Data Security and Privacy

PDFCrowd is operated by Pdfcrowd s.r.o., an EU company. This page explains how PDFCrowd handles customer content, how long conversion files are kept, which business data protection documents are available, and where to find the formal legal terms.

Quick Summary

• Uploaded files, submitted HTML, and generated PDF or image output are kept only as long as needed to process the requested conversion and make the result available, then deleted from active processing systems within 30 minutes.
• PDFCrowd does not create backup copies of uploaded files, submitted HTML, or generated output files.
• Business customers can review and accept our Data Processing Agreement.
• PDFCrowd publishes its current subprocessors and explains international transfer safeguards below.

Customer Content Processing

Customer content submitted to PDFCrowd is the input for the requested conversion. PDFCrowd processes that content to generate and return the requested output.

PDFCrowd also processes related service data to operate and secure the service, prevent abuse, and troubleshoot support requests.

Different types of data are covered by different documents. The Privacy Policy covers account, billing, website, and support data. When PDFCrowd processes Customer Personal Data as processor on behalf of a customer, that processing is governed by the Data Processing Agreement.

Retention and Deletion

PDFCrowd does not keep uploaded or generated files for later use. Uploaded files, submitted HTML, and generated PDF or image output are kept only as long as needed to process the conversion and make the result available. They are then deleted from active processing systems within 30 minutes. PDFCrowd does not create backup copies of uploaded files, submitted HTML, or generated output files.

Converted URLs may be kept in the conversion log according to the account retention setting. The default period is 14 days, and customers can set converted URL retention to no storage.

Related service data is kept only as needed to support customers, secure the service, prevent abuse, and meet legal obligations. Formal retention and deletion terms for Customer Personal Data processed under the DPA are described in the Data Processing Agreement.

Data Processing Agreement

Business customers can review our current standard Data Processing Agreement. Logged-in customers can complete and accept the DPA for their account from account settings.

Subprocessors

PDFCrowd uses subprocessors to provide hosting, storage, support, and email delivery. The current list is published on the Subprocessors page.

International Transfers

Some PDFCrowd service infrastructure and subprocessors are located in, or may process data in, the United States. PDFCrowd addresses these transfers through its Data Processing Agreement and transfer safeguards required by EU GDPR and UK GDPR.

For legal review, where Customer Personal Data is transferred outside the EEA, or outside the UK where UK GDPR applies, PDFCrowd uses transfer safeguards under GDPR Chapter V or UK GDPR international transfer rules. These may include adequacy decisions, UK adequacy regulations, the EU-US Data Privacy Framework or the UK Extension to the EU-US Data Privacy Framework where applicable, EU Standard Contractual Clauses, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses.

Company and Jurisdiction

PDFCrowd is operated by Pdfcrowd s.r.o., a company based in the Czech Republic. Full company registration and contact details are available on the About PDFCrowd page.

Security and Operational Measures

PDFCrowd uses technical and organisational measures to protect customer-content processing. The Data Processing Agreement describes these measures in more detail. They include encrypted service access, access controls, administrative authentication, logging and monitoring, logical separation of customer accounts and service data, service infrastructure backup and recovery procedures, subprocessor due diligence, and incident response procedures.

Support and Reliability

PDFCrowd is used for production document conversion workflows and provides direct technical support for customers integrating our products. Our team can help with setup, account configuration, and production integration questions.

The service is operated with monitoring, abuse protection, incident response procedures, and service infrastructure backup and recovery procedures for continuity. Core service infrastructure runs across multiple availability zones to reduce the impact of single-zone failures.

Customer Responsibilities and Legal Scope

PDFCrowd provides business data protection documents for customers who need them for legal or vendor review. The Data Processing Agreement is designed to provide the processor terms required by GDPR Article 28 and UK GDPR Article 28 where applicable. In formal legal terms, the Privacy Policy describes personal data that PDFCrowd processes as controller, and the Subprocessors page lists the subprocessors used for Customer Personal Data.

Customers are responsible for deciding whether their own use of PDFCrowd is lawful for the content they submit. This includes having any required legal basis, notices, permissions, and internal approvals.

Related Documents

• About PDFCrowd
• Data Processing Agreement
• Subprocessors
• Privacy Policy
• Terms of Service