PDFEditor
Open Editor

Privacy Policy

Last updated: February 2026

1. Overview

PDFEditor (“we”, “our”, “us”) is committed to protecting your privacy. All PDF processing happens entirely inside your browser — your files are never uploaded to our servers. This policy explains what limited data we do collect and why.

2. Data We Collect

Anonymous session cookie

When you visit the editor we set a single pdf_uid cookie containing a randomly generated ID. This cookie:

  • Does not contain any personal information
  • Is httpOnly — cannot be read by JavaScript
  • Expires after 1 year
  • Is used solely to track usage limits and payment status

Usage data

We store a daily usage count linked to your anonymous session ID in a server-side database (Vercel KV). This count is automatically deleted after 48 hours. We do not store any information about which PDFs you edited or what content they contained.

Payment data

If you purchase access, your payment is processed by Stripe. We do not store your credit card number or billing address. We only store:

  • Whether your session has active paid access (one-time or subscription)
  • A Stripe customer ID (for subscription management only)

Stripe's privacy policy is available at stripe.com/privacy.

3. Your PDF Files

Your files never leave your device. All PDF processing (merging, splitting, compressing, annotating, OCR, etc.) runs entirely using WebAssembly and JavaScript in your browser. No file content is ever sent to our servers.

4. Analytics

We may use Umami Analytics, a privacy-focused analytics tool that does not use cookies, does not track individuals across sessions, and does not sell data to third parties. Umami collects only aggregate page view counts and referrers.

5. Cookies

We use one first-party cookie:

NamePurposeExpiry
pdf_uidAnonymous session ID for usage limits & payment status1 year

We do not use advertising cookies, cross-site tracking cookies, or any third-party cookies beyond what Stripe sets on their own hosted checkout pages.

6. Data Retention

  • Daily usage counts — deleted automatically after 48 hours
  • One-time or subscription access record — deleted when access expires or subscription is cancelled
  • Anonymous session cookie — expires after 1 year (or when you clear cookies)

7. Your Rights

Because we do not collect personal data, most data protection rights (access, correction, deletion) are not applicable in the traditional sense. Clearing your browser cookies effectively erases your session. If you have a paid subscription and wish to have all associated data deleted, contact us and we will remove it within 30 days.

8. Changes to This Policy

We may update this policy occasionally. Material changes will be noted with an updated “Last updated” date at the top of this page.

9. Contact

Questions about this privacy policy? Open an issue on our website or reach out through the support channel listed there.