Privacy Policy

1. Information We Collect

When you create an account, we collect your email address, display name, and optional company name. When you use the API, we log conversion metadata (timestamps, page counts, file sizes, source type, duration) for billing, debugging, and usage reporting.

For synchronous conversions, we do not store the HTML content you submit or the PDFs generated unless you explicitly enable document hosting. For asynchronous and batch conversions, HTML content is temporarily stored in our database during processing and is automatically deleted once the conversion completes or fails.

2. How We Use Your Data

Your data is used to operate the service, process billing, enforce usage limits, send transactional emails (account confirmations, password resets), and improve reliability. We never sell your data to third parties.

3. Cookies

We use cookies solely to maintain your authentication session when you are logged into the dashboard. These are encrypted session cookies managed by Supabase Auth. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

4. Hosted Documents

PDFs you choose to host are stored in encrypted cloud storage (Supabase Storage). They are accessible only via private, unguessable URLs and any access controls you configure (passwords, download limits, expiration dates). We track download counts and timestamps for each hosted document, but do not collect IP addresses or user agents of downloaders.

When a hosted document expires or is deactivated by you, the download link immediately stops working. The file is permanently removed from storage within 30 days of expiration or deactivation.

5. Third-Party Services

We use the following third-party services, each of which processes only the minimum data needed for their function:

• Supabase — authentication, database, and file storage
• Stripe — payment processing and usage-based billing
• Sentry — error monitoring (when enabled)

See their respective privacy policies for details on how they handle data.

6. Data Retention

Account data is retained while your account is active. Conversion records (metadata such as timestamps, page counts, status, and duration) are retained for billing reconciliation and audit purposes. Hosted document files are permanently deleted 30 days after expiration or deactivation. You can request full account deletion by contacting support.

7. Security

All data is encrypted in transit (TLS) and at rest. API keys are stored as bcrypt hashes — we never store your raw API key after creation. Hosted document passwords are also stored as bcrypt hashes. PDF encryption uses AES-256 when enabled. We follow industry-standard security practices.

8. Your Rights

You may request access to, correction of, or deletion of your personal data at any time. You can deactivate hosted documents and revoke API keys directly from the dashboard. For full account deletion or data export requests, contact us at the address below.

9. Contact

For privacy questions or data requests, email us at support@pdfrelay.com.