PDFKitly

Last updated July 10, 2026

Privacy Policy

This Privacy Policy explains how PDFKitly (“PDFKitly,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you visit or use PDFKitly’s website, browser-based PDF tools, account features, and paid services (collectively, the “Service”). By using the Service, you acknowledge the practices described here.

1. PDF documents and passwords

Merge, split, rotate, extract, unlock capability checks, and basic compression are designed to run locally in your web browser. For these operations, the document remains on your device and is not intentionally uploaded to our servers. PDF passwords are used only in browser memory for the requested operation, are cleared from the interface after an attempt, and are not sent to analytics or application logs.

If we introduce an operation that requires server-side processing, the interface will identify that before upload. Temporary files will be stored in private, non-public object storage under non-guessable keys, accessed only for the requested operation, and scheduled for deletion within one hour. We do not permanently store uploaded PDF contents.

Browser crashes, network intermediaries, extensions, device software, or third-party services outside our control may affect privacy. Do not process documents on a device you do not trust.

2. Information we collect

Information you provide

  • Account information such as email address, display name, and profile image.
  • Contact messages, including the name, email address, and message you submit.
  • Subscription and billing identifiers received from Stripe. We do not receive complete payment-card numbers.

Information collected automatically

  • Basic request information such as IP address, browser type, device type, language, referring page, requested URL, and timestamps.
  • Security, fraud-prevention, rate-limit, and diagnostic events.
  • Privacy-safe product events such as a tool page view or processing success. These events must not contain filenames, passwords, PDF contents, extracted text, page images, or private document metadata.

Processing history

For eligible Pro accounts, history may include the tool name, timestamp, input and output file counts, total byte counts, processing status, and a broad error category. It does not include filenames, document contents, passwords, extracted text, page images, or document metadata.

3. Advertising, cookies, and similar technologies

Free users may see advertising. Pro users should not receive advertising placements while their Pro entitlement is active. We reserve page space for advertisements to avoid layout shifts, but an ad provider may not be active in every region or on every visit.

Google AdSense

We may use Google AdSense and related Google advertising services. Third-party vendors, including Google, use cookies, web beacons, IP addresses, and other identifiers to serve, measure, limit, and protect ads. Google’s use of advertising cookies enables Google and its partners to serve ads based on a user’s visit to this site and/or other sites on the Internet.

When third-party ad networks other than Google are enabled, their names and privacy links will be presented through the applicable consent interface or added to this policy. Advertising choices are browser- and device-specific and may need to be repeated after clearing cookies.

Consent in regulated regions

Where required, advertising and non-essential storage will be activated only after the required choice is collected. For personalized advertising in the EEA, United Kingdom, and Switzerland, the production site must use a Google-certified Consent Management Platform integrated with the IAB Transparency and Consent Framework. You may change or withdraw consent through the privacy choices control presented by that platform when advertising is enabled.

Essential cookies

Essential cookies support secure sign-in, session continuity, fraud prevention, load balancing, and saved consent choices. Disabling them may prevent account and billing features from working.

4. How we use information

  • Provide, maintain, secure, troubleshoot, and improve the Service.
  • Authenticate users and maintain secure sessions.
  • Enforce free and Pro limits and provide subscription benefits.
  • Process payments and synchronize subscription status with Stripe.
  • Respond to support, legal, privacy, and security requests.
  • Detect abuse, prevent fraud, enforce our Terms, and comply with law.
  • Measure aggregate product performance and, when permitted, serve and measure advertising.

Where applicable law requires a legal basis, we rely on performance of a contract, legitimate interests in operating and securing the Service, consent for activities that require it, and compliance with legal obligations.

5. How we share information

We do not sell PDF contents or passwords. We may disclose limited information to:

  • Service providers, including Cloudflare for hosting, security, D1 database, and temporary R2 storage; Stripe for billing; authentication/email providers; and approved analytics or advertising providers.
  • Legal and safety recipients when reasonably necessary to comply with law, protect rights or safety, investigate abuse, or enforce agreements.
  • Business transaction recipients during a merger, financing, acquisition, reorganization, or asset transfer, subject to appropriate confidentiality protections.
  • Parties you direct or when you otherwise give consent.

Advertising providers may independently process identifiers and activity as described in their own policies. Depending on applicable state law, some personalized advertising disclosures may be considered “sharing” or “targeted advertising.” See “Your privacy rights” below.

6. Data retention

  • Browser-processed PDFs and passwords: not intentionally received or retained by our servers.
  • Temporary server files: no more than one hour under the default retention design.
  • Account and subscription records: while the account is active and afterward as reasonably necessary for legal, tax, fraud-prevention, and dispute purposes.
  • Processing history: until cleared by the user, the account is deleted, or the record is no longer needed to provide the feature.
  • Contact submissions and security logs: only as long as reasonably necessary to respond, secure the Service, and meet legal obligations.
  • Stripe event identifiers: as needed for webhook idempotency, auditability, and billing integrity.

7. Security

We use measures intended to reduce risk, including HTTPS, secure cookies, content-security headers, private storage bindings, input validation, least-data processing, and signed Stripe webhook verification. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. Keep backups of important documents and report suspected vulnerabilities through our contact page.

8. Your privacy rights and choices

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or obtain a portable copy of personal information, withdraw consent, and appeal a denied request. You may also have a right to opt out of targeted advertising or the sale or sharing of personal information as those terms are defined by applicable law.

  • Manage Google ad personalization through Google Ads Settings.
  • Use the consent or privacy-choices control when displayed.
  • Clear Pro processing history from the account area.
  • Request account deletion or exercise another privacy right through the contact form.

We will verify requests in a manner proportionate to their sensitivity. Authorized agents may be required to provide proof of authority. We will not discriminate against you for exercising a privacy right. Browser “Do Not Track” signals are not uniformly standardized; where legally required and technically supported, we will honor recognized opt-out preference signals such as Global Privacy Control for applicable activities.

9. Children

The Service is not directed to children under 13, or the higher minimum age required in their jurisdiction, and we do not knowingly collect personal information from such children. Contact us if you believe a child has provided personal information.

10. International data transfers

Providers may process account, billing, security, analytics, or advertising information in countries other than yours. Where required, we and our providers use recognized transfer mechanisms and safeguards. Documents processed exclusively in your browser are not transferred by us.

11. Changes to this policy

We may update this policy as the Service, providers, or legal requirements change. We will update the date above and provide additional notice when required. Continued use after an update means the revised policy applies to later activity, subject to applicable law.

12. Contact us

The party responsible for this policy is PDFKitly. Submit privacy questions or requests through our contact page. Postal address: Lakewood, NJ 08701.