Privacy Policy

Last updated: 7 November 2025

Information We CollectHow We Use DataStorage & SecurityYour RightsAccount DeletionThird‑Party ServicesContact
1) Who we are

Controller: Luis (Hobby Project), Switzerland (Free Tier - No Registered Business). Contact: privacy@pdfextractorai.com.

2) What this policy covers

This policy explains what data we process when you use pdfextractorai (pdfextractorai.com), why we process it, how long we keep it, and your rights under GDPR (EU/EEA), FADP (Switzerland), and UK GDPR.

3) Data we process
a) Account & auth data (if you register)

Email, hashed credentials or OAuth identifiers, and basic profile data needed by our auth provider.

b) Usage & device data

IP address, timestamps, pages/API routes used, basic diagnostic logs for reliability and security (e.g., abuse/fraud prevention).

c) Uploaded content

Documents you upload (e.g., PDFs) and extracted text/tables required to perform the Service. We process this data transiently to deliver results and do not store uploaded files longer than necessary to complete your request (e.g., held in memory and short-lived storage for processing and download queues).

d) Payments data (only if/when you purchase)

Handled by Stripe. We do not store full card numbers; Stripe is your payment processor.

e) Email communications

Your email address and message metadata to send verification emails, notifications, or support responses via Resend.

4) Purposes & legal bases
  • Provide the Service (contract): account/auth, processing your uploads, returning results.
  • Security & abuse prevention (legitimate interests): rate-limiting, fraud/abuse detection, service diagnostics.
  • Payments (contract): subscriptions/one-off purchases via Stripe.
  • Consent-based communications (consent): product updates or marketing (only if you opt-in; you can opt out anytime).
5) AI Providers (Google Gemini & OpenAI)

To extract data, we send your PDFs and prompts to Google Gemini (Paid Services) and/or OpenAI API. On Paid Services, Google states API content is not used to improve products; limited logs may be retained briefly for safety/legal compliance. OpenAI’s API may retain inputs/outputs for up to 30 days for abuse prevention, after which they are deleted (not used for training by default). See the providers’ API terms and privacy pages for details.

Age requirement: We provide the Service only to users 18+.

6) Data location & international transfers

Where possible, we host and process in EU regions (e.g., Vercel/Supabase EU). Some subprocessors may process data outside the EU/CH/UK subject to appropriate safeguards (e.g., SCCs). See our Subprocessors / Service Providers page for current providers, purposes, and locations.

7) Retention
  • Uploaded files/content: kept only as long as needed to perform extraction and deliver results (typically transient/in-memory with short-lived temporary storage).
  • Account data: kept while your account is active.
  • Logs/diagnostics: retained briefly to secure and operate the Service, then deleted or anonymized.
  • Billing/receipts: retained as required by accounting and tax laws.

You can request deletion at any time (see §10).

8) Processors we use
  • Hosting: Vercel (deployment & serverless functions)
  • Database/Auth: Supabase (EU project)
  • Payments: Stripe (if enabled)
  • Email: Resend
  • AI Providers: Google Gemini (Paid Services) and/or OpenAI API

Full details and links: see /legal/subprocessors.

9) Security

We use HTTPS/TLS, access controls, and periodic security reviews. No storage is 100% secure; use caution with sensitive data.

10) Your rights (EU/EEA/UK & Switzerland)

You may have the rights to access, rectify, delete, restrict processing, object, and data portability. To exercise your rights, contact privacy@pdfextractorai.com. If we cannot resolve your complaint, you may contact a supervisory authority:

  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC) — https://www.edoeb.admin.ch/
  • EU/EEA: Your national data protection authority
  • UK: Information Commissioner’s Office (ICO)
Account Deletion ("Delete My Account")

⚠️ Important: Complete Account Removal

The "Delete My Account" button permanently removes your entire account, not just your data. This is a complete account deletion that cannot be undone.

What gets permanently deleted:

  • Your user profile and login credentials
  • All usage history and statistics
  • Subscription and billing data (anonymized for legal compliance)
  • All personal information and preferences
  • Email notifications and communication history
  • System analytics and security events

What happens after deletion:

  • You will be immediately signed out
  • Your login credentials will no longer work
  • You cannot recover any of your data
  • To use the service again, you must create a new account

Legal compliance: Some anonymized payment records may be retained for tax and legal requirements, but all personally identifiable information is removed.

If you only want to delete specific data or have questions, please contact privacy@pdfextractorai.com before using account deletion.

11) Children

The Service is for adults (18+) only. We do not knowingly process children's data.

12) Changes

We may update this policy. We will change the date above and, if material, notify you in-app or by email.

13) Contact

Privacy questions: privacy@pdfextractorai.com.