Privacy Policy

1. Who We Are​

PDFBolt is operated by Michał Szymanowski PDFBolt, a business entity registered in Poland (VAT EU: PL8121921097), with its address at Przedpole 9/73, 02-241 Warsaw, Poland.

For website, account, billing, support, analytics, security, and service operations data, PDFBolt acts as the data controller.

For customer content submitted through the PDF generation API or Dashboard, PDFBolt generally acts as a processor on behalf of the customer under our Data Processing Agreement.

This Privacy Policy explains how PDFBolt collects, uses, and protects personal data under applicable privacy laws, including the GDPR and California privacy laws where they apply.

2. Information We Collect​

PDFBolt collects limited information needed to provide, secure, support, and improve the service.

Some information is required to provide the service, manage your account, or meet legal obligations. If you do not provide required information, we may not be able to provide the relevant service or feature.

Account and Team Data​

When you create or use a PDFBolt account, we may collect your email address, account settings, team membership information, invitation details, API key metadata, subscription status, and related service records.

Billing Data​

Payment card details are processed by Stripe through Stripe Checkout. PDFBolt does not store full card numbers or CVC codes. PDFBolt stores only limited billing metadata needed to manage your account and comply with legal obligations.

Customer Content and Templates​

PDFBolt processes customer content only to provide the requested service. This may include HTML, URLs, template data, template settings, PDF options, authentication parameters, webhook information, or custom S3 upload settings that you submit through the API or Dashboard.

Template layouts, sample data, and template settings saved in the Dashboard are stored as part of your account.

templateData sent in API conversion requests is used to render the requested PDF. The templateData field is always redacted from stored request logs after processing is complete.

API Usage and Request Logs​

We process API usage data needed to operate, secure, troubleshoot, and improve PDFBolt. This may include request timestamps, endpoint information, response status, account or team identifiers, technical metadata, and request logs.

The html and templateData fields are always redacted from stored request logs after processing is complete. For new teams, httpCredentials and customS3PresignedUrl are also redacted from stored request logs by default.

Website, Analytics, and Source Information​

We may collect limited website usage, analytics, and source information to understand how users discover and use PDFBolt.

Plausible Analytics is configured as a cookie-free analytics tool. It helps us understand aggregate website usage without using cookies to identify visitors or track them across websites.

Support Data​

If you contact us for support, we process the information you provide, including messages, contact details, chat transcripts, and related technical context needed to respond to your request.

Security and Error Monitoring Data​

We use technical and security information to protect PDFBolt, detect abuse, prevent spam, and troubleshoot errors. This may include browser information, page URLs, stack traces, anonymous session identifiers, reCAPTCHA signals, and similar technical data.

Sentry is configured to avoid collecting default personally identifiable information. Error reports may include technical details such as stack traces, browser information, page URLs, and anonymous session identifiers.

Optional AI Feature Data​

If you use optional AI features, we process the inputs you provide and the generated output needed to provide those features, search optional stock images, and help prevent abuse.

3. How We Use Information​

We use information for the following purposes:

• To provide, maintain, and improve the PDF generation API, Dashboard, templates, and related services.
• To create and manage accounts, teams, subscriptions, API keys, and settings.
• To process payments and manage billing through Stripe.
• To provide customer support and respond to privacy-related requests.
• To generate PDFs, process templates, deliver webhooks, and upload files to customer-provided storage where configured.
• To secure the service, prevent abuse, detect technical issues, and maintain service reliability.
• To understand aggregate website usage and how users discover PDFBolt.
• To provide optional AI features when you choose to use them.
• To comply with legal, tax, accounting, and regulatory obligations.

The legal basis depends on the processing purpose, such as providing the service, meeting legal obligations, protecting the service, or acting on your consent where required.

4. Service Providers​

PDFBolt works with service providers that help us operate the website, API, Dashboard, support, billing, analytics, security, storage, and optional AI features. These providers process information only as needed to provide their services to PDFBolt.

For a narrower list of subprocessors that may process customer personal data under our DPA, see our Data Processing Agreement.

PDFBolt does not sell personal information.

