Privacy Policy

Last updated: February 2026

1. Data Controller

PDFverifier ("we", "us") operates pdfverifier.com. For questions about this policy, contact us at info@pdfverifier.com.

2. What Data We Collect

We collect and process the following personal data:

• Account data: Email address, name, and profile picture (from Google sign-in or email login)
• Payment data: Processed by Stripe — we do not store card numbers. We store your Stripe customer ID for subscription management.
• Uploaded files: PDF documents you upload for analysis. These are processed on our servers and automatically deleted when your session expires (7 days for free, 30 days for paid).
• Analysis results: Comparison results generated from your documents, stored for the same duration as uploaded files.
• Usage data: Session IDs, timestamps, number of analyses performed.
• Technical data: IP address (for consent records and security).

3. Legal Basis for Processing (GDPR Art. 6)

• Contract performance: Processing your documents and managing your account (Art. 6(1)(b))
• Consent: Newsletter subscription and optional data collection (Art. 6(1)(a))
• Legitimate interest: Security, fraud prevention, and service improvement (Art. 6(1)(f))

4. How We Use Your Data

• To provide the PDF comparison service
• To process payments and manage subscriptions
• To send purchase confirmations and account-related emails
• To send newsletter updates (only with your consent)
• To provide customer support

5. Data Sharing

We share your data with the following third parties, solely for providing the service:

• Stripe (payments) — processes payment information under their own privacy policy
• Google Firebase (authentication) — processes sign-in data under Google's privacy policy
• Hetzner (hosting) — our server provider, data stored in Germany (EU)

We do not sell your personal data to third parties.

6. Data Retention

• Uploaded files: Automatically deleted after 7 days (free) or 30 days (paid)
• Account data: Retained while your account is active. Deleted upon request.
• Payment records: Retained for 7 years for accounting and tax compliance
• Consent records: Retained for 3 years as proof of consent (GDPR requirement)

7. Your Rights (GDPR Art. 15-22)

You have the right to:

• Access your personal data (Art. 15)
• Rectification of inaccurate data (Art. 16)
• Erasure ("right to be forgotten") (Art. 17)
• Restrict processing of your data (Art. 18)
• Data portability — receive your data in a structured format (Art. 20)
• Object to processing based on legitimate interest (Art. 21)
• Withdraw consent at any time (Art. 7(3))

To exercise any of these rights, email us at info@pdfverifier.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In Sweden: Integritetsskyddsmyndigheten (IMY).

8. Data Security

• All data transmitted over HTTPS/TLS encryption
• Server hosted in Germany (EU) with Hetzner
• Uploaded files stored in isolated session directories
• Payment processing handled entirely by Stripe (PCI DSS compliant)
• Authentication handled by Firebase (Google security infrastructure)

9. International Transfers

Your data is primarily processed within the EU (Germany). Firebase authentication data may be processed by Google in the US under appropriate safeguards (Standard Contractual Clauses).

10. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or a notice on our website.

11. Contact

For any privacy-related questions or requests:
Email: info@pdfverifier.com