Legal Document

Privacy Policy

Last Updated: May 1, 2026

Auto-Delete Timer
60 Minutes
Encryption
256-bit SSL
Data Selling
Never
Compliance
GDPR + CCPA + IT Act
Policy Sections
01 File Protection 02 Audit Logs 03 Data Collection 04 Security 05 Cookies 06 Third Party 07 Your Rights 08 Children 09 Legal Compliance 10 Policy Changes 11 Contact Us

1 Strict File Destruction Protocol

At PDF AI, we operate on a strict privacy-first architecture. We act only as a temporary processing conduit for your files — we do not store, analyze, or retain your documents beyond what is operationally necessary.

60-Minute Auto-Wipe Protocol

Every file you upload is automatically and permanently purged from our servers 60 minutes after processing completes. This is a hard-coded system rule — it cannot be overridden by any administrator. Once deleted, recovery is technically impossible.

  • Your Ownership: You remain the sole owner of all uploaded content at all times.
  • No Analysis: We do not read, scan, index, or analyze your document contents.
  • No Mirroring: Files are never copied to backup servers or cold storage.
  • No Rights Claimed: PDF AI claims zero intellectual property rights over your documents.

2 Deletion Audit Logs

To ensure our 60-minute deletion protocol is working correctly and to maintain system integrity, we retain a minimal audit log of each file deletion event. This log is used purely for internal system monitoring — it contains no content from your uploaded files.

What the Audit Log Contains

After your file is deleted, only the following anonymous technical metadata is retained for a limited period for internal security purposes:

Field Stored Example Value Contains File Content?
File Size 142.3 KB No
Deletion Timestamp 2026-05-01 14:32:07 UTC No
Age at Deletion 58.4 minutes No
Storage Folder Type uploads / outputs No
Integrity Hash a3f9c2b1e84d… No
What the Audit Log Does NOT Contain

The audit log never stores your file's actual content, filename, text, images, pages, or any data extracted from inside your document. It is purely an anonymous deletion receipt — like a shredding certificate.

  • Retention: Audit log entries are automatically purged after a limited period and are never retained indefinitely.
  • Access: Logs are accessible only to authorised system administrators. No public access is possible.
  • Purpose: Used solely to verify our deletion process and detect system failures. Never used for profiling, marketing, or sharing with third parties.
  • Integrity: Each log entry includes a hash to detect tampering and ensure audit trail authenticity.

3 Data Collection & Usage

We follow the principle of Data Minimization — we collect only what is strictly necessary to operate the service safely.

  • Server Logs: IP addresses and browser user-agent strings are logged temporarily to detect and block DDoS attacks and automated abuse.
  • Session Data: Temporary session tokens are used to manage your active file processing tasks.
  • Analytics: We use Google Analytics to collect anonymous, aggregated traffic data (pages visited, time on site). No personally identifiable information is collected.
  • Deletion Audit Logs: File metadata (name, size, timestamp, hash) retained for 30 days post-deletion. See Section 2 for full details.
We Do NOT Sell Your Data

Your personal information is never sold, rented, traded, or shared with any third party for commercial or marketing purposes. Period.

4 Infrastructure Security

Your documents are protected by enterprise-grade security standards at every step:

  • 256-bit SSL/TLS Encryption: All data transmitted between your browser and our servers is fully encrypted using the same standard as online banking.
  • Isolated Sandbox Processing: Each file processing task runs in an isolated container environment, ensuring zero cross-contamination between users.
  • No Human Access: Your files are processed entirely by automated systems. No human employee can view your uploaded documents.
  • Secure Infrastructure: Our servers are hosted on hardened cloud infrastructure with regular security audits.
  • Restricted Admin Access: All administrative functions are protected by multiple layers of authentication. No public access to internal systems is possible.
Important Notice

While we implement strong security measures, no system can guarantee 100% security. We recommend not uploading highly confidential documents (e.g., government IDs, passwords) to any online service.

5 Cookie Policy

We use minimal cookies. Here is a complete breakdown:

  • Essential Cookies: Required for the website to function (session management, CSRF protection). Cannot be disabled.
  • Analytics Cookies: Google Analytics cookies to track anonymous usage patterns and improve our tools. You can opt out.
  • Preference Cookies: Remembers your tool settings (e.g., output format preference) during your session only.
How to Manage Cookies

You can disable non-essential cookies at any time through your browser settings. For Google Analytics opt-out, install the Google Analytics Opt-out Browser Add-on.

6 Third-Party Services

PDF AI integrates with limited third-party services to operate the platform:

  • Google Analytics: Anonymous traffic analysis. Governed by Google's Privacy Policy.
  • Cloud Hosting Provider: Our server infrastructure provider may process data per their own security policies.
  • No Advertising Networks: We do not share your data with advertising networks or data brokers.
  • No Affiliate Programs: We do not participate in any affiliate marketing. We earn no referral commissions.

7 Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right to Access: You can request a copy of any personal data we hold about you (primarily server logs and audit log entries).
  • Right to Erasure: You can request deletion of your personal data. Note: uploaded files are auto-deleted within 60 minutes. Audit log entries are auto-purged after 30 days.
  • Right to Object: You can object to data processing for analytics purposes by disabling cookies.
  • Right to Portability: You can request your personal data in a machine-readable format.
  • GDPR (EU/EEA Users): You have full rights under the General Data Protection Regulation. Our 60-minute deletion protocol and 30-day audit log retention are designed to support these rights.
  • CCPA (California Users): We do not sell personal information. California residents have the right to know what data is collected.
  • IT Act 2000 (Indian Users): We comply with India's Information Technology Act, 2000 and the IT (Amendment) Act, 2008 regarding data protection obligations.

To exercise any of these rights, contact us at the email below. We will respond within 30 days as required by law.

8 Children's Privacy

PDF AI is not directed at children under the age of 13 (or 16 in the EU under GDPR). We do not knowingly collect personal information from children.

If You Are a Parent or Guardian

If you believe a child under 13 has provided personal information to PDF AI, please contact us immediately at the email below. We will promptly delete such information from our records.

10 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make significant changes:

  • The "Last Updated" date at the top of this page will be revised.
  • For material changes, we will display a prominent notice on our homepage.
  • Continued use of our service after changes constitutes acceptance of the updated policy.

We encourage you to review this policy periodically to stay informed about how we protect your information.

11 Contact Us

For any privacy-related questions, data requests, or concerns, please reach out:

Email
Response Time
Within 48 hours (business days)
Jurisdiction
Maharashtra, India

This policy is effective as of May 1, 2026 and applies to all users of pdfai.co.in worldwide.