Data Security Policy
At PDFTEQ, security is not an afterthought; it is our core architecture.
We utilize Client-Side Processing to ensure zero data leakage.
This Data Security Policy explains the technical and organizational measures we use to protect your files and personal information when you use our website and services.
1. Our Security Commitment
We are committed to ensuring the confidentiality, integrity, and availability of user data. Our systems are designed on a "Privacy by Design" principle, minimizing data collection at every step.
2. Secure Data Transmission (TLS 1.3)
All connections to and from PDFTEQ are protected using banking-grade encryption.
- Encryption in Transit: Data transferred between your device and our website is encrypted using TLS 1.2 or 1.3.
- HSTS Enforced: We force browsers to interact with PDFTEQ only over secure HTTPS connections, preventing downgrade attacks.
- Protection: Your session is protected against Man-in-the-Middle (MITM) attacks.
3. Volatile Memory Processing (No Storage)
Unlike traditional PDF tools, PDFTEQ operates on a Serverless / Client-Side Architecture.
- No Uploads: Files are processed within your browser's memory (WebAssembly). They are NOT uploaded to a remote server's hard drive.
- Instant Wipe: Since files exist only in your device's RAM, closing the tab or refreshing the page instantly destroys the data.
- Zero Retention: We do not have a database of user documents. We cannot recover your files because we never held them.
4. No Human Access
Because of our decentralized architecture:
- No employees can open, read, or review your files (as they are not on our servers).
- No third parties can inspect your content.
- Access to our web hosting infrastructure is strictly controlled via MFA (Multi-Factor Authentication).
5. Infrastructure Security
While we don't store files, we secure the platform that delivers the tools:
- Firewalls: We use Cloudflare WAF to block malicious traffic and DDoS attacks.
- CSP Headers: Content Security Policy headers are implemented to prevent Cross-Site Scripting (XSS).
- Regular Updates: Our underlying libraries (PDF-Lib, Bootstrap) are patched regularly to fix vulnerabilities.
6. Financial Data Policy
Currently, PDFTEQ is a Free Service. We do not collect credit card numbers, bank details, or payment information. If we introduce paid features in the future, all payments will be handled by PCI-DSS compliant providers (like Stripe or PayPal).
7. Data Breach Response
In the unlikely event of a security incident affecting our website infrastructure:
- We will identify and patch the vulnerability immediately.
- We will notify users via a public announcement if any metadata (like IP logs) was compromised.
- Note: Since we do not store documents, a server breach cannot leak your PDF files.
8. User Responsibilities
Security is a shared responsibility:
- Ensure your browser is up to date to support the latest WebAssembly security features.
- Do not use public Wi-Fi without a VPN when processing sensitive legal documents.
9. Contact Us
If you have any questions about this Data Security Policy, please contact our Engineering Team:
Email: support@pdfteq.com
Security Specs
We use the latest transport layer security to encrypt the handshake between your device and our site.
Files are processed in RAM (Volatile Memory). No HDD/SSD storage is used for user documents.
We do not log file names, document content, or metadata in our server databases.