Privacy Policy

Effective April 7, 2026. This policy describes how PDFGorilla handles personal information.

1. Who we are

PDFGorilla ("we", "us") provides tools to design templates, generate PDFs, and use related features including APIs and optional AI assistance. This Privacy Policy explains how we collect, use, share, and protect information when you use our Service.

2. Information we collect

Depending on how you use the Service, we may collect:

  • Account data. Name, email address, profile image (if you choose to add one), authentication identifiers, and preferences (such as theme).
  • Customer content. Templates (HTML, CSS, settings), sample or mock data you provide, uploaded assets (for example images stored for use in templates), API request payloads needed to render PDFs, and generation logs associated with your account.
  • Billing data. When you subscribe to a paid plan, our payment processor (Polar) collects payment details and billing contact information. We receive limited billing metadata needed to manage your subscription and entitlements.
  • Usage and technical data. IP address, device and browser type, approximate location derived from technical data, timestamps, diagnostic logs, and information about how you interact with the Service (for example API usage and quotas).
  • Communications. Messages you send to us (such as support requests) and records needed to deliver transactional email (for example through our email provider).
  • AI copilot interactions. When you use AI-assisted features, prompts and related template context may be sent to an AI provider configured for the Service to generate responses.

3. How we use information

We use information to:

  • Provide, operate, maintain, and improve the Service.
  • Authenticate users, manage sessions, and secure accounts and API keys.
  • Process subscriptions, enforce plan limits, and communicate about billing.
  • Render PDFs, store assets, run the API, and troubleshoot issues.
  • Send service-related messages (such as security notices) and, where permitted, product updates.
  • Monitor usage, prevent abuse and fraud, and comply with legal obligations.
  • Analyze aggregate or de-identified usage to improve the product (including analytics on our hosting platform).

4. Legal bases

Where the EU or UK GDPR applies, we rely on one or more of: performance of a contract with you; legitimate interests (such as securing the Service and improving reliability), balanced against your rights; consent where required (for example certain cookies or marketing where applicable); and legal obligations.

5. How we share information

We do not sell your personal information. We share information with:

  • Processors who help us run the Service, such as hosting and deployment providers (for example Vercel), cloud object storage for assets and generated files, email delivery (for example Postmark), payment processing (Polar), authentication services as configured, analytics services (for example Vercel Analytics), and AI providers used for the copilot feature.
  • Legal and safety requests when we believe disclosure is required by law, regulation, legal process, or to protect rights, safety, and security.
  • Business transfers in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.

6. International transfers

We may process information in countries other than where you live. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for transfers of personal data subject to applicable data protection laws.

7. Retention

We retain information for as long as needed to provide the Service and for legitimate business purposes such as security, accounting, and dispute resolution. Retention periods vary by data type; for example, account data is kept while your account is active and for a brief period afterward unless a longer period is required by law. You may request deletion as described below, subject to legal exceptions.

8. Security

We implement administrative, technical, and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we encourage strong passwords and careful handling of API keys.

9. Your rights

Depending on your location, you may have rights to access, correct, delete, or export personal information; to object to or restrict certain processing; to withdraw consent where processing is consent-based; and to lodge a complaint with a supervisory authority. You can exercise many controls through your account settings. You may also contact us as described below.

10. Children

The Service is not directed to children under the age of majority in their jurisdiction, and we do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us so we can take appropriate action.

11. U.S. state privacy notices

Residents of certain U.S. states may have additional rights under local privacy laws (for example rights to know, delete, or opt out of certain sharing). Where required, we honor applicable requests and do not discriminate for exercising privacy rights. Contact us to submit a request.

12. Cookies and similar technologies

We and our partners may use cookies and similar technologies for authentication, preferences, security, and analytics. You can control cookies through browser settings; some features may not work without required cookies.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version and revise the effective date. Where changes are material, we will provide additional notice as appropriate.

14. Contact

For privacy questions or requests, email hello@pdfgorilla.io.