PDF Blue Security

Privacy Policy

Last updated: May 30, 2026

1. Who we are

PDF Blue Security ("we", "us", "our") provides a software platform for protecting PDF files and controlling access. This Privacy Policy describes how we collect, use and protect personal data when you use the website pdfbluesecurity.com, the API at api.pdfbluesecurity.com, and our desktop applications PDF Blue Control and PDF Blue Reader.

2. What we collect

Account data

  • Company name (used as login identifier)
  • Account owner name
  • Account contact email
  • Hashed password (we never store passwords in clear text)
  • Plan and subscription status

Billing data (processed by Stripe)

  • Stripe customer ID and subscription ID
  • Invoice records (amount, currency, status, date)

Card numbers, CVCs and expiration dates are processed and stored by Stripe under their PCI-DSS compliance. We never see or store complete card details.

Operational data created by the Customer

  • End-users created by the Customer in PDF Blue Control (username, hashed password, watermark data, expirations, limits).
  • Metadata of protected files (filename, limits, watermark configuration, hidden pages, IP restrictions, expiration).

Logs

  • Access events: views, prints, machine activations, including timestamps, IP addresses and tracking codes for audit.
  • Email delivery events (subject, status, provider message id).
  • Webhook events received from Stripe (for billing audit and idempotency).

3. Why we collect it

  • To provide the Service: authenticate users, validate file access, enforce limits.
  • To bill and process subscriptions through Stripe.
  • To deliver transactional emails (welcome, password recovery, important notices).
  • To detect and prevent abuse and unauthorized access.
  • To support our customers and resolve issues.

4. Where data is stored

Data is stored on our server infrastructure. We use industry-standard practices including password hashing (bcrypt), encryption of sensitive fields (Fernet symmetric encryption), HTTPS in transit, and signed Stripe webhooks for integrity.

5. Sharing with third parties

We do not sell personal data. We share data only with the service providers strictly necessary to operate the Service:

  • Stripe — for payment processing and subscription billing.
  • Email provider (Resend) — to deliver transactional emails.
  • Hosting provider — to run our servers.

Each of these providers operates under their own privacy and security commitments.

6. How long we keep data

Account data is kept while the subscription is active and for a reasonable period after cancellation, so that the account can be reactivated without data loss. Access logs and billing records may be kept longer for legal, tax and audit obligations.

If a Customer asks us to delete their account permanently, we will delete the personal data associated with the account, subject to legal retention requirements.

7. Your rights

Depending on your jurisdiction you may have rights to access, correct, export or delete the personal data we hold about you. To exercise these rights, contact support@pdfbluesecurity.com.

8. Cookies and tracking

The marketing website pdfbluesecurity.com does not use third-party advertising trackers. We may use a minimal session cookie for the website. The API at api.pdfbluesecurity.com does not set cookies for end-users — authentication uses bearer tokens issued to the desktop applications.

9. Children

The Service is not directed to children. We do not knowingly collect personal data from anyone under the age of 16.

10. Changes

We may update this Privacy Policy. Significant changes will be communicated by email or via the website. The date at the top of this page indicates when the policy was last updated.

11. Contact

For privacy questions, contact support@pdfbluesecurity.com.