Privacy Policy

1. Overview

WorkstationPDF is designed to process PDFs locally in your browser. We do not upload your PDFs to our servers for processing. For a technical diagram of what runs where, see Architecture and trust boundaries. This policy explains what we collect, what we do not collect, and how we use it.

2. Data We Collect

• Account identity (Firebase Auth): email address, user ID, and display name (if you provide one) for sign-in and session management.
• Account state (Cloud Firestore): subscription tier, billing-related flags, and product entitlements tied to your account. This is account metadata, not your documents.
• Usage analytics:we use Google Analytics 4 on workstationpdf.com to understand aggregate traffic and product usage. See Google's policies for how GA4 processes data.
• Contact form: when you email us through Contact, we receive the fields you submit (such as email address and message text) so we can respond. Delivery may use our email provider (for example Resend).
• Newsletter: if you subscribe, we collect the email address you provide and send it to our newsletter provider (Buttondown) so you can receive messages. You can unsubscribe through links in those emails.
• Abuse prevention: for a small number of API routes (contact, newsletter), we may process IP addresses for short periods to enforce rate limits.

3. Data We Do Not Collect

• PDF file contents, or output files, from Extract, Merge, Split, Redact, Password, or Fill workflows in the browser.
• Filenames, page counts, or other metadata derived from PDFs you process in our tools (we do not receive those from tool operations on our backend).
• Server-side storage or inspection of your documents for processing. PDF work runs in your tab unless you explicitly upload something unrelated (for example a support attachment you choose to send by email outside this product).

4. Compliance positioning

WorkstationPDF is not marketed as a HIPAA business associate service, is not SOC 2 certified, and we do not represent that using the product alone satisfies any specific regulatory framework. Many teams care about local processing; you remain responsible for your own compliance program and how you use software.

5. Payments

Payments are processed by Stripe. We do not store full card numbers or payment card security codes. Stripe may collect and process payment data according to Stripe's own policies.

6. Third-Party Services

We use third-party providers to run the service, including:

• Google Firebase (authentication, database, and hosting).
• Stripe (checkout, billing portal, and payment events).
• Google Analytics 4 for aggregate site and product usage.
• Resend or similar email delivery for contact notifications.
• Buttondown for newsletter subscriptions.

7. Data Retention

We retain account and billing metadata for as long as needed to provide the service and comply with legal obligations. You may request account deletion by contacting us.

8. Security

We apply reasonable technical and organizational safeguards. However, no method of transmission or storage is guaranteed to be completely secure.

9. Your Choices

• You can manage billing details in the Stripe billing portal.
• You can request account removal by contacting support.
• You can unsubscribe from marketing or product emails using the link in any newsletter message.

10. Contact

Questions about this policy can be sent to support@workstationpdf.com.