PDF-Ninja is built so the documents you upload stay yours. This page explains exactly how we handle, protect, and dispose of your files.
When you upload a document, it travels over an encrypted HTTPS connection (TLS 1.2 or higher) to a temporary processing directory on our server. Files are stored under randomly generated, opaque filenames so directory metadata reveals nothing about their contents.
Processed files are made available to you through short-lived signed download links. Each link is cryptographically signed with HMAC-SHA256 and expires after 15 minutes by default. The link cannot be guessed or reused after expiry.
Uploaded files are automatically deleted within one hour. We do not keep backups of your documents, and we do not move them to long-term storage.
PDF-Ninja operates in the European Union and complies with the General Data Protection Regulation. If you have an account with us, you have the right to:
For files you upload without an account, no further action is needed: they are removed automatically within one hour. If you want a file deleted sooner, simply close your tab — the cleanup job will purge it on the next sweep.
Security questions, vulnerability reports, and GDPR requests should go to the address below. We aim to acknowledge security reports within one business day and provide a substantive response within seven days.
