GDPR Compliance
GDPR Notice
Last updated: July 4, 2026
This notice explains how we handle personal data of visitors located in the European Economic Area, the United Kingdom, and Switzerland under the General Data Protection Regulation ("GDPR") and equivalent laws. It supplements our Privacy Policy and Cookie Policy.
Data controller
PDFCap is the data controller for the personal data collected through this website. You can reach us via our contact page.
Personal data we process
- Account data you provide when you sign in (email, display name).
- Content data you generate by using admin features (settings, blog posts).
- Contact form submissions — name, email, and message content.
- Technical data — IP address, browser type, and device information, collected in server logs for security and abuse prevention.
- Cookie and advertising data — only if you consent (see the Cookie Policy).
We do not upload the PDF files you process with our tools to any server — they are handled entirely inside your browser.
Lawful bases (Article 6 GDPR)
- Contract (Art. 6(1)(b)) — to provide the service you signed up for.
- Legitimate interests (Art. 6(1)(f)) — security, fraud prevention, and improving the service; balanced against your rights and freedoms.
- Consent (Art. 6(1)(a)) — analytics, personalized advertising, and any non-essential cookies. You can withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, and other laws.
Advertising and international transfers
We use Google AdSense to display ads. When you consent, Google processes personal data (including cookie identifiers and IP address) for ad delivery, frequency capping, and measurement. Google is certified under the EU-US Data Privacy Framework, which provides an adequacy decision for transfers from the EEA to the United States. See:
Until you consent, Google Consent Mode v2 keeps advertising and analytics signals set to denied, so no personalized cookies are set and any ad calls that are made rely on non-personalized, contextual signals only.
Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you.
- Rectification of inaccurate personal data.
- Erasure ("right to be forgotten"), subject to certain exceptions.
- Restriction of processing.
- Data portability — receive your data in a structured, machine-readable format.
- Object to processing based on legitimate interests, including profiling for advertising.
- Withdraw consent at any time, without affecting the lawfulness of prior processing.
- Lodge a complaint with your local supervisory authority.
To exercise these rights, contact us. We respond within 30 days.
Retention
- Account data is retained for as long as the account exists.
- Contact form submissions are retained for 24 months.
- Server logs are retained for 90 days.
- Cookie-based advertising data is governed by Google's own retention policies.
Automated decision-making
We do not use personal data for automated decision-making that produces legal or similarly significant effects on you.
Supervisory authority
You may contact your local Data Protection Authority (DPA) if you believe our processing infringes the GDPR. A list of national DPAs is available at https://edpb.europa.eu/about-edpb/board/members_en.
Contact
For any GDPR-related question, contact us.