Privacy Policy

Effective May 21, 2026

PDFShack ("we") respects your privacy. This policy explains what we collect, how we use it, and your choices.

The short version

• Your files stay in your browser for client-side tools — we never see them.
• For server-side tools, files are processed briefly and deleted; never retained.
• We store the minimum needed to run accounts and billing.
• We don't sell your data and we don't run third-party ads.

What we collect

Information you give us

• Account info: name, email, hashed password (via Better-Auth).
• Billing info: processed by PayPal. We never see your card number or bank details; we store only the PayPal subscription ID, subscription status, and invoice metadata.

Information we collect automatically

• Usage events: when you process a file as a logged-in user, we record a SHA-256 hash of the file (not the file), the tool you used, and the byte count, so we can enforce trial limits.
• Standard server logs: IP address, browser type, and time of request. Retained for up to 30 days for security and debugging.
• Cookies: a single session cookie for authentication. No third-party tracking cookies.

Your files

For tools that run entirely in your browser (the great majority), your files never leave your device. For any tool that requires server-side processing, the file is transmitted only for the duration of that operation and then deleted; we do not keep copies.

How we use information

• To provide the Service (process documents, host your account, enforce the trial)
• To process payments and send receipts
• To send service-related emails (verification, password reset, order confirmation)
• To detect abuse and protect the Service

Who we share with

We share data only with vendors that help us operate the Service:

• PayPal (payments) — see paypal.com/us/legalhub/privacy-full
• Resend (transactional email) — see resend.com/legal/privacy-policy
• Vercel (hosting) — see vercel.com/legal/privacy-policy

We don't sell or rent your data to anyone.

Data retention

• Account + billing data: retained while your account is active and for up to 7 years afterward to comply with tax/legal obligations.
• Server logs: up to 30 days.
• Files uploaded for server-side tools: deleted within minutes of processing.

Your rights

You can access, correct, export, or delete your account data at any time by emailing privacy@pdfshack.com. If you're in the EU/UK, you have rights under the GDPR/UK GDPR including the right to lodge a complaint with a supervisory authority. If you're in California, you have rights under the CCPA.

Children

The Service is not intended for children under 13. We don't knowingly collect data from them.

Changes

We'll update this page if our practices change. Material changes will be noted at the top.

Contact

Privacy questions: privacy@pdfshack.com.