Your files are private

How we handle your files

When you upload a document, it travels over an encrypted HTTPS connection (TLS 1.2 or higher) to a temporary processing directory on our server. Files are stored under randomly generated, opaque filenames so directory metadata reveals nothing about their contents.

Processed files are made available to you through short-lived signed download links. Each link is cryptographically signed with HMAC-SHA256 and expires after 15 minutes by default. The link cannot be guessed or reused after expiry.

Uploaded files are automatically deleted within one hour. We do not keep backups of your documents, and we do not move them to long-term storage.

What we don't do

• We do not read your files. No human at PDF-Ninja opens, reviews, or audits the content of your uploads. AI features that you explicitly invoke only send the relevant text to the model for that single request and are not used to train any model.
• We do not sell or share documents. Your files are never given or sold to third parties for advertising, analytics, or any other purpose.
• We do not log file contents. Server logs record technical events (timestamps, status codes, IP addresses for abuse prevention) but never the bytes of your documents.
• We do not require an account to use the core tools. The fewer details we hold about you, the less there is to leak.

Your rights (GDPR)

PDF-Ninja operates in the European Union and complies with the General Data Protection Regulation. If you have an account with us, you have the right to:

• Access the personal data we hold about you.
• Correct anything that is inaccurate.
• Request deletion of your account and associated data at any time.
• Export your data in a portable format.
• Object to processing, or restrict it to specific purposes.
• Lodge a complaint with your national data protection authority.

For files you upload without an account, no further action is needed: they are removed automatically within one hour. If you want a file deleted sooner, simply close your tab — the cleanup job will purge it on the next sweep.

How to reach us

Security questions, vulnerability reports, and GDPR requests should go to the address below. We aim to acknowledge security reports within one business day and provide a substantive response within seven days.