Legal
Last modified: June 26, 2025
Welcome to SupaPDF, operated by Wibbrix (“we”, “us”, or “SupaPDF”). Your privacy is our top priority. This Privacy Policy outlines how we collect, use, share, and protect your personal information when you use our PDF tools and services at supapdf.com (the “Site”) and related tools, including our API (collectively, the “Service”).
This policy applies to personal information that identifies you or makes you identifiable. It does not cover aggregated or anonymized data, nor data processed on behalf of enterprise customers, which is governed by our Data Processing Addendum. We are committed to transparency, data minimization, and compliance with global privacy laws, including GDPR, CCPA, and Nevada regulations.
This Privacy Policy explains how we handle personal information when you interact with the Service, whether as an individual user, a registered account holder, or an authorized user of an enterprise account. As the data controller, SupaPDF determines the purposes and means of processing your personal information as described here.
This policy does not cover information about our employees, contractors, or job applicants, nor does it apply to non-personal data like anonymized usage statistics.
At SupaPDF, we adhere to the principle of data minimization, collecting only the data necessary to provide and improve the Service. When you upload a file, we temporarily store it for processing but delete it within 24 hours. We do not mine or analyze file contents for purposes beyond your requested task.
We avoid creating user profiles for marketing unless you explicitly consent, and we limit third-party data sharing to what is essential for Service delivery.
California Residents
Under the CCPA, you have rights to access, delete, or opt out of data sales. We do not sell personal information as defined by the CCPA. Requests can be submitted to [email protected].
Nevada Residents
Nevada Revised Statutes Chapter 603A allows opting out of certain data sales. We do not sell personal information per this law.
EEA, UK, and Switzerland
See the European Privacy Disclosures section below for legal bases, cookie practices, and your rights under GDPR. Your data may be transferred to countries like the United States using Standard Contractual Clauses.
We collect personal information to deliver, enhance, and secure the Service. This includes data you provide directly, information from third parties, and data collected automatically.
We use cookies and similar technologies to collect:
We do not share uploaded files for marketing purposes or sell personal information as defined by CCPA or Nevada law.
Our security measures include SSL encryption, secure cloud servers (AWS, OVH, Hetzner), and access controls. Files are encrypted during upload and stored in isolated environments. In case of a breach, we will notify affected users promptly per applicable laws.
The Service is not designed for children under 13, and we do not knowingly collect their data. If we discover such data, we delete it immediately. Contact us at [email protected] if you suspect we've collected a child's information.
We maintain a robust incident response plan. If a breach occurs, we will:
Contact [email protected] to report security concerns.
We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email, site notices, or in-app alerts. The “Last Modified” date will be updated. Check this page regularly to stay informed.
Our Data Protection Officer is available via DataCo GmbH at dataguard.de. For GDPR-related complaints, contact your local supervisory authority, such as the UK ICO.
We use cookies and tracking technologies to improve your experience, secure the Service, and analyze usage.
| Cookie | Type | When dropped | Duration | Purpose | Privacy notice |
|---|---|---|---|---|---|
| Stripe | Strictly Necessary | When accessing payment interface | 30 min / 1 yr / 2 yr | Detect and prevent fraudulent payments | Stripe Cookie Settings |
| Cloudflare | Strictly Necessary | On first site access | 30 min / session | Identify and block bots; manage traffic | Cloudflare Cookies |
| YouTube | Strictly Necessary | When viewing embedded video | Session | Display embedded videos | Google Cookie Policy |
| hCaptcha | Strictly Necessary | When responding to CAPTCHA | Session | Verify human users | hCaptcha Privacy |
| Posthog | Analytics | On service access | 1 year | Monitor and analyze usage | Posthog Privacy |
| Google Analytics 4 | Analytics | On first site access | Up to 2 years | Measure performance and personalize ads (with consent) | GA Privacy |
| Google Ads | Advertising | After interacting with our ads | 90 days | Measure ad performance (with consent) | Google Ads Privacy |
Disable cookies via your browser settings, noting this may affect Service functionality (e.g., login or file tracking). Learn more at allaboutcookies.org.
For users in the EEA, UK, or Switzerland, these disclosures provide additional details per GDPR requirements.
Data may transfer to the US or Singapore for processing (e.g., AWS servers). We use Standard Contractual Clauses and other safeguards to ensure GDPR compliance.
Under GDPR, you have the right to:
Exercise these rights by emailing [email protected]. You can also lodge complaints with your local supervisory authority.
Strictly necessary cookies (Stripe, Cloudflare) are required for Service functionality and do not require consent per Art. 6(1)(b) GDPR. Analytics and advertising cookies (Google Analytics, Google Ads) require your consent. Refusing these cookies may limit personalized features but won't affect core Service use.