Privacy Policy
Last updated: 26 June 2026
This Privacy Policy explains how PdfMind.io ("we", "us", "the Service") handles information when you use our website and tools. We are based in Cyprus (European Union) and follow the EU General Data Protection Regulation (GDPR) and applicable Cyprus law.
1. Who is responsible for your data (Data Controller)
The data controller for this Service is:
- Rockset Ltd
- 26 Makarios Ave. III, 8820 Polis Chrysochous, Cyprus
- Email: info@pdfmind.io
If you have any questions about this policy or your data, contact us at the email above.
2. The data we process, and why
a) Files you use with our in-browser tools
The majority of our tools (for example merge, split, compress, rotate, crop, sign, add text, make fillable, page numbers, watermark, image ↔ PDF and unlock) run entirely in your browser. The files you open with these tools are processed on your own device and are never uploaded to us. We never see them, store them, or have any access to them.
b) Files you use with our conversion tools
A small number of tools cannot run in the browser and need a server: Word/Excel/PowerPoint conversions (to and from PDF) and password-protection. When you use one of these, your file is uploaded over an encrypted (HTTPS) connection to our processing server, converted, and the result is returned to you. Your uploaded file and the result are then deleted immediately after the conversion completes. We do not keep them, back them up, read their contents, or use them for any other purpose.
Please note that a file you upload may itself contain personal data (for example a CV or a form). Because the file is deleted right after processing, we do not retain that data.
c) Technical information
Like virtually all websites, our hosting and server providers automatically process limited technical data needed to deliver and secure the Service — such as your IP address, browser type, and the date/time of requests. This is used only to operate the site, prevent abuse, and keep it secure, and is not used to identify you personally or build a profile.
d) Accounts, newsletters, analytics
We do not offer user accounts, we do not run a newsletter, and we currently do not use third-party analytics or advertising trackers. If this changes in future (see the Cookies section), we will update this policy and ask for your consent where the law requires it.
3. Legal bases for processing (GDPR Article 6)
- To provide a tool you actively chose to use (e.g. converting a file you uploaded): processing necessary to deliver the service you requested, and our legitimate interest in providing it.
- To keep the Service secure and working (e.g. server logs, abuse prevention): our legitimate interest in operating a safe and reliable service (Article 6(1)(f)).
- Any future analytics or advertising cookies: your consent (Article 6(1)(a)).
4. Cookies and similar technologies
The Service does not set advertising or tracking cookies, and currently uses no non-essential cookies.
If we later introduce analytics or advertising (for example, advertising to help keep the Service free), those providers may use cookies. In that case we will display a cookie-consent banner and only enable non-essential cookies after you agree, as required by the EU ePrivacy rules and GDPR.
5. Service providers (processors) and third parties
We rely on a few trusted providers to run the Service. They process data on our behalf, only as needed:
- Cloudflare — hosts and delivers the website and provides security/CDN services.
- Render — hosts the server that performs the conversion tools, in the Frankfurt, EU region.
- Our pages also load some standard open-source code libraries and web fonts from third-party content delivery networks (such as Cloudflare's cdnjs and Google Fonts). When your browser loads these, the provider may receive your IP address as a normal part of delivering the file.
6. International transfers
Some of the providers above are international companies and may process limited technical data outside the European Economic Area (EEA). Where that happens, such transfers are covered by appropriate safeguards recognised under the GDPR (for example the European Commission's Standard Contractual Clauses).
7. How long we keep data
- Files from in-browser tools: never received by us, so never stored.
- Files from conversion tools: deleted immediately after the conversion completes.
- Technical/server logs: kept only for a short period for security and troubleshooting (typically around 30 days), then deleted or anonymised.
8. Your rights under the GDPR
You have the right to: access the personal data we hold about you; have it corrected or erased; restrict or object to its processing; and receive it in a portable format. Because we store almost no personal data and delete uploaded files immediately, in most cases there is little or nothing for us to act on — but you are welcome to contact us at info@pdfmind.io to exercise any of these rights.
You also have the right to lodge a complaint with your data protection authority. In Cyprus this is the Office of the Commissioner for Personal Data Protection (Γραφείο Επιτρόπου Προστασίας Δεδομένων Προσωπικού Χαρακτήρα).
9. Children
The Service is a general-purpose utility and is not directed at children. If you are below the age of digital consent that applies in your country, please use the Service only with the involvement of a parent or guardian.
10. Security
We use encrypted (HTTPS) connections throughout, process conversion files only transiently, and delete them immediately afterwards. No method of transmission or processing is ever completely secure, but we take reasonable measures to protect your information.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will change the "Last updated" date above and, where appropriate, provide a more prominent notice.