PRIVACY POLICY

Last updated: February 2026

1. Who We Are

PDF Pocket Knife (pdf-pocket-knife.com) is an online PDF tool suite. For the purposes of data protection legislation, PDF Pocket Knife acts as the data controller (GDPR) / controlador (LGPD) for any personal data processed through our service.

Contact: privacy@pdf-pocket-knife.com

2. What Data We Collect

We collect the minimum data necessary to provide our service:

What we do NOT collect: names, email addresses, IP addresses, browsing history, or device fingerprints. No user accounts exist on our platform.

3. How We Use Your Data

• Session cookie: links your processed file to your payment so you can download the result
• Currency cookie: displays prices in your preferred currency (USD, EUR, or BRL)
• File processing: delivers the PDF processing service you requested

Legal Basis for Processing

GDPR (EU/EEA): Contract performance (Art. 6(1)(b)) for paid tool processing; legitimate interest (Art. 6(1)(f)) for session management and currency preferences.

LGPD (Brazil): Execution of contract (Art. 7, V) for paid tool processing; legitimate interest (Art. 7, IX) for session management.

4. Free Tools — Zero Data Collection

Our free tools (Edit, Merge, Rotate, Split, Extract, Watermark) process your files entirely in your browser using JavaScript. Your files are never uploaded to our servers. There is no server contact, no telemetry, and no data collection whatsoever.

This is a deliberate architectural choice, not just a policy promise. The processing code runs on your device and your files physically cannot reach our servers.

5. Pro Tools — Temporary Processing

Pro tools (OCR, Compress, Convert, PDF to Word, Protect, Redact, PDF/A, Sign, Fill Form) require server-side processing:

• Files are uploaded over encrypted connections (TLS 1.3)
• Files are processed by our third-party processor (Nutrient)
• Processed results are stored temporarily (maximum 1 hour)
• Files are permanently deleted after download (maximum 5 downloads per file)
• We do not read, analyse, or use your files for any purpose other than delivering the requested service
• We do not use your documents for AI training, analytics, or any secondary purpose

6. Cookies

We use only essential cookies required for the service to function:

We do not use advertising cookies, third-party trackers, or analytics cookies.

7. Third-Party Services

We share data with the following service providers, only as necessary to operate our service:

• Stripe — Payment processing. Receives transaction data only. We never see or store your card details. PCI-DSS Level 1 compliant.
• Vercel — Hosting and content delivery. Receives standard HTTP request data (headers, IP) as part of normal web hosting.
• Nutrient (PSPDFKit) — Server-side PDF processing for pro tools. Receives PDF files for processing only; files are not stored.
• Upstash — Session state management. Stores job metadata (file ID, tool used, processing status). No personal information is stored.

8. International Data Transfers

Our service providers may process data outside the EU/EEA. These transfers are safeguarded by Standard Contractual Clauses (SCCs) and Data Processing Agreements with each provider, in compliance with GDPR Chapter V and LGPD Art. 33.

9. Your Rights

EU/EEA Residents (GDPR)

Under the General Data Protection Regulation, you have the right to:

• Access any personal data we hold about you
• Rectify inaccurate data
• Request erasure of your data
• Restrict or object to processing
• Data portability
• Lodge a complaint with your supervisory authority (in Portugal: CNPD)

Brazil Residents (LGPD)

Under the Lei Geral de Proteção de Dados, you have the right to:

• Confirm the existence of data processing
• Access, correct, or anonymise your data
• Request deletion of data processed with consent
• Obtain information about entities we share data with
• Data portability
• Revoke consent at any time
• Lodge a complaint with the ANPD

UK Residents (UK GDPR)

You have the same rights as EU/EEA residents described above. You may lodge a complaint with the Information Commissioner's Office (ICO).

California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act and California Privacy Rights Act:

• You have the right to know what personal information we collect and how we use it
• You have the right to request deletion of your personal information
• We do NOT sell your personal information
• We do NOT share your personal information for cross-context behavioural advertising
• We do not offer financial incentive programs related to personal data

Note: Because we collect minimal data and no personally identifiable information, most rights requests will result in confirmation that we hold no personal data about you.

To exercise any of these rights, contact us at privacy@pdf-pocket-knife.com.

10. Data Security

• All data transmitted to our servers uses TLS 1.3 encryption
• Processed files are deleted within 1 hour
• Session identifiers are cryptographically random
• No persistent storage of user content on our servers
• Payment processing by Stripe with PCI-DSS Level 1 compliance

11. Children's Privacy

Our service is not directed at children under 16 years of age (as defined by the GDPR) or under 13 years of age (as defined by COPPA). We do not knowingly collect personal data from children. Since no user accounts or personal information are required to use our service, we have no mechanism to verify the age of our users.

12. Changes to This Policy

We may update this privacy policy from time to time. The "last updated" date at the top of this page indicates when the policy was last revised. Material changes will be announced on our website. Your continued use of the service after any changes constitutes acceptance of the updated policy.

13. Contact

For any privacy-related questions or to exercise your data protection rights, contact us at privacy@pdf-pocket-knife.com.

You can also reach us through our contact page.