Data Security Policy

This Data Security Policy explains the technical and organizational measures we use to protect your files and personal information when you use our website and services.

1. Our Security Commitment

We are committed to ensuring the confidentiality, integrity, and availability of user data. Our systems are designed on a "Privacy by Design" principle, minimizing data collection at every step.

2. Secure Data Transmission (TLS 1.3)

All connections to and from PDFTEQ are protected using banking-grade encryption.

• Encryption in Transit: Data transferred between your device and our website is encrypted using TLS 1.2 or 1.3.
• HSTS Enforced: We force browsers to interact with PDFTEQ only over secure HTTPS connections, preventing downgrade attacks.
• Protection: Your session is protected against Man-in-the-Middle (MITM) attacks.

3. Hybrid Processing & Zero Data Retention

Unlike traditional PDF tools that hoard your data, PDFTEQ operates on a highly secure Hybrid Architecture.

• Local Browser Processing: For structural tools (Merge, Split, Protect), files are processed within your browser's RAM. They never touch our hard drives.
• Ephemeral Server Processing: For heavy conversions (like PDF to Word), files are temporarily processed on our secure hosted servers.
• Zero Retention Policy: We do not have a database of user documents. Files uploaded for conversion are instantly and permanently purged from our servers by automated scripts within minutes of completion. We cannot recover your files because we do not keep them.

4. No Human Access

Because of our decentralized architecture:

• No employees can open, read, or review your files.
• No third parties can inspect your content.
• Access to our web hosting infrastructure is strictly controlled via MFA (Multi-Factor Authentication).

5. Infrastructure Security

While we don't store files permanently, we secure the platform that delivers the tools:

• Firewalls: We use Cloudflare WAF to block malicious traffic and DDoS attacks.
• CSP Headers: Content Security Policy headers are implemented to prevent Cross-Site Scripting (XSS).
• Regular Updates: Our underlying libraries (PDF-Lib, Bootstrap) are patched regularly to fix vulnerabilities.

6. Financial Data Policy

Currently, PDFTEQ is a Free Service. We do not collect credit card numbers, bank details, or payment information. If we introduce paid features in the future, all payments will be handled by PCI-DSS compliant providers (like Stripe or PayPal).

7. Data Breach Response

In the unlikely event of a security incident affecting our website infrastructure:

• We will identify and patch the vulnerability immediately.
• We will notify users via a public announcement if any metadata (like IP logs) was compromised.
• Note: Since we do not persistently store documents, a server breach cannot leak your PDF files.

8. User Responsibilities

Security is a shared responsibility:

• Ensure your browser is up to date to support the latest WebAssembly security features.
• Do not use public Wi-Fi without a VPN when processing sensitive legal documents.

9. Contact Us

If you have any questions about this Data Security Policy, please contact our Engineering Team:

Email: support@pdfteq.com