Privacy Policy

This Privacy Policy explains how pdfprotect.app ("we", "our", or "the Company") collects, uses, and protects information when you use our desktop application (the "Application") and visit our website at pdfprotect.app (the "Website"). Together, these are referred to as the "Service".

The data controller responsible for your personal data under this policy is:

pdfprotect.app
Mannerheimintie 113, 00280 Helsinki, Finland
Email: info@pdfprotect.app

Because the Application operates entirely offline and processes no data on our servers, we act as a data controller only in connection with information collected through the Website (such as contact form submissions and website analytics). We never act as a controller or processor in relation to the PDF documents you protect with the Application.

Fully local processing. PDFProtect operates entirely on your device without any network connection. When you open, protect, or modify a PDF document using the Application, that processing happens exclusively on your local machine. No document content, file names, metadata, passwords, encryption keys, or any other document-related data is ever transmitted to our servers or any third-party service.

No telemetry. The Application does not include any usage tracking, analytics modules, or telemetry components. We receive no information about how you use the Application, which features you use, how often you open it, or any other behavioural data.

No automatic updates. The Application does not check for updates automatically or connect to the internet during normal use. Updates are released on the Website and installed manually by the user.

No account required. Using the Application does not require you to register, log in, or provide any personal information. There are no user accounts associated with the Application.

When you visit our Website, some information may be collected automatically or provided by you voluntarily. The following describes each category:

3.1 Server Log Files

Our web hosting provider automatically records standard server log data when you visit the Website. This includes your IP address, browser type and version, operating system, referring URL, pages visited, and the date and time of your visit. This data is used exclusively for security monitoring, troubleshooting, and maintaining the availability of the Website. Log files are retained for a maximum of 30 days and are then deleted. This processing is carried out on the basis of our legitimate interest (Article 6(1)(f) GDPR) in maintaining a secure and functional website.

3.2 Download Events

When you download the Application, our server records the event as part of standard log data (IP address, timestamp, file requested). We use aggregate download counts to understand how widely the Application is used. No individually identifying download records are retained beyond the 30-day log retention period.

3.3 Contact Form and Email Communications

If you contact us by email or through any contact form on the Website, we collect the personal data you provide — typically your name, email address, and the content of your message. We use this information solely to respond to your enquiry and, if necessary, to follow up. We retain correspondence for up to 24 months. The legal basis is our legitimate interest in responding to enquiries (Article 6(1)(f) GDPR), or where required, the performance of a contract (Article 6(1)(b) GDPR).

3.4 Cookies

The Website uses only strictly necessary cookies required for basic functionality (for example, to remember your language or session preferences). We do not use advertising cookies, tracking cookies, or any form of behavioural profiling. You can disable cookies in your browser settings without affecting the core functionality of the Website. No consent is required for strictly necessary cookies under applicable law.

The Website loads resources from the following third-party services. By visiting the Website, your browser establishes a connection to these services, which may involve the transfer of your IP address to their servers:

4.1 Google Fonts

The Website uses fonts served by Google LLC via Google Fonts (fonts.googleapis.com / fonts.gstatic.com). When your browser loads the Website, it sends a request to Google's servers to retrieve the font files. Google may collect your IP address and browser information as a result. Google's privacy policy is available at policies.google.com/privacy. We use Google Fonts on the basis of our legitimate interest in providing a consistent and readable user experience (Article 6(1)(f) GDPR). Data may be transferred to the United States under Google's standard contractual clauses.

4.2 Cloudflare CDN (Font Awesome)

The Website loads icon assets from the Cloudflare CDN (cdnjs.cloudflare.com) to display icons (Font Awesome library). Your browser sends a request to Cloudflare's servers, which may log your IP address. Cloudflare's privacy policy is available at cloudflare.com/privacypolicy. We use Cloudflare CDN on the basis of our legitimate interest in website performance and availability (Article 6(1)(f) GDPR).

4.3 Web Hosting Provider

The Website is hosted by a third-party hosting provider. That provider processes server log data on our behalf as a data processor and is bound by a data processing agreement consistent with GDPR requirements. The hosting provider does not have access to the content of your communications with us.

We process personal data only where we have a valid legal basis to do so. The relevant legal bases under the General Data Protection Regulation (GDPR) are:

• Legitimate interests (Article 6(1)(f) GDPR): We process server logs, download events, and third-party CDN requests on the basis of our legitimate interest in maintaining a secure, functional, and accessible website. We have assessed that these interests are not overridden by your privacy interests.
• Performance of a contract or pre-contractual steps (Article 6(1)(b) GDPR): Where you contact us in connection with a support request or potential service arrangement, we process your contact details and message content to respond to you.
• Compliance with a legal obligation (Article 6(1)(c) GDPR): Where we are required to retain or disclose data by applicable law (for example, law enforcement requests made in accordance with Finnish law).

We retain personal data only for as long as necessary for the purposes set out in this policy:

• Server log files: Deleted after 30 days.
• Email and contact form correspondence: Retained for up to 24 months from the date of last communication, then deleted unless retention is required by law.
• Aggregate statistics (e.g. total download counts with no individual identifiers): Retained indefinitely as they contain no personal data.

When the retention period expires, data is securely deleted or anonymised so that it can no longer be associated with you.

Some of the third-party services we use (in particular Google Fonts and Cloudflare) may transfer data outside the European Economic Area (EEA), including to the United States. Where such transfers occur, they are covered by appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) or an adequacy decision by the European Commission. For further information on the safeguards used by each provider, please refer to their respective privacy policies.

We do not ourselves transfer any personal data outside the EEA, as our servers are located within the EU.

If you are located in the European Economic Area or the United Kingdom, you have the following rights in relation to your personal data:

• Right of access (Article 15 GDPR): You have the right to request a copy of the personal data we hold about you and information about how we process it.
• Right to rectification (Article 16 GDPR): You have the right to request correction of inaccurate personal data we hold about you.
• Right to erasure (Article 17 GDPR): You have the right to request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, or where you withdraw consent (where processing was based on consent).
• Right to restriction of processing (Article 18 GDPR): You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to data portability (Article 20 GDPR): Where processing is based on consent or a contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
• Right to object (Article 21 GDPR): You have the right to object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in your country of residence, place of work, or place of an alleged infringement. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), tietosuoja.fi.

To exercise any of the above rights, please contact us at info@pdfprotect.app. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to delete: You may request deletion of personal information we have collected about you, subject to certain exceptions.
• Right to correct: You may request correction of inaccurate personal information.
• Right to opt out of sale or sharing: We do not sell or share personal information with third parties for cross-context behavioural advertising.
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, contact us at info@pdfprotect.app.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encrypted connections (HTTPS/TLS) for all Website traffic;
• Access controls limiting who within the Company can access correspondence and logs;
• Regular review of security practices and third-party provider agreements.

The Application itself uses strong industry-standard cryptographic algorithms for document encryption. Since document processing occurs entirely on your local device, the security of your documents also depends on the security of your local environment. We recommend keeping your operating system, antivirus software, and the Application itself up to date.

No method of data storage or transmission is 100% secure. In the unlikely event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority as required by applicable law.

The Service is not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe that a child under 16 has provided us with personal data, please contact us at info@pdfprotect.app and we will promptly delete that information. If you are a resident of a jurisdiction where the minimum age for data processing consent is higher, please do not use the Service if you are below that age.

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically.

If changes are significant, we will make reasonable efforts to provide more prominent notice (for example, a notice on the Website homepage). Continued use of the Service after the revised policy takes effect constitutes your acceptance of the changes.

If you have any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us:

Email: info@pdfprotect.app
Postal address: pdfprotect.app, Mannerheimintie 113, 00280 Helsinki, Finland

We will acknowledge your request within 5 business days and provide a substantive response within 30 days. If your request is complex, we may extend this period by up to two additional months, in which case we will inform you accordingly.

If you are not satisfied with our response, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi) or the supervisory authority in your country of residence.