Privacy Notice

1. Information We Collect

We collect different types of information depending on how you use the Service:

1.1 Account Information

When you create an account, we collect:

• Email address
• First and last name (optional)
• Profile picture (if provided via Google OAuth)
• Hashed password (for email-based accounts; we never store plain-text passwords)

1.2 Subscription & Payment Information

When you subscribe to a paid plan, payment information is collected and processed by our payment processor, Paddle.com Market Limited ("Paddle"), which acts as our Merchant of Record. Blackpdf does not receive, store, or have access to your full credit card number, CVV, or banking details. We receive from Paddle:

• Your Paddle customer ID
• Subscription status and plan tier
• Billing interval (monthly or annual)
• Transaction dates

For details on how Paddle handles your payment data, see Paddle's Privacy Policy.

1.3 Files You Process

Files uploaded for processing are handled as described in Section 2 below. We do not access, review, or use the content of your files for any purpose other than performing the operation you requested.

1.4 Usage Data

We collect anonymous usage data to improve our Service, including:

• Tools used and processing history (tool name, file count, file sizes)
• Error reports and diagnostic information
• Browser type, device type, and operating system
• Approximate geographic location (country-level, derived from IP address)
• Pages visited and referral sources

This data does not include any content from your files.

1.5 Cloud-Synced Data (Pro & Business)

If you enable cloud sync, we store:

• Saved passwords: Encrypted using AES-256-GCM before storage. We cannot read your saved passwords.
• Signatures and stamps: Stored as encrypted image data for synchronization across your devices.

1.6 Team Data (Business)

If you use the Teams feature, we store:

• Team name and membership information
• Shared resources (passwords, signatures, watermarks) designated for team access
• Team activity logs (which member performed what action and when)
• Shared files and workflows

2. File Handling & Processing

Blackpdf is designed to minimize server-side file exposure:

• Browser-Based Processing: Many operations happen entirely within your browser. Files are never uploaded to our servers for these operations.
• Server-Side Processing: For resource-intensive operations (such as OCR, compression, conversions, and watermarking), files are securely transferred to our servers using 256-bit TLS encryption.
• Automatic Deletion: Files processed on our servers are automatically deleted after processing is complete. No copies are retained.

Workflow output files are retained temporarily to allow downloading and sharing, and are automatically deleted when their expiry period passes.

Shared file links make processed files available for download for up to 24 hours. Files are deleted when the link expires or is revoked.

For more details about our technical security measures, see our Security Page.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process your files as requested
• Manage your account and subscription
• Synchronize your saved passwords and signatures across devices
• Facilitate team collaboration features
• Send transactional emails (account verification, password resets, team invitations)
• Send product updates and announcements (if you have opted in)
• Detect and prevent fraud, abuse, and security incidents
• Analyze usage patterns to improve performance and user experience
• Comply with legal obligations

We do not sell, rent, or trade your personal information to third parties.

4. Third-Party Service Providers

We use trusted third-party services to operate the Service. These providers only access data necessary to perform their specific function:

• Paddle — payment processing, invoicing, tax compliance (Merchant of Record)
• Google Analytics — anonymous website usage analytics
• Google Ads — advertising for Free tier users
• Resend — transactional email delivery (account verification, team invitations)
• CDNs (e.g., cdnjs, Google Fonts) — delivery of scripts, libraries, and fonts

None of these providers have access to the content of your files. They are used solely to deliver infrastructure and core functionality.

5. Advertising

Blackpdf displays ads to users on the Free tier to support ongoing operations. To provide relevant ads:

• We use Google Ads and other advertising partners.
• These services may use cookies, web beacons, and similar technologies to serve personalized or non-personalized ads.
• Advertisers may collect anonymous information such as device type, browser, or approximate location, but they never have access to your files.

Pro and Business subscribers do not see ads.

We comply with Google Ads policies and applicable legal requirements regarding cookies and personalized advertising.

6. Cookies

Blackpdf uses cookies and similar technologies for the following purposes:

• Essential Cookies: Required for authentication, session management, CSRF protection, and basic functionality. These cannot be disabled.
• Analytics Cookies: Used by Google Analytics to understand anonymous usage patterns and improve performance.
• Advertising Cookies: Used by Google Ads and partners to deliver and measure ad performance (Free tier only).
• Preference Cookies: Used to remember your settings and preferences (e.g., last used tool, billing toggle state).

For a detailed explanation of the cookies we use and how to manage them, see our Cookie Policy.

7. Data Retention

We retain different types of data for different periods:

• Processed files: Deleted immediately after processing.
• Workflow output files: Retained until expiry, then automatically deleted.
• Shared file links: Files deleted when the 24-hour link expires or is revoked.
• Account data: Retained while your account is active. Permanently deleted within 30 days of account deletion.
• Cloud-synced data (passwords, signatures): Retained while your qualifying subscription is active. Retained for 30 days after downgrade to Free, then permanently deleted.
• Team data: Retained while the team exists. Dissolved teams' data is deleted within 30 days.
• Activity history: Processing history is retained for up to 12 months for active accounts.
• Analytics data: Anonymous usage data and error logs are retained for up to 12 months.
• Security logs: Authentication and security event logs are retained for up to 12 months.

8. Data Security

We implement technical and organizational measures to protect your data, including:

• 256-bit TLS encryption for all data in transit
• AES-256-GCM encryption for sensitive data at rest (saved passwords)
• Secure session management with HTTP-only cookies
• Rate limiting and abuse detection
• Input sanitization and CSRF protection
• Regular security reviews

For full details, see our Security Page.

9. Your Rights (GDPR & Data Protection)

Regardless of where you are located, we provide the following rights to all users. If you are in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar data protection laws, these rights are guaranteed by law:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may update or correct inaccurate personal data from your account settings or by contacting us.
• Right to Erasure: You may request deletion of your account and all associated personal data.
• Right to Data Portability: You may request your personal data in a structured, commonly used, machine-readable format (JSON).
• Right to Restrict Processing: You may request that we limit how we use your data in certain circumstances.
• Right to Object: You may object to processing based on legitimate interests, including direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at support@blackpdf.com. We will respond within 30 days.

Legal Basis for Processing (GDPR):

• Performance of contract: Processing your files, managing your account and subscription
• Legitimate interest: Analytics, security monitoring, service improvement
• Consent: Marketing emails, advertising cookies, product updates
• Legal obligation: Tax records, fraud prevention

Cross-Border Transfers: Server processing may involve data transfer to servers in India. We apply industry-standard encryption and comply with applicable data protection laws for all cross-border transfers.

10. Children's Privacy

Blackpdf is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose.
• The right to request deletion of your personal information.
• The right to opt out of the sale of personal information. We do not sell personal information.
• The right to non-discrimination for exercising your privacy rights.

To exercise these rights, contact us at support@blackpdf.com.

12. Contact & Data Protection

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Email: support@blackpdf.com

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority.

13. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you have an account) or by posting a prominent notice on the Service at least 15 days before the changes take effect.

Your continued use of the Service after the updated policy takes effect constitutes acceptance.

Last modified: 31-03-2026