we will route it to the privacy lead who coordinates compliance with applicable data protection laws. We typically acknowledge requests within two business days and deliver a substantive response within one calendar month.

3. Data Types We Handle

3.1 Uploaded PDF Files and Generated Outputs

Uploaded PDFs are processed solely to execute the task you request, whether you are merging documents, extracting chapters, compressing heavy scans, or applying OCR to image-based pages. Wherever possible we stream work inside your browser so your content never leaves the device. When a server-side tool is necessary—for example, to combine large files or invoke a specialized engine—we create an encrypted temporary container, store the working file in volatile storage, and delete both input and output automatically once the job is marked complete. We do not inspect file contents for marketing, profiling, or unrelated analytics. Our staff can only access files when you explicitly grant support access to troubleshoot a failure, and any manual retrieval is logged and expires within a few hours. Key safeguards include: - Job containers are isolated per request, preventing other users from reading or interfering with your PDFs. - File names are randomized and truncated in logs so they cannot be tied back to individuals. - Download URLs are signed and time-limited to reduce exposure if someone intercepts a link.

3.2 Technical Diagnostics and Minimal Logs

We capture basic diagnostics to keep the service stable, such as anonymized error traces, timing metrics, selected feature flags, and aggregated counts of tool usage. Logs omit document names, textual content, or account identifiers because we do not operate user accounts. Instead, we rely on randomized request identifiers so we can stitch together a single incident report without storing personal profiles. In practice, this means we can replay failing operations, monitor performance, and detect abuse without maintaining a persistent history of your workflow. When you contact support, we may temporarily associate an email thread with a request identifier to follow up, and we detach that reference after the issue is resolved. Diagnostics are structured so that: - IP addresses are shortened or hashed to minimize personal exposure while still flagging bot traffic. - Retention timers ensure troubleshooting data disappears after the relevant maintenance window closes. - Only senior engineers with production access can view raw logs, and their activity is audited.

3.3 Voluntary Sharing and Link Generation

Certain tools let you create a temporary download link so colleagues can retrieve a processed PDF. These share links are random strings that expire automatically within a short retention window, and they inherit the same deletion schedule as the files they reference. We log only the fact that a link was created, the tool that produced it, and non-identifying metadata such as file size brackets to understand bandwidth demand. If you disable sharing in the interface, no outbound link is produced, and nothing is transmitted beyond the processing that has already occurred. Recipients who open an expired link see a notice encouraging them to rerun the workflow.

3.4 Local Storage, Cookies, and Similar Technologies

We use browser storage sparingly to remember settings like preferred compression strength, the last page range you selected, or whether you dismissed contextual tips. These preferences stay on your device and are never uploaded to our servers. Optional cookies from Vercel Analytics or Google AdSense may set anonymous identifiers on your browser to measure visits and deliver contextual advertising; you can manage those choices through your browser controls or through consent prompts when they appear. We do not run cross-site tracking beacons, fingerprinting scripts, or other invasive techniques. If you clear storage or block cookies: - Tool defaults revert to standard values, but the core editing experience continues to function. - Previously hidden announcements may reappear so you do not miss important updates. - Consent choices refresh, giving you a new opportunity to opt in or decline optional technologies.

4. Why We Process Data and Legal Bases

We process data to deliver the PDF tooling you actively invoke, to diagnose stability issues, to secure the platform against abuse, and to comply with law. Under the General Data Protection Regulation (GDPR), these activities rely on the legal bases of performance of a contract when we provide the requested tool, legitimate interest when we improve resiliency and security, and consent when optional analytics cookies load. For California users, the California Consumer Privacy Act (CCPA) applies, and we confirm that we do not sell personal information or use it for cross-context behavioral advertising. Any future change in purpose will be announced before it takes effect, and you may opt out of optional processing at any time. For deeper legal context, review the service commitments described in our Terms & Conditions, which operate alongside this policy.

5. Retention and Deletion Timelines

Files processed entirely in your browser never reach our infrastructure, so deletion is instant because nothing is stored. For server-assisted workflows, the default retention is measured in minutes: input files, intermediate artifacts, and generated outputs are purged automatically after the job finishes unless you explicitly generate a share link. Shared results follow the expiry schedule displayed next to the link and are removed no later than 24 hours after creation. Diagnostics logs rotate on a rolling basis and usually age out within 30 days, unless we must preserve specific entries to investigate security threats. We do not keep backups of user files, and we do not rebuild deleted documents from analytics data. If a regulator or court orders us to retain certain records, we limit the scope to what the law requires and destroy the data as soon as we are legally permitted.

