Controller: PDFMagik (sole proprietor). Contact: pdfmagik@gmail.com
Scope
This page summarizes how PDFMagik complies with the EU/UK GDPR when individuals in the EEA/UK use our services. It should be read with our Privacy Policy, Cookie Policy, and Terms.
Lawful bases for processing
| Activity | Data | Purpose | Lawful basis |
|---|---|---|---|
| File processing you request (convert, compress, OCR, etc.) | Uploaded files, extracted text/metadata, outputs | Provide the feature you choose | Contract (Art. 6(1)(b)) |
| Security/operations | IP, device info, logs, error events | Protect, debug, and improve reliability | Legitimate interests (Art. 6(1)(f)) |
| Analytics (GA4) | Aggregate usage metrics | Understand usage to improve tools | Consent (Art. 6(1)(a)) — optional via banner |
| Legal compliance | Minimal records as required by law | Comply with applicable laws | Legal obligation (Art. 6(1)(c)) |
Data minimization & retention
- Uploaded files and outputs are auto‑deleted within 5 hours (typically 4–5 hours) unless you explicitly keep/share them.
- Operational logs are kept for up to 90 days for security/reliability, then deleted or aggregated.
- GA4 event retention in our property is configured to 2 months.
International transfers
Primary processing occurs on India‑based servers with additional infrastructure on our EU‑hosted Hostinger VPS. When data is transferred outside the EEA/UK, we rely on appropriate safeguards (e.g., contractual clauses) and limit transfers to what is necessary to provide the service. See Privacy Policy for details.
Sub‑processors
| Vendor | Role | Region | Notes |
|---|---|---|---|
| Hostinger (EU VPS) | Hosting/infrastructure | EU | Runs our EU server; access controls applied |
| Google Analytics (GA4) | Analytics (optional) | EU/Global | Only with consent; IP anonymization; Ads features disabled |
| Email provider (as used) | Support communications | Varies | Used when you email us |
Your rights (EEA/UK)
- Access, rectification, erasure, portability, restriction, and objection (as applicable).
- Withdraw consent (for analytics) at any time—use the banner on /privacy or clear site data.
- Lodge a complaint with your supervisory authority in the EEA/UK.
To exercise your rights, contact us at pdfmagik@gmail.com. We will verify and respond within applicable timeframes (generally 30 days).
Security measures
- HTTPS in transit, firewalling, and role‑based server access.
- Short‑lived storage for files; periodic clean‑up jobs.
- Least‑privilege practice for admin access.
Data Subject Requests (DSR) process
- Email request to pdfmagik@gmail.com.
- We verify identity via reply‑to email and context.
- Search relevant systems (uploads/logs/support) and respond within legal timelines, unless an exemption applies.
Cookies & consent
We use strictly necessary cookies and, with your consent, analytics cookies (GA4). Consent defaults to denied and is managed via our banner. See the Cookie Policy.
Children
The service is not directed to children under 13 (or the age required by local law). We do not knowingly collect children's data.
Changes
We may update this page from time to time; the "Last updated" date will change accordingly.
Contact
Questions about GDPR compliance? Email pdfmagik@gmail.com.