PDF Ninja Tools

Privacy Policy

Effective date: June 26, 2026

This Privacy Policy explains how we collect, use and protect your personal data when you use pdfninjatools.com (the "Service"). We comply with the EU General Data Protection Regulation (GDPR) and applicable Romanian data protection law.

1. Data controller

  • Company name: Typhon S.R.L
  • Registration number: J2024035999007
  • Registered address: Str. Ion Tuculescu, Nr. 42, Bucharest, Romania
  • Contact: info@pdfninjatools.com

2. What we collect

2.1 Files you process

The majority of our tools run entirely in your browser. For those tools your files are never uploaded to our servers. For tools that require server-side processing (such as Office-to-PDF conversion), your file is transmitted over HTTPS to our processor, converted, returned to you, and then deleted automatically. We do not retain copies of your documents.

2.2 Account data

If you create an account we collect: email address, hashed password (managed by our authentication provider), and an internal user identifier.

2.3 Billing data

When you purchase credits, our payment provider processes your payment details. We receive a transaction reference, amount, currency and status — we do not store full card numbers.

2.4 Usage data

We record credit transactions (tool used, credits debited or added, timestamp) so you can see your usage history. To enforce free-tier limits for anonymous visitors, we store a one-way hash of your IP address; we do not store the raw IP.

2.5 Technical and analytics data

Standard server logs (IP address, user agent, timestamps) are kept short-term for security and abuse prevention. With your consent, Google Analytics 4 collects aggregated usage statistics (pages viewed, device, approximate location, referring site) using cookies and similar technologies. See our Cookie Policy for details.

3. Why we use your data (legal bases)

PurposeLegal basis (GDPR Art. 6)
Providing the Service and processing your filesPerformance of a contract
Managing your account and creditsPerformance of a contract
Processing payments and issuing invoicesContract / legal obligation
Preventing fraud and abuse of free creditsLegitimate interests
Security, debugging and service improvementLegitimate interests
Analytics cookiesYour consent
Responding to support requestsLegitimate interests
Complying with tax, accounting and other legal obligationsLegal obligation

4. How long we keep your data

  • Uploaded files: deleted as soon as processing is complete; in any case within 24 hours.
  • Account data: kept while your account is active and for up to 12 months after deletion (for dispute resolution).
  • Billing records: kept for 10 years as required by Romanian tax law.
  • Hashed IPs (free-tier tracking): kept for up to 30 days.
  • Server logs: up to 90 days.
  • Analytics: per Google Analytics retention settings (default 14 months).

5. Who we share data with

We share personal data only with the processors needed to run the Service, under written data processing agreements:

  • Hosting & backend infrastructure (database, authentication, edge compute).
  • Payment processing for credit purchases.
  • CloudConvert for server-side document conversion.
  • Google Analytics for aggregated usage statistics (consent-based).

We do not sell your personal data. We will only disclose data to authorities where legally required.

6. International transfers

Some of our processors operate outside the European Economic Area. Where that is the case, transfers are protected by Standard Contractual Clauses approved by the European Commission and additional safeguards where required.

7. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion of your data ("right to be forgotten");
  • restrict or object to processing;
  • receive your data in a portable format;
  • withdraw consent at any time (without affecting prior processing);
  • lodge a complaint with the Romanian supervisory authority (ANSPDCP) or your local authority in the EU.

To exercise any of these rights, email info@pdfninjatools.com. We respond within 30 days.

8. Security

All traffic is encrypted in transit using TLS. Passwords are hashed by our authentication provider. Database access is restricted by row-level security policies and least-privilege roles. We regularly review our systems for vulnerabilities. No system is perfectly secure — please choose a strong, unique password.

9. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced on the website. The "Effective date" above reflects the latest version.

11. Contact

Questions about this policy or your data: info@pdfninjatools.com or by post to Typhon S.R.L, Str. Ion Tuculescu, Nr. 42, Bucharest, Romania.