At PDF Ninja, protecting your documents and personal data is fundamental. Every tool and every process is designed with your security and privacy in mind first.
We built PDF Ninja with one core principle: your files are yours and yours alone. Most of our tools run entirely in your browser, meaning your documents never leave your device.
Editing, merging, splitting, compression, and conversion tools run with JavaScript directly in your browser. Your files stay on your device at all times without being sent to any server.
When server processing is needed (OCR, AI), all data is transferred using 256-bit SSL/TLS encryption. Your files are protected during every transfer.
Temporary server files are automatically deleted within a maximum of 1 hour. We do not retain any files beyond the time needed to complete your operation.
We do not store, index, or analyze your documents. Once your file is processed, it disappears from our systems unless you choose to save it to your account.
We take data protection regulations seriously. Our privacy practices are designed to comply with the strictest international regulations, including the European GDPR.
Our technical infrastructure is configured with multiple layers of security to ensure every interaction with PDF Ninja is safe and reliable.
Every page on PDF Ninja is served exclusively over HTTPS. Insecure connections are automatically redirected to the encrypted version.
We implement HTTP security headers including HSTS, X-Content-Type-Options, and X-Frame-Options to protect against common attacks such as clickjacking and content injection.
We perform regular security audits and keep our software up to date to protect against known vulnerabilities and emerging threats.
We do not use invasive third-party trackers. We only collect anonymous, essential analytics data to improve the service, always with your consent.
We believe you should have full control over your data. As a PDF Ninja user, you have the following rights that you can exercise at any time:
Most of our tools process files directly in your browser using JavaScript. Your files never leave your device. Only tools that require server-side processing (such as OCR or AI features) transfer data, always with SSL/TLS encryption.
Temporary server files are automatically deleted after 1 hour. We do not store any files permanently unless you choose to save them to your account. You can request immediate deletion at any time.
Yes, we are fully GDPR compliant. This includes cookie consent with granular controls, right to erasure, data portability, and transparent data processing. We also offer Data Processing Agreements for enterprise customers.
No. Your files are never shared with third parties. When server-side processing is used, files are processed on our secure infrastructure and deleted immediately afterward. AI features use the Anthropic Claude API with strict data non-retention policies.
We use HTTPS on every page, HTTP security headers (HSTS, X-Content-Type-Options, X-Frame-Options), SSL/TLS encryption for all transfers, and regular security audits. Our infrastructure is designed to protect your data at every step.
For more details, review our full policies or contact us directly.
