← Back to PDFRift

Privacy Policy

Last updated: April 5, 2026

Overview

PDFRift(“we”, “us”, “our”) is a privacy-first PDF toolkit. Our core principle is simple: your files never leave your device. All PDF processing happens entirely in your browser using client-side JavaScript. We do not upload, store, or transmit your PDF files to any server.

This policy explains what limited data we do collect (account information, payment data, usage counts) and how we use it.

1. Information We Collect

Account information

If you create an account, we collect your email address. This is stored securely via Supabase, our authentication provider. Passwords are hashed and never stored in plain text. If you sign in with Google, we receive your email address and name from Google.

Payment information

Payments are processed by Stripe. We never see or store your card number, CVV, or full payment details. Stripe provides us with a transaction record including the amount paid, your email, and a payment reference ID.

Usage data

For free-tier users, we count the number of tool operations per day (stored in your browser's localStorage for anonymous users, or in our database for signed-in users). We log which tool was used and the file size in bytes — we do not log file names or file contents.

Cookies and local storage

We use browser cookies solely to maintain your login session. We use localStorage to track anonymous usage counts. We do not use advertising or tracking cookies.

2. How We Use Your Information

  • To authenticate you and maintain your account
  • To enforce fair-use limits on the free tier
  • To process payments and fulfil paid plan access
  • To send transactional emails (sign-in confirmations, password resets) — no marketing without your consent
  • To detect abuse or fraudulent activity

We do not sell your data. We do not share your data with third parties except as described in this policy.

3. Your Files

PDF processing on PDFRiftruns entirely in your browser. When you use any tool — merge, split, compress, rotate, convert, or edit — your file is read locally by JavaScript running on your device. The file bytes are never sent to our servers.

The only exception is the Edit & Sign PDF tool, where file state may be temporarily stored in your browser's sessionStorage during a payment flow. This data exists only in your browser and is cleared when you close the tab.

4. Third-Party Services

  • Supabase — authentication and database. Stores your email, hashed password, tier, and usage counts. Supabase Privacy Policy
  • Stripe — payment processing. Handles all card data. Stripe Privacy Policy
  • Resend — transactional email delivery. Sends password reset and confirmation emails. Resend Privacy Policy
  • Vercel — website hosting. May log standard web server data (IP address, browser type, page visited) for up to 30 days. Vercel Privacy Policy

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, your email and usage records are permanently deleted within 30 days. Payment records are retained for 7 years as required by law.

6. Your Rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Object to or restrict certain processing
  • Data portability

To exercise any of these rights, email us at privacy@pdfrift.com.

7. Children

PDFRift is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

8. Changes to This Policy

We may update this policy from time to time. We will notify signed-in users by email of any material changes. The “Last updated” date at the top of this page will always reflect the current version.

9. Contact

Questions about this policy? Email us at privacy@pdfrift.com or visit https://pdfrift.com.