COMPLIANCE FRAMEWORK

GDPR & Privacy Policy

Transparency, Control, and Security. Detailed protocols on how we handle data.

Last Updated: 01 May 2026

Notice: This page provides PDFTEQ’s complete GDPR compliance framework, privacy practices, and user rights. This content is for informational purposes.

1. Data Controller Information

PDFTEQ is the data controller responsible for processing personal data under this policy.

2. Personal Data We Collect

We adhere to the principle of data minimization. We only collect:

  • Contact Data: Name and email address (only if you contact support).
  • Technical Data: IP address, browser type, and device information (Server Logs).
  • Temporary Files: Uploaded files are processed in browser memory (RAM) or ephemerally on our secure servers, and are not persistently stored.
  • Cookies: Session cookies for functionality and analytical cookies for traffic monitoring.

3. Legal Basis for Processing

  • User Consent: For cookies and voluntary communication.
  • Contractual Necessity: To provide the PDF processing service you requested.
  • Legitimate Interests: To ensure network security, prevent fraud, and improve system performance.

4. How We Use Your Data

  • To execute PDF operations (Merge, Split, Convert) requested by you.
  • To respond to your support inquiries.
  • To monitor platform stability and prevent DDoS attacks.
  • To comply with legal obligations.

5. File Handling Architecture

Hybrid Privacy Guarantee

Our "Sigma-Engine" uses WebAssembly for local processing (Zero Uploads) for most tools. When server processing is required for format conversions, we enforce a strict Zero Retention Protocol. Files are permanently wiped from our hosted servers immediately after processing, ensuring your PII (Personally Identifiable Information) is never stored.

6. Cookies Policy

We use cookies to manage sessions and analyze traffic. We do not use tracking cookies for intrusive advertising.

You may disable cookies via your browser settings at any time, though some site features may degrade.

7. Your Rights Under GDPR

As an EU resident (and by extension to all our users), you have the right to:

  • Access: Request a copy of data we hold about you.
  • Rectification: Correct inaccurate data.
  • Erasure: Request deletion of your data ("Right to be Forgotten").
  • Restriction: Limit how we process your data.
  • Portability: Receive your data in a structured format.
  • Objection: Object to processing based on legitimate interests.

To exercise these rights, email:

8. Data Security Measures

  • Encryption: All data in transit is encrypted via TLS/SSL (HTTPS).
  • Access Control: Strict internal access controls for server logs.
  • Ephemeral Processing: Files are cleared from memory or permanently wiped from servers immediately after processing.

9. Third-Party Processors

We use trusted infrastructure providers (e.g., Hosting, Analytics). All third parties are vetted for GDPR compliance and process data only under strict contractual terms.

10. Data Retention Periods

  • Temporary Files: Cleared instantly upon page close or automatically purged from servers within 30 minutes.
  • Support Emails: Retained for up to 12 months for context.
  • Server Logs: Retained for 90 days for security auditing.

GDPR Compliance Checklist

Operational verification for Data Controllers

Conduct information audit
Document processing activities
Define lawful basis
Implement SSL Encryption
Data protection by design
Employee security training
Enable access requests
Enable erasure requests
Secure international transfers
Breach response plan
Regular compliance reviews
Legal Disclaimer: This policy and checklist are provided for general informational purposes only and do not constitute legal advice. Requirements may vary by jurisdiction.

Quick Help

Questions about GST 2.0 calculations, file security, or access limits? Find answers in our database.

Browse FAQ Database