5. International Transfers​

PDFBolt's PDF generation infrastructure and default temporary PDF storage are hosted in the European Union.

Some service providers used for account management, billing, authentication, support, analytics, security, and optional AI features may process data outside the EEA. Where required, PDFBolt relies on Standard Contractual Clauses or other appropriate transfer safeguards.

6. Security​

We use HTTPS/TLS to protect data in transit. Data stored by our infrastructure and service providers is protected using provider-managed encryption, access controls, and other security measures.

We work with service providers that maintain appropriate security measures, including encryption and access controls where applicable.

No method of transmission or storage is completely secure. If you believe your account or data may be at risk, contact us at contact@pdfbolt.com.

Where required by applicable law or our DPA, we will notify affected customers or authorities of personal data breaches.

7. Data Retention​

We retain information only for as long as needed for the purposes described in this Privacy Policy, including service operation, support, security, billing, tax, accounting, compliance, and legal obligations.

Generated PDFs​

PDFs stored in PDFBolt's default temporary storage for sync and async conversions expire after 24 hours. PDFs returned directly in the API response are not stored by PDFBolt for later retrieval. PDFs uploaded to your custom S3 bucket are retained according to your bucket settings.

Templates and Account Data​

Template layouts, sample data, template settings, account settings, team records, and related Dashboard data are retained while your account is active or as needed to provide the service.

Request Logs​

We retain API request logs for troubleshooting, security, usage analysis, and service operation. The html and templateData fields are always redacted from stored request logs after processing is complete. Teams can configure additional request fields for redaction in their privacy settings.

Account Deletion​

We will process deletion requests as required by applicable law. Some billing, tax, accounting, security, and transaction records may be retained where legally required or where necessary to establish, exercise, or defend legal claims.

8. Cookies and Similar Technologies​

PDFBolt uses a limited set of cookies and similar technologies for service functionality, security, support, and privacy-friendly analytics.

We may collect limited source information to understand how users discover PDFBolt.

Plausible Analytics is configured as a cookie-free analytics tool. It helps us understand aggregate website usage without using cookies to identify visitors or track them across websites.

Crisp support chat and Google reCAPTCHA may use cookies, local storage, device signals, or similar technologies to provide support and protect the service from abuse.

You can manage cookies through your browser settings. Some service functionality, support, or security features may not work properly if cookies or similar technologies are disabled.

9. Your Rights​

Depending on your location and applicable law, you may have rights to:

• Access personal data we hold about you.
• Correct inaccurate or incomplete personal data.
• Delete personal data.
• Restrict or object to certain processing.
• Receive a copy of your data in a portable format.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local data protection authority.

To exercise these rights, contact us at contact@pdfbolt.com. We may need to verify your identity before completing the request.

We respond to privacy rights requests without undue delay and generally within one month, unless a longer period is permitted by applicable law.

10. California Privacy Rights​

Where California privacy laws apply, California residents may have the right to know, access, delete, correct, opt out of certain sale or sharing of personal information, limit certain uses of sensitive personal information, and not be discriminated against for exercising these rights.

PDFBolt does not sell personal information. If any future data-sharing activity constitutes "sharing" under applicable California privacy laws, we will provide the required opt-out mechanism.

To exercise these rights, contact us at contact@pdfbolt.com. We may need to verify your identity before completing the request.

11. Automated Decision-Making​

PDFBolt does not use personal data for solely automated decisions that produce legal or similarly significant effects.

12. Children's Privacy​

PDFBolt is not intended for children, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to PDFBolt, contact us at contact@pdfbolt.com.

13. Third-Party Links​

Our website and services may contain links to third-party websites or resources. This Privacy Policy applies only to PDFBolt and does not cover websites or services that we do not operate.

When you visit a third-party website, review that website's privacy policy to understand how it handles your information.

14. Changes to This Privacy Policy​

We may update this Privacy Policy periodically. The updated version will be posted on this page with a revised "Last updated" date.

15. Contact​

For privacy-related requests and data protection questions, contact us at contact@pdfbolt.com.

You can also contact us at:

Michał Szymanowski PDFBolt
Przedpole 9/73
02-241 Warsaw
Poland

Last updated: May 7, 2026