Privacy Policy
Last updated: February 3, 2026
Introduction
PDFSub ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our service.
Key Point: Privacy is our top priority. Many of our PDF tools process files entirely in your web browser, while others use secure server-side processing for advanced features like AI analysis and document conversions. Regardless of the method, we protect your data with encryption, automatic deletion after processing, and strict access controls. Pro and Business subscribers can optionally save output files to encrypted cloud storage. You always control what happens to your files.
Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Name (if provided)
- Authentication method used (email/Google)
Usage Information
We track aggregate usage to manage your account:
- Number of pages converted (count only, not content)
- Subscription status and purchase history
- Last login date
Technical Information
We automatically collect:
- IP address
- Browser type and version
- Device type
- Pages visited on our site
How We Handle Your Files
Browser-based tools: Many tools (merge, split, rotate, reorder, compress, watermark, PDF to image, image to PDF, password protection) process files entirely in your browser using JavaScript. For these tools, your files are never uploaded to our servers.
Server-processed tools: Some features require server-side processing for optimal results. These include: Word/Excel/PowerPoint conversions, HTML to PDF, AI-powered tools (OCR, summarization, translation, chat, data extraction), and financial document analysis. For these tools:
- Files are encrypted in transit using TLS
- Processing occurs in isolated, secure environments
- Files are automatically deleted after processing (typically within 1 hour)
- We do not access, review, or share your document contents
Output files: For free and one-time purchase plans, output files are downloaded directly—we do not store them. Pro and Business subscribers have the option to save files to our encrypted cloud storage for convenient access. Stored files are retained according to your plan's data retention period (30-365 days depending on plan) and can be deleted at any time.
What we track: We record conversion metadata (file name, page count, date) to manage your usage allowance, but we do not access or analyze the contents of your documents.
How We Use Your Information
We use the information we collect to:
- Provide and maintain our service
- Process your payments and manage subscriptions
- Send you service-related communications
- Respond to your support requests
- Improve our service
- Comply with legal obligations
Data Sharing
We do not sell your personal information. We may share data with:
- Stripe: For payment processing
- SendGrid: For email delivery
- CloudFlare: For website security and performance
These providers are bound by their own privacy policies and data processing agreements.
Third-Party Cloud Storage (Optional)
Pro and Business subscribers may optionally connect their Google Drive or Dropbox accounts. If you choose to use these integrations:
- Google Drive: We use Google's OAuth 2.0 to authenticate and access files you explicitly select. We request limited permissions to read and write only the files you choose. See Google's Privacy Policy.
- Dropbox: We use Dropbox's OAuth 2.0 to authenticate and access files you explicitly select via the Dropbox Chooser. We only access files you choose to share with us. See Dropbox's Privacy Policy.
What we store: When you connect a cloud provider, we securely store OAuth tokens (encrypted) to maintain your connection. We also store basic account information (email, display name) for display purposes. We do not store copies of files from your cloud storage unless you explicitly save them to PDFSub Cloud Storage.
Disconnecting: You can disconnect your Google Drive or Dropbox account at any time from your account settings. This immediately revokes our access and deletes all stored tokens and account information for that provider.
Data Retention
We retain your account information for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes.
Your Rights (GDPR)
If you are in the European Economic Area, you have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your data
- Object to processing of your data
- Request data portability
- Withdraw consent at any time
Your Rights (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect
- Request deletion of your personal information
- Opt-out of the sale of personal information (we do not sell)
- Non-discrimination for exercising your rights
Account Deletion
You can delete your account at any time from your account settings. When you delete your account:
- Your personal data will be deleted within 30 days
- Your conversion history will be permanently removed
- Any unused credits will be forfeited
- Active subscriptions will be cancelled
Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit (HTTPS)
- Secure authentication methods
- Regular security audits
- Limited employee access to data
Cookies
We use cookies for essential functionality and analytics. See our Cookie Policy for details.
Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.
Contact Us
If you have questions about this privacy policy or your data, please contact us.