COMPLIANCE FRAMEWORK

GDPR & Privacy Policy

Transparency, Control, and Security. Detailed protocols on how we handle data.

Last Updated: 29 Jan 2026

Notice: This page provides PDFTEQ’s complete GDPR compliance framework, privacy practices, and user rights. This content is for informational purposes.

1. Data Controller Information

PDFTEQ is the data controller responsible for processing personal data under this policy.

2. Personal Data We Collect

We adhere to the principle of data minimization. We only collect:

  • Contact Data: Name and email address (only if you contact support).
  • Technical Data: IP address, browser type, and device information (Server Logs).
  • Temporary Files: Uploaded files are processed in browser memory (RAM) and are not persistently stored on our servers.
  • Cookies: Session cookies for functionality and analytical cookies for traffic monitoring.

3. Legal Basis for Processing

  • User Consent: For cookies and voluntary communication.
  • Contractual Necessity: To provide the PDF processing service you requested.
  • Legitimate Interests: To ensure network security, prevent fraud, and improve system performance.

4. How We Use Your Data

  • To execute PDF operations (Merge, Split, Convert) requested by you.
  • To respond to your support inquiries.
  • To monitor platform stability and prevent DDoS attacks.
  • To comply with legal obligations.

5. File Handling Architecture

Client-Side Guarantee

Our "Sigma-Engine" processes files using WebAssembly. This means the heavy lifting happens on your device. Files are technically "read" by the browser but are not "uploaded" to a permanent storage database.

6. Cookies Policy

We use cookies to manage sessions and analyze traffic. We do not use tracking cookies for intrusive advertising.

You may disable cookies via your browser settings at any time, though some site features may degrade.

7. Your Rights Under GDPR

As an EU resident (and by extension to all our users), you have the right to:

  • Access: Request a copy of data we hold about you.
  • Rectification: Correct inaccurate data.
  • Erasure: Request deletion of your data ("Right to be Forgotten").
  • Restriction: Limit how we process your data.
  • Portability: Receive your data in a structured format.
  • Objection: Object to processing based on legitimate interests.

To exercise these rights, email:

8. Data Security Measures

  • Encryption: All data in transit is encrypted via TLS/SSL (HTTPS).
  • Access Control: Strict internal access controls for server logs.
  • Ephemeral Processing: Files are cleared from memory immediately after processing.

9. Third-Party Processors

We use trusted infrastructure providers (e.g., Hosting, Analytics). All third parties are vetted for GDPR compliance and process data only under strict contractual terms.

10. Data Retention Periods

  • Browser Memory (Files): Cleared instantly upon page refresh/close.
  • Support Emails: Retained for up to 12 months for context.
  • Server Logs: Retained for 90 days for security auditing.

GDPR Compliance Checklist

Operational verification for Data Controllers

Conduct information audit
Document processing activities
Define lawful basis
Implement SSL Encryption
Data protection by design
Employee security training
Enable access requests
Enable erasure requests
Secure international transfers
Breach response plan
Regular compliance reviews
Legal Disclaimer: This policy and checklist are provided for general informational purposes only and do not constitute legal advice. Requirements may vary by jurisdiction.

Quick Help

Most questions regarding file security, limits, and student access are answered in our FAQ.

Browse FAQ Database