Data Security and Privacy

PDFCrowd is operated by Pdfcrowd s.r.o., an EU company. This page summarizes how PDFCrowd handles customer content, data processing, and related business data protection documents.

Customer Content Processing

Customer content submitted to PDFCrowd is processed to provide the requested document conversion, return the output, operate and secure the service, prevent abuse, and provide support.

Our controller processing is described in the Privacy Policy. When PDFCrowd processes Customer Personal Data as processor on behalf of a customer, that processing is governed by the Data Processing Agreement.

Retention and Deletion

PDFCrowd does not keep uploaded or generated files for later use. Uploaded files, submitted HTML, and generated PDF or image output are kept only as long as needed to process the conversion and make the result available. They are then deleted from active processing systems within 30 minutes. PDFCrowd does not create backup copies of uploaded files, submitted HTML, or generated output files.

Converted URLs may be kept in the conversion log according to the account retention setting. The default period is 14 days, and customers can set converted URL retention to no storage.

Related service data is kept only as needed to support customers, secure the service, prevent abuse, and meet legal obligations. The formal retention and deletion terms for processor processing are described in the Data Processing Agreement.

Data Processing Agreement

Business customers can review our current standard Data Processing Agreement. Logged-in customers can complete and accept the DPA for their account from account settings.

Subprocessors

PDFCrowd uses subprocessors to provide hosting, storage, support, and email delivery. The current list is published on the Subprocessors page.

International Transfers

Some PDFCrowd service infrastructure and subprocessors are located in, or may process data in, the United States. Where Customer Personal Data is transferred outside the EEA, or outside the UK where UK GDPR applies, PDFCrowd uses transfer safeguards under GDPR Chapter V or UK GDPR international transfer rules, such as adequacy decisions, UK adequacy regulations, the EU-US Data Privacy Framework or the UK Extension to the EU-US Data Privacy Framework where applicable, EU Standard Contractual Clauses, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses.

Company and Jurisdiction

PDFCrowd is operated by Pdfcrowd s.r.o., a company based in the Czech Republic. Full company registration and contact details are available on the About PDFCrowd page.

Security and Operational Measures

The PDFCrowd DPA describes technical and organisational measures for customer-content processing. These include encrypted service access, access controls, administrative authentication, logging and monitoring, logical separation of customer accounts and service data, service infrastructure backup and recovery procedures, subprocessor due diligence, and incident response procedures.

Support and Reliability

PDFCrowd is used for production document conversion workflows and provides direct technical support for customers integrating our products. Our team can help with setup, account configuration, and production integration questions.

The service is operated with monitoring, abuse protection, incident response procedures, and service infrastructure backup and recovery procedures for continuity. Core service infrastructure runs across multiple availability zones to reduce the impact of single-zone failures.

Compliance Boundaries

When PDFCrowd processes Customer Personal Data as processor on behalf of a customer, that processing is governed by the Data Processing Agreement. The DPA is designed to provide the processor terms required by GDPR Article 28 and UK GDPR Article 28 where applicable. The Privacy Policy describes personal data that PDFCrowd processes as controller, and the Subprocessors page lists subprocessors used for Customer Personal Data.

Customers are responsible for determining whether their use of PDFCrowd is lawful for the content they submit, including having any required legal basis, notices, permissions, and internal approvals.

Related Documents

• About PDFCrowd
• Data Processing Agreement
• Subprocessors
• Privacy Policy
• Terms of Service