SexyPDF ("we," "us," or "our") operates the sexypdf.com website and related services. We are committed to protecting the privacy and security of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our PDF processing services.

This policy applies to all users of SexyPDF, including visitors who browse without an account, registered free-tier users, and premium subscribers. By using our services, you consent to the data practices described in this policy. If you do not agree with the terms of this policy, please do not access or use our services.

Account Data: When you create an account, we collect your name, email address, and a securely hashed version of your password. We never store your password in plain text.

Usage Data: We automatically collect certain information when you access our services, including your IP address, browser type and version, device type, operating system, referring URLs, pages visited, and the dates and times of your interactions with our platform.

File Data: When you use our PDF tools, files are uploaded temporarily to our servers for processing. We do not read, analyze, mine, or permanently store the contents of your documents. Files are held only for the duration needed to complete the requested operation and are automatically purged thereafter.

Payment Data: Payment processing is handled entirely by Stripe, our third-party payment processor. We do not collect, store, or have access to your full credit card number, debit card number, or bank account details. We receive only a transaction identifier, the last four digits of your card, card brand, expiration date, and billing address from Stripe to maintain your subscription records.

We use the information we collect for the following purposes:

• Provide and maintain our services: Process your PDF files, manage your account, and deliver the features you request.
• Improve our platform: Analyze usage patterns to enhance performance, fix bugs, develop new features, and optimize the user experience.
• Communicate with you: Send service-related notifications, respond to support requests, and, with your consent, deliver product updates and promotional communications. You can opt out of non-essential emails at any time.
• Prevent fraud and ensure security: Detect, investigate, and prevent fraudulent transactions, unauthorized access, abuse of our services, and other illegal activities.
• Comply with legal obligations: Fulfill our legal and regulatory requirements, including tax reporting and responding to lawful requests from authorities.

Your privacy during file processing is our highest priority. All files uploaded to SexyPDF are encrypted in transit using TLS 1.3 and encrypted at rest using AES-256 encryption on our processing servers.

Uploaded files are automatically and permanently deleted within 2 hours of processing completion. This deletion is irreversible, and no copies, backups, or cached versions of your files are retained beyond this window.

We do not share, sell, license, or otherwise distribute your uploaded files to any third party. We do not use your files for training machine learning models, analytics, or any purpose other than completing the specific PDF operation you requested. Our employees do not access the contents of your files unless you explicitly request support assistance and provide consent.

Essential Cookies: We use strictly necessary cookies to enable core functionality such as user authentication, session management, and security tokens. These cookies cannot be disabled as they are required for the service to function.

Analytics Cookies: With your consent, we use optional analytics cookies to understand how visitors interact with our website. This helps us improve our services and user experience. You can accept or decline analytics cookies via our cookie consent banner.

No Advertising Cookies: We do not use third-party advertising cookies or tracking pixels. We do not participate in ad networks or allow third-party advertisers to track our users across the web.

For full details on the specific cookies we use and how to manage your preferences, please see our Cookie Policy.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share limited data with the following categories of service providers, all of whom are bound by strict data processing agreements:

• Hosting providers: Infrastructure partners who host our servers and store encrypted data on our behalf.
• Payment processors: Stripe processes all payments securely. They receive only the information necessary to complete transactions.
• Email service providers: We use transactional email services to deliver account notifications and service communications.

We may also disclose your information if required to do so by law, in response to a valid legal process (such as a court order or subpoena), or when we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, or to investigate fraud.

SexyPDF processes and stores all data within the European Union (EU). Our primary servers and infrastructure are located in EU data centers.

We are fully compliant with the General Data Protection Regulation (GDPR). In the event that any data must be transferred outside the EU, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries recognized by the European Commission as providing an adequate level of data protection.

We implement comprehensive technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Access controls: Strict role-based access controls ensure that only authorized personnel can access systems containing personal data, and only when necessary for their role.
• Regular audits: We conduct regular security audits, vulnerability assessments, and penetration testing to identify and remediate potential risks.
• SOC 2 compliant infrastructure: Our hosting infrastructure is SOC 2 Type II certified, ensuring that our service providers meet rigorous standards for security, availability, and confidentiality.

While we strive to use commercially acceptable means to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly notifying affected users in the unlikely event of a data breach, in accordance with GDPR requirements.

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

• Right of access: You have the right to request a copy of the personal data we hold about you.
• Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
• Right to erasure: You have the right to request the deletion of your personal data, subject to certain legal exceptions.
• Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to restriction: You have the right to request that we restrict the processing of your personal data under certain circumstances.
• Right to object: You have the right to object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

To exercise any of these rights, please contact us at post@sexypdf.com. We will respond to your request within 30 days, as required by GDPR. You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been infringed.

SexyPDF is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete that information from our servers.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at post@sexypdf.com so that we can take appropriate action.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page.

For material changes that significantly affect how we handle your personal data, we will notify registered users via email prior to the changes taking effect. We encourage you to review this policy periodically to stay informed about how we protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team at post@sexypdf.com.

We aim to respond to all privacy-related inquiries within 5 business days. For GDPR rights requests, we will respond within the legally required timeframe of 30 days.