Legal

Privacy Policy

Last updated: June 12, 2026

Introduction

This Privacy Policy explains how PDF Compliance ("we", "us", or "our") collects, uses, stores, and protects information when you use PDFCompliance.com, upload documents, scan websites for PDFs, purchase reports, or request remediation services. We are committed to protecting your privacy and handling document data with care throughout the compliance scanning and remediation workflow.

Information we collect

Personal information

We collect personal information that you voluntarily provide to us, including:

  • Account registration information (name, email address, password)
  • Payment information (credit card details, billing address) processed securely through Stripe
  • Contact information when you communicate with us
  • Professional information (company name, job title) if provided

Document data

We process PDF documents that you upload or select from website scans for compliance analysis, report generation, optional remediation, invoice support, and related service delivery. Document data may include PDF content, filenames, source URLs, page counts, extracted accessibility findings, generated reports, remediated output files, storage keys, signed download URLs, and processing status metadata. These documents may contain sensitive information, and we treat them with the highest level of security and confidentiality.

Technical information

We automatically collect certain technical information including IP addresses, browser type, device information, operating system, referring URLs, session identifiers, authentication tokens stored by your browser, and usage patterns through cookies, local storage, and similar technologies.

How we use your information

Service delivery: Process your documents for compliance scanning, generate WCAG, Section 508, and ADA reports, remediate selected PDFs, apply Adobe digital signatures, create blockchain certificates, and make deliverables available through secure download links
Account security: Authenticate your identity, secure your account, and prevent unauthorized access or fraudulent activities
Payment processing: Process payments, manage subscriptions, and handle billing inquiries through our secure payment processor Stripe

We also use your information to communicate with you about your account, provide customer support, send important service updates, maintain audit records of document processing, detect abuse, debug failed jobs, and improve our services based on usage analytics.

Data security and protection

Encryption and security measures

We implement industry-leading security measures to protect your data:

  • All data is encrypted in transit using TLS 1.3 encryption
  • Data at rest is encrypted using AES-256 encryption
  • We maintain SOC 2 Type II compliance for security controls
  • Regular security audits and penetration testing
  • Multi-factor authentication for administrative access
  • Secure cloud infrastructure hosted on AWS with enterprise-grade security

Access controls

Access to your personal data is strictly limited to authorized personnel who need it to provide our services. We use role-based access controls, operational logging, and least-privilege access for production systems. All employees sign confidentiality agreements and receive regular security training.

Document retention and deletion

Automatic deletion

By default, we automatically delete processed documents after 30 days to minimize data retention. This includes document content and generated artifacts stored in our object-storage systems:

  • Original uploaded PDF files
  • Processed document versions
  • Temporary processing files and caches

Extended retention options

You can choose to extend document retention through your account settings for up to 1 year, or request immediate deletion at any time. Compliance certificates and blockchain records are retained permanently for verification purposes but contain no document content. We may retain billing, transaction, security, and audit records for longer where required for tax, accounting, fraud prevention, dispute resolution, or legal compliance.

Third-party services and data sharing

Payment processing

We use Stripe, Inc. for secure payment processing. Stripe handles all credit card information and maintains PCI DSS compliance. We never store your complete payment card details on our servers.

Cloud infrastructure

Our services are hosted on Amazon Web Services (AWS) infrastructure, including secure object storage for uploaded and generated PDFs. AWS provides enterprise-grade security and compliance certifications including SOC 2, ISO 27001, and GDPR compliance.

Adobe integration

We are authorized by Adobe Systems to apply digital signatures through their official API. Document metadata required for signature verification may be shared with Adobe's systems in accordance with their privacy policy.

Document processing infrastructure

PDF analysis and remediation are performed by PDF Compliance services and worker systems, including analyzer and remediation workers that process files from secure storage and publish status updates through our internal event pipeline. Processing metadata is used to show job status, generate reports, calculate remediation pricing, and provide downloads.

No sale of personal data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We only share data with trusted service providers who help us deliver our services and who are bound by strict confidentiality agreements.

Cookies and tracking technologies

We use cookies, browser storage, and similar technologies to keep you signed in, preserve upload and scan sessions, secure the service, and analyze service usage:

  • Essential cookies: Required for basic website functionality and security
  • Analytics cookies: Help us understand how you use our service to improve performance
  • Session storage: Store authentication tokens, current user details, active scan sessions, and asset-session metadata in your browser so uploads and website scans can resume

You can control cookie settings through your browser preferences. However, disabling certain cookies may limit some functionality of our service.

Your privacy rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal obligations)
  • Portability: Request transfer of your data to another service provider
  • Restriction: Request limitation of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw consent for processing where applicable

To exercise these rights, please contact us at privacy@pdfcompliance.com. We will respond to your request within 30 days and may require identity verification for security purposes.

International data transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission and adequacy decisions where applicable.

Data breach notification

In the unlikely event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours as required by applicable law. We maintain comprehensive incident response procedures to minimize any potential impact.

Children's privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

California privacy rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell personal information as defined by the CCPA.

Changes to this privacy policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and sending an email notification to registered users. Your continued use of our services after such changes constitutes acceptance of the updated policy.

Contact information

If you have any questions about this Privacy Policy or our data practices, please contact us: