Comprehensive Privacy Policy

Last formally updated: 10 March 2026

Drafted in strict compliance with the EU General Data Protection Regulation (GDPR) 2016/679

1. Corporate Identity and Core Operations

PDFLab operates as an elite cloud-based ecosystem for PDF file management. The safeguarding of your personal and corporate data is our absolute foremost priority. This comprehensive policy outlines exactly how we process your data in strict compliance with UK and European data protection legislation.

2. Cryptographic Processing of Uploaded Files

PDFLab absolutely does not view, copy, or permanently store the content of the files you upload for processing. Our secure document handling pipeline operates as follows:

  • Automated Cryptographic Deletion: All uploaded source files and their corresponding processed outputs are permanently and irreversibly shredded from our storage nodes within exactly 1 hour of the initial operation.
  • Zero Human Access: No human operator or technician has access to the uploaded files. The entire transformation process is executed exclusively by automated algorithms residing on heavily secured, isolated servers.
  • Retention of Ownership: The user retains sole, exclusive, and unalienable intellectual property rights and ownership over all uploaded and processed documents.

3. Categorisation of Collected Data

To ensure maximum privacy (data minimisation), we only collect the data strictly required for the operational provision of our software:

  • Account Credentials: First name, surname, email address, and essential billing details (applicable exclusively to registered users or PRO plan subscribers).
  • Financial Data: All financial transactions are securely processed by Stripe. PDFLab does not collect, store, nor have access to your sensitive credit card numbers or direct debit banking details.
  • Cloud Storage Integrations: When utilising our Google Drive and Dropbox import features, we request only the absolute minimum read-only permissions via their official, secure APIs. Your external cloud data is never scraped, stored, or leveraged for advertising purposes.

4. Enterprise-Grade Technical Security

We employ state-of-the-art cybersecurity protocols to protect your traffic:

  • SSL/TLS Encryption: Every single byte of data transferred between your web browser and our processing nodes occurs via a militarily encrypted HTTPS protocol.
  • European Server Infrastructure: All our processing servers are geographically located within the European Union, thereby guaranteeing your data is protected under the full weight of GDPR jurisdiction.

5. Your Statutory Rights (GDPR)

As a protected data subject, you possess the unalienable right to:

  • Request full access to your stored personal data
  • Demand the immediate rectification or total erasure of your data
  • Formally object to specific data processing methodologies
  • Request data portability in a structured, machine-readable format

To actively exercise any of these statutory rights, please send a formal written request to [email protected].

Data Controller Details and Legal Contacts

Appointed Data Controller: Giovanni Didonna

Registered Head Office: Corso Umberto I 53, 85017 Tolve (PZ), Italy

VAT Registration Number: IT02163850767

Email: [email protected]

PEC: [email protected]