Privacy Policy
Last updated: February 20, 2026
1. Introduction
dataPdf ("we," "our," or "us") operates the dataPdf.io website and provides PDF table extraction services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
By using dataPdf, you agree to the collection and use of information in accordance with this policy.
2. Lawful Basis for Processing
We process your personal data based on the following lawful bases under Article 6 of the GDPR:
2.1 Performance of a Contract (Art. 6(1)(b))
Account creation, authentication, and service delivery require processing of your data to provide the PDF extraction services you request.
2.2 Legitimate Interest (Art. 6(1)(f))
We process usage data to improve our services, ensure security, and prevent fraud. This processing is necessary for our legitimate interests in operating and improving dataPdf.
2.3 Consent (Art. 6(1)(a))
For optional analytics and marketing cookies, we rely on your consent. You can withdraw consent at any time via our cookie preferences.
2.4 Legal Obligation (Art. 6(1)(c))
We may process certain data to comply with legal obligations, such as responding to lawful requests from authorities.
3. Data We Collect
3.1 Account Data
- Email address and authentication credentials
- Account preferences and settings
- Payment information (processed by Stripe)
3.2 Uploaded Documents
- PDF files you upload for processing
- Extracted data (tables, text) from your PDFs
- Processing metadata (pages, dimensions, format)
3.3 Usage Data
- IP address and device information
- Browser type and operating system
- Pages visited and features used
- Processing history and export records
4. Subprocessors
We use third-party subprocessors to provide and improve our services. All subprocessors are bound by data processing agreements:
| Subprocessor | Purpose | Location |
|---|---|---|
| Anthropic PBC | AI-powered table extraction | United States |
| Amazon Web Services (S3/R2) | File storage | US-East / EU-West |
| Stripe Inc. | Payment processing | United States |
| Vercel Inc. | Website hosting | United States |
| Supabase Inc. | Database | EU (if selected) |
5. Retention Periods
We retain different types of data for varying periods:
Uploaded Documents
7 days after processing completion. All uploaded PDFs and extracted data are automatically deleted after this period.
Account Data
Until account deletion. Retained while your account is active. Upon deletion, all personal data is removed within 30 days.
Usage Analytics
12 months. Aggregated and anonymized analytics data is retained for service improvement.
Transaction Records
7 years. Required by law for tax and financial reporting purposes.
6. International Transfers
Your data may be transferred to and processed in countries outside your residence country. When we transfer personal data internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses: All subprocessors sign SCCs approved by the European Commission
- EU-US Data Privacy Framework: US subprocessors certified under the framework where applicable
- Data Localization: EU users can select EU storage regions
7. Your Data Subject Rights
Under GDPR and similar regulations, you have the following rights:
Right to Access
Request a copy of all personal data we hold about you.
Right to Rectification
Request correction of inaccurate personal data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Data Portability
Receive your data in a machine-readable format.
Right to Object
Object to processing based on legitimate interests.
Right to Withdraw Consent
Withdraw consent for optional processing at any time.
8. Right to Erasure - How to Request
To exercise your right to erasure:
- Account Settings: Delete your account from the Settings page. This triggers automatic deletion of all personal data within 30 days.
- Email Request: Contact support@datapdf.io with your request. We will respond within 30 days.
Note: Some data may be retained for legal obligations (e.g., tax records) as permitted by law.
9. Security Measures
We implement appropriate technical and organizational measures:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Regular security audits and vulnerability assessments
- Access controls and employee training
- Automated threat detection and incident response
10. Children's Privacy
dataPdf is not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of any material changes via email or a prominent notice on our website. The "Last updated" date at the top indicates when changes were made.
12. Contact Information
For questions or concerns about this Privacy Policy:
- Email: support@datapdf.io
- Data Protection Officer: dpo@datapdf.io