Privacy Policy

EditDocs AI (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at editdocsai.com and all associated services (collectively, the “Service”). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

When you use our PDF processing tools, you may upload files (PDFs, images, Word documents, Excel files). These files are:

• Stored temporarily on our secure servers solely to perform the requested operation
• Automatically and permanently deleted within 60 minutes of upload, regardless of whether you download the result
• Never read, analysed, sold, shared with third parties, or used to train AI models
• Transmitted over TLS 1.3 encrypted connections at all times

If you create an account or contact us, we may collect:

• Account data: Email address, display name, profile picture (via OAuth providers)
• Communication data: Messages you send to our support team
• Payment data: Billing name and last 4 digits of card (full payment data processed by Stripe — we never see your card number)

When you visit our Service, we automatically collect:

• Usage data: Pages visited, features used, session duration, referring URL
• Device data: Browser type and version, operating system, screen resolution, language
• IP address: Used for security, fraud prevention, and approximate geolocation (country/region only)
• Cookies: See Section 5 for full cookie details

We use the collected information for the following purposes:

• Service delivery: To process your files and return results
• Account management: To create and maintain your account, if applicable
• Security: To detect and prevent fraud, abuse, and unauthorised access
• Service improvement: Aggregate, anonymised analytics to improve performance and features
• Customer support: To respond to your enquiries and resolve issues
• Legal compliance: To comply with applicable laws and regulations
• Communications: To send you service updates and, where you have opted in, marketing emails

We will never sell, rent, or share your personal data with third parties for their marketing purposes.

If you are located in the European Economic Area (EEA) or United Kingdom, we process your data under the following legal bases:

• Contract performance: Processing necessary to deliver the Service you requested
• Legitimate interests: Security monitoring, fraud prevention, and service improvement
• Consent: Marketing communications (you may withdraw consent at any time)
• Legal obligation: Where required by law or court order

• Uploaded files: Permanently deleted within 60 minutes
• Processed output files: Permanently deleted within 60 minutes
• Account data: Retained for the lifetime of your account; deleted within 30 days of account deletion request
• Usage logs: Retained for up to 90 days for security and debugging, then deleted
• Payment records: Retained for 7 years as required by financial regulations

We use the following types of cookies:

• Strictly necessary: Session cookies for authentication and CSRF protection. Cannot be disabled.
• Functional: Remember your preferences (theme, language). Can be disabled.
• Analytics: Anonymous usage statistics via privacy-respecting tools. Can be disabled.

We do not use advertising cookies or cross-site tracking. You can manage cookie preferences in your browser settings or our Cookie Settings panel.

We work with trusted third parties who process data on our behalf, each bound by strict data processing agreements:

• Stripe: Payment processing (PCI-DSS Level 1 certified)
• Google OAuth / GitHub OAuth: Optional sign-in (only email and name are shared with us)
• Cloud infrastructure: Hosting and file processing in data centres with ISO 27001 certification

We do not use Google Analytics, Facebook Pixel, or any advertising networks.

• All data in transit is encrypted with TLS 1.3
• Files are stored with AES-256 encryption at rest
• Access to production systems is restricted to authorised personnel only, using multi-factor authentication
• Regular security audits and penetration testing
• Automated file deletion enforced at the infrastructure level (not just application level)

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Rectification: Correct inaccurate or incomplete data
• Erasure (“Right to be forgotten”): Request deletion of your personal data
• Restriction: Request that we limit processing of your data
• Data portability: Receive your data in a machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Withdraw consent for marketing at any time

To exercise any right, contact us at privacy@editdocsai.com. We will respond within 30 days.

Our Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@editdocsai.com.

If you are located outside the country where our servers are based, your information may be transferred internationally. We ensure such transfers comply with applicable data protection laws, using Standard Contractual Clauses (SCCs) approved by the European Commission where required.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website and, where required by law, by email. The “Last updated” date at the top of this page indicates when the policy was last revised. Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

• Email: privacy@editdocsai.com
• Website: editdocsai.com/contact