6. Technical and Organizational Security Measures

Security is embedded in every layer of pdfjuggler.com. Traffic is encrypted with HTTPS using modern TLS configurations, and uploads are restricted to signed URLs that limit how long an object can exist. Serverless functions execute inside isolated environments with read-only code bundles, ensuring that each job operates on a minimal privilege set. At rest, temporary artifacts use provider-managed encryption keys, and we enforce strict deletion policies so no stale copies remain. Internally, we maintain role-based access controls, security training, and peer review on code that handles file operations. Regular dependency audits, automated vulnerability scanning, and incident response playbooks allow us to respond quickly if we detect anomalies. Organizational measures complement the technical safeguards: - Access reviews occur quarterly to confirm only necessary personnel hold production credentials. - We document threat models for new features and verify that mitigations align with published commitments. - Incident simulations help the team practice coordinated responses across engineering, product, and support.

7. Third-Party Processors and Integrations

We rely on reputable partners to run core infrastructure. Vercel hosts our frontend, serves static assets, and orchestrates edge functions. When a job needs more compute power, we temporarily hand it to Google Cloud Run or Cloud Storage, where data resides in encrypted buckets until the task ends. Optional AI-assisted features may send limited text snippets to external APIs strictly for the requested transformation; we disclose the provider within the interface before you activate the option. Each partner is bound by data processing agreements that restrict use of your information to the services we request. We do not grant third parties the ability to mine your documents for unrelated purposes, and we audit their compliance commitments on a recurring schedule.

8. Analytics, Metrics, and Advertising

We use Vercel Analytics to understand aggregate usage patterns, such as which tools are popular or when performance dips. The data we receive is high level and does not contain document content or personal identifiers. Google AdSense delivers contextual advertisements that help keep the service free; the platform uses cookies to prevent fraud and frequency-cap ads. You can manage preferences through the consent banner or by adjusting browser settings. We do not combine analytics datasets with diagnostic logs, and we do not create audience segments or behavioral profiles. If you decline analytics or advertising cookies, the core tools still operate in full, although some tutorials or offers may rely on cookie status to avoid showing irrelevant prompts.

9. International Data Transfers

Our servers may process data in the European Union, the United States, or other regions supported by Vercel and Google Cloud. Whenever data moves across borders, we rely on safeguards such as Standard Contractual Clauses and provider-specific transfer impact assessments. These measures ensure that your rights travel with your data. We evaluate geopolitical and legal developments regularly and will switch regions or add supplementary protections if a destination no longer offers an adequate level of protection. You can contact us for the most recent list of processing locations, and we will share summaries of the assessments that inform our choices.

10. Your Privacy Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, port, or restrict processing of personal data. Because we operate without user accounts, exercising these rights usually involves supplying a request identifier, the approximate time of use, and the tool you invoked so we can locate relevant logs or temporary files. We respond to verified requests within one calendar month, or sooner where local law requires. You can also object to optional analytics, withdraw consent for advertising cookies, or ask us to prioritize local-only processing when technically feasible. If you believe we have not addressed your concerns, you may lodge a complaint with your supervisory authority. When you submit a request, please: - Describe the action you want us to take (for example, deletion or access) and the tools you were using. - Share any diagnostic details you received, such as error codes, so we can find the relevant log entries. - Confirm you are the rightful user of the device or data to prevent unauthorized disclosures.

11. Children's Privacy

pdfjuggler.com is not directed to children under 13 years old, and we do not knowingly collect data from them. If a minor nonetheless submits a file, the automatic deletion controls described above remove it shortly after processing. Parents or guardians who believe a child has interacted with the service may contact us so we can remove any residual logs linked to that activity. We also encourage educators to review our FAQ for PDF tasks and tools overview to verify that pdfjuggler.com remains appropriate for classroom use before assigning it to students.

12. Changes to This Policy

We will update this policy when we launch new tools, expand infrastructure, or refine our governance practices. Significant revisions will appear on this page, and we will highlight them in release notes or banners across relevant interfaces. The top of the document always shows the effective date, and prior versions are available on request so you can compare commitments over time. We encourage you to revisit the policy after major announcements on our blog, in the FAQ for PDF tasks, or within release notes attached to the tools overview.