Privacy Policy
Last updated: June 2026 · GDPR & CCPA Ready
Our Privacy Commitment
EasyPDF Secure was built with one core principle: your files are yours, and we never want them.We process documents only to perform the conversion you request, and we automatically delete all files within 15 minutes — or immediately after you download. No exceptions.
1. What We Collect
We collect the minimum necessary to operate the service:
- Files you upload — stored temporarily in encrypted storage (Cloudflare R2) for the duration of conversion only
- IP address — stored as a one-way cryptographic hash for rate limiting and abuse prevention only
- Payment data — processed entirely by Stripe. We never see or store your card details
- Conversion metadata — tool used, file type, file size, timestamps. No file content.
2. What We Do NOT Collect
- No email address (unless you create a subscription — then only for receipt delivery)
- No account information or profile data
- No document content or extracted text
- No tracking cookies or advertising identifiers
- No device fingerprinting
3. File Retention Policy
All uploaded and converted files are subject to automatic deletion:
- Immediately after download (once maximum downloads reached)
- Within 15 minutes of processing completion (automated cleanup runs every 5 minutes)
- Immediately on processing failure
- Immediately on user cancellation
We maintain a deletion audit log (containing only file keys and timestamps — no content) for security monitoring purposes. This log is retained for 90 days.
4. How We Use Your Data
We use collected data solely to:
- Perform the PDF conversion you requested
- Process your payment via Stripe
- Prevent abuse and enforce rate limits
- Maintain system security and integrity
We never: sell your data, share it with third parties (beyond Stripe for payment processing), use it for advertising, use it for AI training, or retain it beyond the periods described above.
5. Security
- AES-256 encryption at rest (Cloudflare R2)
- TLS 1.3 encryption in transit
- Temporary signed URLs (5-minute expiry) for downloads
- Malware scanning on all uploads
- File type validation (MIME + extension)
- Isolated processing per conversion job
- Rate limiting to prevent abuse
6. Cookies
We use only essential cookies required for payment processing (Stripe) and basic session security. We do not use analytics cookies, advertising cookies, or tracking pixels. No cookie consent banner is required under our minimal data approach.
7. Third-Party Services
- Stripe — payment processing (PCI DSS Level 1 certified)
- Cloudflare R2 — temporary file storage with auto-deletion
- Supabase — conversion metadata database (EU-compatible)
8. GDPR Rights (EU Users)
Under GDPR, you have the right to: access your data, request deletion, object to processing, and lodge a complaint with your supervisory authority. Since we collect no personal data beyond payment processing, most rights are satisfied by default. For payment data, contact Stripe directly.
9. CCPA Rights (California Users)
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. California residents have the right to know, delete, and opt-out of sale — all of which are already exercised by our design.
10. Contact
Privacy questions: privacy@jenatechs.us
Data controller: JENA Tech & AI, United States