Privacy Policy

1. Introduction

This Privacy Policy describes how NRGNR LLC ("we", "us", "our") collects, uses, and protects information when you use the PDFjet API service ("Service") at pdfjet.dev.

2. Information We Collect

Account Information

When you create an account, we collect your email address and optional profile information (name, company). This is stored in our authentication system and used to identify your account.

Usage Data

We track API usage per key, including: number of pages processed, operation type (convert, merge, split, encrypt), filenames, and timestamps. This data powers your dashboard analytics and enforces plan limits.

Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers or full payment details. We retain your Stripe customer ID to manage your subscription.

Server Logs

We collect standard server logs including IP addresses, request paths, user agents, and response codes for security monitoring and debugging purposes.

3. File Processing

We do not store your files. Files uploaded to the API are:

• Processed in memory or via temporary files on the server
• Deleted immediately after the converted PDF is returned in the response
• Never written to persistent storage, backed up, or shared with third parties
• Never accessed, read, or analyzed by our team beyond what is technically required for conversion

Temporary files exist only for the duration of the API request (typically seconds).

4. How We Use Information

We use collected information to:

• Provide and maintain the Service
• Enforce usage limits and plan restrictions
• Process payments and manage subscriptions
• Send transactional emails (welcome email, API key delivery)
• Monitor for abuse, security threats, and Service health
• Improve the Service based on aggregate usage patterns

5. Data Sharing

We do not sell your personal information. We share data only with:

• Stripe — for payment processing
• Resend — for transactional email delivery
• Law enforcement — only when required by valid legal process

6. Data Security

We implement reasonable security measures including:

• All traffic encrypted via TLS (HTTPS)
• API keys hashed in storage and transmitted only at creation
• Rate limiting and IP-based abuse protection
• Secrets managed via encrypted vault
• Containers run as non-root users with minimal privileges

7. Data Retention

• Account data: retained until you delete your account
• Usage logs: retained for 90 days for analytics, then aggregated
• Server logs: retained for 30 days
• Uploaded files: not retained (deleted immediately after processing)

8. Your Rights

You have the right to:

• Access your personal data via the dashboard and profile endpoints
• Update or correct your profile information
• Delete your account by contacting support
• Export your usage data (CSV export available in dashboard)
• Revoke API keys at any time from the dashboard

9. Cookies

The Service uses only essential session cookies for authentication. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

10. Children's Privacy

The Service is not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the dashboard. The "Last updated" date at the top indicates when the policy was last revised.

12. Contact

For privacy-related questions or requests, contact us at [email protected].