PDFRun is committed to GDPR compliance. This page explains your rights as a data subject under the General Data Protection Regulation.
Data Controller
PDFRun is the data controller for personal data processed through our service. Contact: privacy@pdfrun.io
Legal Basis for Processing
- Contract performance — Processing your files and managing your account
- Legitimate interest — Security, fraud prevention, and service improvement
- Consent — Analytics and marketing (where you have opted in)
Your Rights Under GDPR
Right of Access (Article 15)
Request a copy of the personal data we hold about you. We respond within 30 days.
Right to Rectification (Article 16)
Correct inaccurate personal data by updating your account or contacting us.
Right to Erasure (Article 17)
Request deletion of your personal data. Uploaded files are already auto-deleted within 1 hour. Account data is deleted within 30 days of a valid deletion request.
Right to Data Portability (Article 20)
Request your personal data in a machine-readable format (JSON or CSV).
Right to Object (Article 21)
Object to processing of your data for direct marketing at any time.
Data Retention
- Uploaded files: Deleted within 1 hour of processing
- Usage logs: Retained up to 30 days in anonymised form
- Account data: Retained while active, deleted within 30 days of account closure
- Payment records: Retained 7 years for tax compliance
How to Exercise Your Rights
Email privacy@pdfrun.io with subject “GDPR Request” specifying which right you wish to exercise. We verify your identity and respond within 30 days.
Supervisory Authority
If you believe we have violated your GDPR rights, you have the right to lodge a complaint with your national data protection authority.