Privacy Policy
Plain-English summary: We do not sell your data. Files you upload for conversion are deleted within 60 minutes. Browser-based tools (Compress, Merge, Split, Edit PDF) never upload your file at all. We use Google Analytics and Google AdSense, both of which use cookies. Third-party cookies from Google may be placed on your device for advertising purposes.
Contents
- Data Controller
- Files You Upload
- Cookies
- Advertising — Google AdSense
- Analytics — Google Analytics
- What Personal Data We Collect
- Legal Basis for Processing (GDPR)
- How We Share Data
- International Data Transfers
- Data Retention
- Security
- Your Rights (GDPR / UK GDPR / CCPA)
- Children
- Data Breach Notification
- Changes to This Policy
- Contact Us
1. Data Controller
EditPDF.fyi ("we", "us", "our") is the data controller responsible for your personal data collected through this website. We are the operator of the service available at https://editpdf.fyi.
For any privacy-related enquiries, please contact us at privacy@editpdf.fyi.
2. Files You Upload
EditPDF offers two types of tools, which handle your files differently:
- Browser-based tools (Compress PDF, Merge PDF, Split PDF, Edit PDF): These tools process your file entirely within your own web browser using JavaScript. Your file is never transmitted to our servers and never leaves your device at any point. We have no access to these files at any time and no record of what files were processed.
- Server-side conversion tools (PDF to Word, Word to PDF, PDF to Excel, JPG to PDF, Convert PDF): These tools require your file to be transmitted to our servers over an encrypted HTTPS connection for processing. Files are processed using LibreOffice and Python libraries and then immediately queued for automatic deletion. Every uploaded file is automatically and permanently deleted within 60 minutes of upload, regardless of whether the conversion was successful. We do not read, analyse, index, or share the contents of your files for any purpose other than performing the conversion you requested.
3. Cookies
Cookies are small text files stored on your device by websites you visit. We use cookies for the following purposes:
| Cookie / Service | Purpose | Type | Duration |
|---|---|---|---|
| Google Analytics (_ga) | Distinguishes unique users for traffic analysis | First-party analytics | 2 years |
| Google Analytics (_gid) | Distinguishes users for traffic analysis | First-party analytics | 24 hours |
| Google AdSense (IDE) | Registers a unique ID to serve targeted advertisements | Third-party advertising | Up to 13 months |
| Google AdSense (DSID, NID) | Ad targeting and frequency capping | Third-party advertising | Varies |
| Google AdSense (DoubleClick) | Frequency capping and ad conversion tracking | Third-party advertising | Varies |
You can control or delete cookies at any time through your browser settings. Disabling advertising cookies will not remove ads from the site but will mean ads are less tailored to your interests. Disabling analytics cookies will not affect your ability to use any of the tools on this site.
4. Advertising — Google AdSense
We use Google AdSense to display advertisements on this website. Google AdSense is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google AdSense uses cookies, including the DoubleClick DART cookie, to serve ads based on your visits to this site and other sites on the internet. This is known as interest-based or personalised advertising — it means Google may use your browsing history to show you advertisements relevant to your interests.
You can opt out of personalised advertising or manage your advertising preferences through the following methods:
- Visit Google Ad Settings to manage your Google advertising preferences
- Visit the NAI opt-out page to opt out of interest-based advertising from NAI member companies
- Visit the DAA opt-out page for additional opt-out options
- If you are in the EU/EEA, visit Your Online Choices
Google's use of advertising cookies is governed by Google's Privacy Policy. For more information on how Google uses data from sites that use its services, visit How Google uses information from sites that use our services.
5. Analytics — Google Analytics
We use Google Analytics (GA4) to understand how visitors use this site. Google Analytics collects anonymised data such as pages visited, time spent on pages, referral source, and general geographic region (country/city level). This data is used solely to improve the website and understand which tools are most useful to visitors.
Google Analytics uses first-party cookies (_ga, _gid) to distinguish returning visitors. IP addresses are anonymised before storage. We do not use Google Analytics to collect personally identifiable information and we do not use the data for advertising purposes independent of Google's own systems.
You can prevent your data from being collected by Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
6. What Personal Data We Collect
We collect minimal personal data. The categories of data we process are:
- Usage data: Pages visited, time on site, browser type, operating system, and general geographic region — collected anonymously via Google Analytics. This data cannot be used to identify you individually.
- Advertising data: Browsing behaviour used by Google AdSense to serve relevant advertisements. This data is processed by Google under their own privacy policy and is not stored by us directly.
- Contact data: If you contact us by email, we retain your email address and the content of your message solely to respond to your enquiry. We do not add you to any mailing list without your explicit consent.
We do not collect your name, physical address, payment information, phone number, or any account credentials. We do not require you to create an account to use any tool on this site. We do not build profiles of individual users.
7. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA) and the United Kingdom, we process personal data on the following legal bases under the General Data Protection Regulation (GDPR) and UK GDPR:
- Legitimate interests (Article 6(1)(f) GDPR): We use Google Analytics to analyse how the site is used in order to improve it. We have a legitimate interest in understanding how our service performs and how to make it better. This interest does not override your privacy rights as the data is anonymised and aggregated.
- Consent (Article 6(1)(a) GDPR): For personalised advertising through Google AdSense, we rely on your consent where required by applicable law. You may withdraw consent at any time by using the opt-out mechanisms described in Section 4.
- Legal obligation (Article 6(1)(c) GDPR): We may process data where necessary to comply with a legal obligation, such as responding to a lawful request from a public authority.
8. How We Share Data
We do not sell, rent, or trade your personal data to any third party. Data may be shared only in the following limited circumstances:
- Google LLC: Anonymised usage data via Google Analytics and advertising data via Google AdSense, as described in Sections 4 and 5 above. Google acts as a data processor for Analytics and an independent data controller for AdSense.
- Legal requirements: We may disclose information where required to do so by applicable law, court order, or in response to a valid and legally enforceable request from a public authority (such as a law enforcement agency). Where permitted by law, we will notify you of such a request.
- Protection of rights: We may disclose information where necessary to protect the rights, property, or safety of EditPDF.fyi, our users, or the public.
- Business transfer: In the event of a merger, acquisition, or sale of all or a substantial portion of our assets, user data may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.
9. International Data Transfers
Google Analytics and Google AdSense are operated by Google LLC, a company based in the United States. When you use this site, data processed by these services may be transferred to and stored on servers located in the United States or other countries outside the European Economic Area (EEA) or United Kingdom.
Google relies on approved transfer mechanisms to make such transfers lawful, including Standard Contractual Clauses (SCCs) approved by the European Commission and the UK International Data Transfer Agreement (IDTA). For more information, see Google's data transfer frameworks.
By using this site, you acknowledge that your data may be processed in countries whose data protection laws differ from those in your country of residence.
10. Data Retention
- Uploaded files (server-side tools): Automatically and permanently deleted within 60 minutes of upload, with no exceptions.
- Browser-based tool files: Never stored on our servers. They exist only in your browser's memory while the tab is open and are never retained.
- Google Analytics data: Retained for 14 months in accordance with our Google Analytics configuration, after which it is automatically deleted.
- Email correspondence: Retained for up to 12 months from the date of resolution of your enquiry, after which it is deleted unless a longer retention period is required by law.
- Google AdSense data: Managed by Google according to their own retention policies. Please refer to Google's Privacy Policy for details.
11. Security
We take the security of your data seriously and implement a range of technical and organisational measures to protect it:
- All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
- Server-side file uploads are isolated per-request and queued for automatic deletion immediately after processing
- We do not store files beyond the processing window under any circumstances
- Access to server infrastructure is restricted to authorised personnel only
- We regularly review our data handling practices and update our security measures
Despite these measures, no method of data transmission or storage is 100% secure. We cannot guarantee the absolute security of data transmitted to or from the Site. You use the Service at your own risk and should take appropriate precautions when transmitting sensitive documents over the internet.
12. Your Rights (GDPR / UK GDPR / CCPA)
Depending on your location, you have the following rights regarding your personal data. To exercise any of these rights, contact us at privacy@editpdf.fyi.
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure ("right to be forgotten"): Request deletion of your personal data where there is no legitimate reason for us to continue processing it
- Right to restrict processing: Request that we limit how we use your data in certain circumstances
- Right to object: Object to our processing of your personal data where we are relying on legitimate interests as our legal basis
- Right to data portability: Request that we transfer your data to you or a third party in a structured, machine-readable format
- Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal
- Right to opt out of sale (CCPA): We do not sell personal data to third parties
Because we collect very limited personal data and do not store files beyond 60 minutes, many of these rights will have limited practical application to our service. We will respond to all valid requests within 30 days.
EEA residents: You have the right to lodge a complaint with your national data protection supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu.
UK residents: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
13. Children
The Service is not directed at or intended for children under the age of 13 (or under 16 in certain EEA member states). We do not knowingly collect personal information from children under these ages. If we become aware that we have inadvertently collected personal information from a child below the applicable age threshold, we will take steps to delete that information promptly.
If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us at privacy@editpdf.fyi.
14. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by applicable law. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, using the contact information available to us.
Given that we process very limited personal data and uploaded files are automatically deleted within 60 minutes, the risk profile of a data breach on our service is low. Nonetheless, we take our notification obligations seriously.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. The date at the top of this page reflects when it was last revised. Where changes are material, we will make reasonable efforts to bring them to your attention, such as by posting a notice on the Site. Continued use of the Site after any changes constitutes your acceptance of the updated policy.
16. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a concern about how we handle your data, please contact us:
Email: privacy@editpdf.fyi
Contact page: editpdf.fyi/contact
Website: https://editpdf.fyi