Privacy Policy

All PDF and document processing happens entirely within your browser, on your device. Files are never uploaded to our servers, transmitted over the internet, or stored anywhere outside your machine. This is an architectural decision, not a marketing claim.

Our tools use client-side JavaScript libraries (including PDF.js and browser APIs) to perform all operations locally. We have no ability to access, read, or recover your files. Once you close or navigate away from a tool, the file data is gone.

• Account information: Email address and basic profile info (name if provided). Google OAuth provides name and email only — no other Google account data is accessed.
• Payment information: Processed by Stripe. We never see, handle, or store credit card numbers, CVVs, or full card details. Stripe provides us a transaction record and last four digits for reference.
• Usage data: Which tools are used, how often, session counts (for free-tier limits), and general engagement metrics. Tied to accounts for functionality (e.g., enforcing the 10-session free limit) and aggregated for analytics.
• Analytics data: Google Analytics (GA4) and Microsoft Clarity for page views, session duration, approximate geographic region, device type, and interaction patterns. Clarity may record anonymised session replays. Neither service has access to files or file content.

We do not collect, access, store, or transmit the content of any file processed using EdgeDocs. No PDFs are read. No documents are analysed. No profiles are built based on file content. There is no server-side file processing — the architecture makes this collection impossible, not merely a policy choice.

• Providing and maintaining accounts and subscriptions
• Enforcing free-tier session limits
• Processing payments through Stripe
• Understanding how tools and the site are used to improve them
• Communicating about accounts, service updates, or support requests
• Complying with legal obligations

We do not use your information for targeted advertising. We do not sell, rent, or share personal data with third parties for marketing purposes.

• Functional cookies for authentication, session management, and preferences.
• Analytics cookies from GA4 and Clarity (can be blocked without affecting tool functionality).
• No advertising cookies or tracking pixels from ad networks.

Account data is stored in a hosted PostgreSQL database with row-level security. Data is encrypted in transit (TLS) and at rest. Database access is restricted to authenticated service functions. Files never leave your device, so there is no file data to secure on our end.

• Supabase — authentication and database
• Stripe — payment processing
• Google Analytics (GA4) — site analytics
• Microsoft Clarity — session recording and heatmaps

Each operates under its own privacy policy.

You may:

• Access your personal data
• Correct inaccuracies
• Request deletion
• Object to or restrict processing
• Request a portable copy of your data

Contact support@edgedocs.co. We will respond within 30 days. For EEA users, GDPR rights apply. Our lawful basis is contract performance and legitimate interest.

Data is retained while your account is active. It will be deleted within 30 days of account deletion except where required for legal or compliance reasons. Aggregated, anonymised analytics may be retained indefinitely.

EdgeDocs is not directed at children under 13. We do not knowingly collect data from children. If we discover such data, it will be deleted promptly.

Changes will be posted on this page with an updated date. We will make reasonable efforts to notify you via email or site notice for material changes.

support@edgedocs.co / edgedocs.co