Privacy Policy
Effective date: March 21, 2026 · Last updated: March 21, 2026
Your files never leave your device.
SignPDF processes all PDFs entirely inside your browser using JavaScript. No PDF content is transmitted to our servers at any point.
1. Who We Are
SignPDF ("we", "us", "our") operates the website signpdf-ten.vercel.app. We provide a browser-based PDF editing tool. Questions about this policy may be directed to privacy@signpdf.app.
2. What Data We Collect
We collect the minimum data necessary to operate the service:
Account Data (if you create an account)
- Email address — used for authentication and account recovery
- Hashed password — stored securely by Supabase; we never see it in plaintext
- Plan status (free / plus / pro) and expiry date
Usage Data
- Export event count per day — used solely to enforce the free-tier daily limit (3 exports/day). No PDF content, filenames, or metadata are stored.
- Standard server access logs (IP address, browser type, pages visited) retained for up to 30 days by Vercel infrastructure for security purposes.
Payment Data
- Payments are processed by Stripe. We do not store card numbers or full payment details. We store your Stripe customer ID and subscription status in our database.
What We Do NOT Collect
- Your PDF files, their contents, or any text extracted from them
- Annotations, signatures, or redactions you apply
- Filenames or file metadata
3. How We Use Your Data
- Authenticating your account and maintaining session state
- Enforcing plan limits (export count tracking)
- Processing subscription payments via Stripe
- Sending transactional emails (account verification, password reset) — no marketing emails without explicit opt-in
- Detecting and preventing abuse or fraud
4. Cookies and Local Storage
We use the following:
- Supabase auth token — stored in browser localStorage to keep you logged in across sessions. Cleared when you sign out.
- Google AdSense cookies — if you have not opted out, Google may place advertising cookies to serve relevant ads. See Google's Privacy Policy.
- Google Fonts — fonts are loaded from Google's CDN; Google may log request metadata per their privacy policy.
We do not use tracking pixels, fingerprinting, or third-party analytics beyond what is disclosed above.
5. Third-Party Services
6. Data Retention
- Account data: retained for the lifetime of your account. Deleted within 30 days of account deletion.
- Usage logs: rolling 90-day window; older records are automatically purged.
- Payment records: retained for 7 years as required by applicable tax and financial regulations.
7. Your Rights (GDPR / CCPA)
Depending on your jurisdiction, you may have the right to:
- Access — request a copy of the personal data we hold about you
- Deletion — request deletion of your account and associated data
- Portability — receive your data in a structured, machine-readable format
- Correction — update inaccurate personal data
- Opt-out of advertising — use your browser's ad settings or visit optout.aboutads.info
To exercise any of these rights, email privacy@signpdf.app. We will respond within 30 days.
8. Children's Privacy
SignPDF is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
9. Security
All data in transit is encrypted via TLS. Database access requires authentication and is protected by Row Level Security (RLS) policies. We conduct periodic security reviews of our infrastructure.
10. Changes to This Policy
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.
11. Contact
SignPDF
Email: privacy@signpdf.app
This policy was last reviewed on March 21, 2026. · Terms of Service · Back to SignPDF