We never receive them. Architecturally.
Every tool on this site — Redact, Sign, Merge, Compress, Convert — runs entirely inside your browser tab. Your files are opened in your device's memory, processed there, and saved back to your device. No upload occurs. There is no server-side code capable of receiving a document, and the Content-Security-Policy on every page instructs your browser to refuse to send one anywhere.
This means we cannot read, scan, retain, share, sell, or be compelled to produce your documents. Not "we promise not to" — we physically can't. You can verify this in about a minute on the Trust Center.
The complete inventory.
- License checks. If you buy Plus or Pro, your license key is your Stripe checkout session ID. Activating or re-verifying a license sends that one string (and nothing else) to our /api/verify endpoint, which asks Stripe whether the purchase is valid. We don't log it to any database — we don't have a database.
- Hosting logs. Our host, Vercel, keeps standard short-lived access logs for page loads (IP address, user agent, URL requested) — the same logs effectively every website generates. They contain no document data and we don't use them to identify anyone.
- Purchase records. Stripe collects your name, email, and payment details when you check out, and holds them under its own privacy policy. We can see receipt-level information (what was bought, when, the billing email) in our Stripe dashboard. We never see card numbers, and we don't export this data anywhere else.
- Support email. If you write to us, we'll have whatever you sent — typically your email address and your question. We use it to answer you and for nothing else.
That is the full list. There is no "and our partners" paragraph, because there are no partners.
Zero cookies. One localStorage key.
This site sets no cookies — which is why there's no cookie banner. If you buy a license, your browser stores one localStorage entry (bpdf_license_v1) containing your license key, on your device, readable only by this site. Clearing your browser data removes it; you can restore your license anytime with the key from your Stripe receipt email.
Four vendors, none of whom see your files.
- Vercel — hosts these static pages and the license-check function. Privacy policy.
- Stripe — processes payments. Privacy policy.
- Cloudflare cdnjs — serves the open-source PDF libraries your browser downloads to do the processing locally. Privacy policy.
- Google Fonts — serves the two typefaces on this site. Privacy policy.
When your browser fetches fonts or libraries, those services see a standard web request (your IP and user agent) — never your documents, which by then are sealed inside your tab.
GDPR, CCPA, and the easiest data request you'll ever make.
Under GDPR, CCPA, and similar laws you can ask what data we hold about you, request a copy, or ask for deletion. Email schwarzfish98@gmail.com and we'll respond within 30 days. Fair warning about what the answer will be: unless you've emailed us before, we hold nothing. Purchase records live with Stripe, and we'll point you to them or relay a deletion request for anything visible in our dashboard.
We don't sell personal information, we don't share it for advertising, and we have no advertising relationships to share it with.
Children, changes, contact.
- Children. This service isn't directed at children under 13, and since we collect no personal data through the tools, there's nothing for a child to hand over. Purchases require a payment card.
- Changes. If this policy changes, we'll update this page and the effective date at the top. Material changes will be flagged plainly, not buried.
- Contact. schwarzfish98@gmail.com — privacy questions, data requests, or anything else.