Privacy Policy
Welcome to PDFExpert (https://pdfexpert.xyz). We provide modern, browser-based PDF and image manipulation tools. This Enterprise Privacy Policy outlines our data processing practices, strict commitment to client-side data security, and your privacy rights under global regulations.
1. Client-Side Processing Guarantee
We engineered PDFExpert prioritizing your absolute privacy. When you merge, split, rotate, watermark, extract, or convert files on our platform, the processing occurs directly in your local environment using client-side JavaScript. Specifically:
- No Server-Side Processing: Your files are never transmitted over the internet to our servers.
- No Cloud Storage: We do not utilize cloud buckets, databases, or temporary server storage for your documents.
- Browser Memory Only: Files are parsed securely in your browser's local memory (RAM). Once you close your browser tab, the files instantly and permanently disappear from memory.
- No Employee Access: Because no files are uploaded, it is physically impossible for PDFExpert employees, contractors, or third parties to access, intercept, or view your documents.
- Strict Local Context: The website cannot read any files on your computer unless you explicitly select them via the secure operating system file picker.
2. Information We Do NOT Collect
In accordance with the principle of data minimization, we strictly avoid collecting sensitive user information. We absolutely do not collect, process, or store:
- File Contents: The text, images, metadata, annotations, or structured data inside your PDFs or image files.
- Personal Identity Data: Names, physical addresses, email addresses, phone numbers, or account credentials (as our service operates securely without requiring user accounts).
- Payment Information: Financial data or credit card numbers, as our core tools are free to use.
3. Information We Collect
To ensure website security, operational stability, and monetization, we collect strictly limited metadata. This data is segregated from your file processing:
- Technical Web Hosting Logs: When you access the website, our standard hosting infrastructure automatically receives basic network requests. This includes your IP address, browser type (User-Agent), referring URL, date/time stamp, and requested pages. This is standard for all internet traffic and is used solely for DDoS prevention and routing.
- Advertising & Consent Data: Information collected via cookies by our advertising partners (such as Google AdSense) to serve advertisements and manage your consent preferences.
5. Google AdSense & Consent Mode v2
PDFExpert uses Google AdSense to serve advertisements, allowing us to maintain the platform free of charge. We strictly adhere to the Google EU User Consent Policy and implement Google Consent Mode v2.
Google Advertising Cookies and Third-Party Vendors
- Third-party vendors, including Google, use cookies to serve ads based on your prior visits to our website or other websites on the internet.
- Google's use of advertising cookies enables it and its partners to serve ads to our users based on their visit to our sites and/or other sites on the internet.
- Ads may be personalized or non-personalized, depending on the consent preferences you select upon visiting the site.
User Controls and Opt-Out
You may opt out of personalized advertising at any time by visiting Google Ads Settings. Alternatively, you can opt out of a third-party vendor's use of cookies for personalized advertising by visiting www.aboutads.info.
European Economic Area (EEA) and UK Users
If you are located in the EEA or the UK, we use a certified Consent Management Platform (CMP) to request your explicit consent before setting non-essential advertising cookies or serving personalized ads, strictly adhering to Google's Consent Mode v2 standards.
6. Third-Party Services
We limit external integrations strictly to essential infrastructure and monetization providers. We do not invent or use unnecessary third-party tracking. Our current integrations are limited to:
- Web Hosting Infrastructure: To serve the static HTML, CSS, and JavaScript files that make up our application to your browser securely.
- Google AdSense: For serving advertisements as described in Section 5.
These providers only have access to standard HTTP request data (like IP addresses) necessary to deliver their specific services and are prohibited from accessing your locally processed files.
7. Data Security Measures
Our security model is built on client-side execution, but we implement robust enterprise-grade security headers to protect the delivery of our code:
- HTTPS & TLS Encryption: All website traffic is forced over secure, encrypted Transport Layer Security (TLS) connections, preventing Man-in-the-Middle (MitM) attacks during code delivery.
- Browser Sandboxing: Our JavaScript executes strictly within the secure boundaries of your modern web browser's sandbox environment.
- Content Security Policy (CSP): We utilize strict CSP headers to mitigate Cross-Site Scripting (XSS) and data injection attacks.
- X-Content-Type-Options: Configured to `nosniff` to prevent MIME-type confusion attacks.
- Referrer-Policy & Permissions-Policy: Implemented to restrict the sharing of URL referrers and to deny the application access to unnecessary device APIs (like cameras or microphones).
- Frame Protection (X-Frame-Options): Configured to prevent our site from being embedded maliciously in iframes (Clickjacking protection).
8. Data Retention
- Document Data: 0 seconds. File data exists exclusively in your device's volatile memory (RAM) and is purged instantly when the process completes or the browser closes.
- Server Logs: Standard infrastructure logs (IP addresses) are rotated automatically and permanently deleted within 14 to 30 days.
- Consent Data: Managed strictly by the CMP platform according to your regional legal requirements (typically valid for 6 to 12 months before reprompting).
9. Global Privacy Compliance
GDPR & UK GDPR (European Union & United Kingdom)
We process limited personal data (IP addresses and ad cookies) as a Data Controller. Because we do not upload files, we are not a Data Processor of your documents. Processing of ad cookies relies on your explicit consent. Processing of security logs relies on our legitimate interest to protect our infrastructure. You hold the right to Access, Rectification, Erasure, Restriction, and Data Portability. To exercise the right to erasure, simply clear your browser's cookies and local storage.
CCPA / CPRA (California Residents)
We do not "sell" your personal information in the traditional sense, nor do we collect identifiable files. However, sharing data with Google AdSense for targeted advertising may constitute "sharing" under the CPRA. You possess the Right to Know, Right to Delete, Right to Correct, and the Right to Opt-Out of Cross-Context Behavioral Advertising via our consent banner or global privacy controls.
LGPD (Brazil) & PIPEDA (Canada)
In accordance with the Lei Geral de Proteção de Dados (LGPD) and the Personal Information Protection and Electronic Documents Act (PIPEDA), we apply strict data minimization principles. We do not collect or transfer your documents, and any advertising data processing is governed by informed consent where required.
10. Children's Privacy (COPPA)
PDFExpert strictly complies with the Children's Online Privacy Protection Act (COPPA) and international equivalents. Our services are not directed at, nor do we knowingly collect or solicit personal information from, children under the age of 13 (or 16 in the EU/UK). If you believe we have inadvertently collected information from a minor, please contact us immediately for deletion.
11. Changes to This Policy
We may update this Privacy Policy to reflect changes in global privacy legislation, technical updates, or AdSense policy modifications. The "Last Updated" date at the top of this document will reflect the most current version. We encourage users to review this page periodically.
12. Contact Information
If you have any questions, concerns, or legal inquiries regarding our privacy practices, please contact our privacy compliance team:
- Website: https://pdfexpert.xyz
- Email: privacy@pdfexpert.xyz