PDFSleuth

Privacy Policy

We are committed to protecting your privacy and handling your data with transparency and care.

Last updated: February 27, 2026

1. Introduction

PDFSleuth ("we", "our", or "us") operates pdfsleuth.com (the "Service"). This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights regarding your personal data.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

Account & Registration Data

When you create an account we collect your name, email address, and a hashed version of your password. This information is required to provision and manage your account.

PDF Files

Your uploaded PDF files are never stored on our servers. All file content is processed entirely in-memory during your active request and is discarded immediately afterwards. We have no access to the contents of your documents after the request completes.

File Names, Search Terms & Context

To provide you with a search history, we store only the following minimal data per search:

  • PDF file name — the name of the file you uploaded;
  • Search terms — the keywords or phrases you searched for;
  • Context — the surrounding text snippets returned by your search.

No file contents are ever stored. Only this minimal metadata is retained, and it is linked exclusively to your account so that you can review your past searches. It is never used for advertising, profiling, or shared with third parties.

What we store vs. what we don't: We store only the PDF file name, search terms, and result context needed to power your search history. The actual contents of your PDF files are never stored on our servers — all file processing happens in-memory during your request.

Contact Form Data

When you use our contact form we collect your name, email address, and message content. This data is used solely to respond to your enquiry and may be retained for up to 2 years or until you request its deletion.

Usage & Technical Data

We automatically collect certain technical information when you visit the Service, including your IP address, browser type and version, pages visited, time and date of access, and referring URLs. This data is used for security monitoring, performance optimisation, and aggregate analytics.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service;
  • Create and manage your account and subscription;
  • Enforce plan limits and prevent abuse;
  • Respond to support enquiries and contact form submissions;
  • Send transactional emails (account verification, password reset, subscription receipts);
  • Store your PDF file name, search terms, and result context to provide you with a personal search history;
  • Monitor and analyse aggregate usage patterns (such as number of searches performed) to improve the Service;
  • Detect, investigate, and prevent fraudulent or illegal activity;
  • Comply with applicable legal obligations.

We do not use your data for behavioural advertising, sell it to data brokers, or share it with third parties except as described in Section 5.

4. Cookies & Similar Technologies

We use the following categories of cookies and similar technologies:

  • Strictly necessary cookies — required for authentication and session management. These cannot be disabled.
  • Security cookies — set by Cloudflare Turnstile to distinguish human users from bots on our contact form.

We do not use analytics cookies or tracking cookies. Our analytics solution (Simple Analytics) operates entirely without cookies and does not track you across websites.

5. Third-Party Services

Simple Analytics

We use Simple Analytics to understand how visitors use the Service in an ethical and privacy-friendly manner. Simple Analytics does not use cookies, does not track users across websites, and does not collect any personal data or IP addresses. It provides us with aggregated, anonymised statistics such as page views, referrers, and device types.

Simple Analytics is fully compliant with GDPR, CCPA, and PECR regulations. All data is processed in the European Union. You can view their Privacy Policy for more information. No opt-out is necessary as Simple Analytics does not track you.

Cloudflare Turnstile

We use Cloudflare Turnstile on our contact form to protect against automated spam submissions. Turnstile is a privacy-friendly alternative to traditional CAPTCHAs that runs a lightweight challenge in the background without tracking or profiling users. Unlike other solutions, Turnstile does not use invasive data collection practices. The service is provided by Cloudflare and is governed by Cloudflare's Privacy Policy.

Payment Processing (LemonSqueezy)

Subscription payments are handled by LemonSqueezy. We do not store or process any payment card information on our servers. All payment data is handled directly by LemonSqueezy under PCI-DSS compliance. Please refer to LemonSqueezy's Privacy Policy for details.

6. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. We may share limited data with:

  • Service providers — trusted third parties who assist us in operating the Service (e.g. hosting, email delivery), under strict data processing agreements;
  • Legal authorities — when required by law, court order, or to protect the rights, property, or safety of PDFSleuth, our users, or the public;
  • Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity under equivalent privacy protections.

7. Data Retention

We retain personal data only for as long as necessary:

  • Account data — retained for the lifetime of your account plus 30 days after deletion to allow for recovery. After that it is permanently purged.
  • Contact form submissions — up to 2 years or until you request deletion.
  • Server logs & technical data — up to 90 days for security and debugging purposes.
  • Search history data (PDF file name, search terms, and context) — retained for the lifetime of your account. You may request to clear your full search history at any time.

When data is no longer required it is securely deleted or anonymised.

8. Your Rights

Depending on your location you may have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you;
  • Right to rectification — request correction of inaccurate or incomplete data;
  • Right to erasure — request deletion of your personal data ("right to be forgotten");
  • Right to restriction — request that we restrict how we process your data;
  • Right to data portability — receive your data in a structured, machine-readable format;
  • Right to object — object to processing based on legitimate interests or for direct marketing;
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us at privacy@pdfsleuth.com. We will respond within 30 days. If you are located in the European Economic Area you also have the right to lodge a complaint with your local data protection authority.

9. Security

We implement industry-standard technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. These include TLS encryption in transit, hashed password storage, and restricted internal access controls.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your rights and freedoms, we will notify you and relevant authorities as required by law.

10. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately and we will take steps to delete it.

11. International Data Transfers

Your information may be transferred to and processed in countries outside your own, including the United States, where data protection laws may differ. When we transfer data from the European Economic Area, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or the recipient's participation in an equivalent data transfer framework.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes we will notify you by email (to the address associated with your account) or by placing a prominent notice on the Service at least 14 days before the change takes effect.

Your continued use of the Service after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy, please contact us:

PDFSleuth

Email: privacy@pdfsleuth.com

General enquiries: Contact form