Privacy Policy

1. Information we collect

We collect three categories of information: files you upload for processing, account information you provide (email address, password hash, billing details for paid accounts), and usage metadata (device type, browser, IP address truncated to /24, anonymized referrer).

We do not collect or process the contents of your files beyond what is necessary to perform the requested operation. Files are not scanned for personal data, indexed for search, or analyzed for any purpose other than the specific tool you invoked.

For visitors who do not create an account, we collect only anonymized usage metrics — page views, tool invocations, and outcome (success/failure) without any personally identifiable information.

2. How we use your information

Your files are used only to perform the requested processing operation. Once that operation completes and you have downloaded your result (or 1 hour has elapsed, whichever comes first), the file is permanently deleted from our infrastructure.

Account information is used to authenticate you, deliver service notifications, process payments for paid plans, and provide customer support. We do not send marketing emails unless you have explicitly opted in.

Anonymized usage metadata is used to measure service performance, identify bugs, plan capacity, and prioritize roadmap. This data cannot be reassociated with individual users or files.

3. Information we share

We do not sell your personal data. Period. We do not share it with advertising networks, data brokers, or analytics companies that build cross-site profiles.

We share data only with the following categories of service providers, each bound by data-processing agreements: payment processors (Stripe, PayPal) to handle billing; cloud infrastructure (AWS, Cloudflare) to deliver the service; transactional email providers (Postmark) to send service notifications; and law enforcement, only when compelled by valid legal process in our jurisdiction.

4. Data retention

Uploaded files: maximum 1 hour, then automatically deleted. You can manually delete a file the moment you've downloaded the result.

Account data: retained while your account is active. Upon account deletion, all associated personal data is removed within 72 hours; aggregated anonymized metrics may be retained for service-improvement purposes.

Backups: encrypted, retained 30 days, then destroyed. Backups are scoped per-tenant — deleting your account also removes you from backup contents within the 30-day cycle.

5. Your rights under GDPR

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the right to access, rectify, port, restrict, and erase the personal data we hold about you. You also have the right to object to processing and to lodge a complaint with your local supervisory authority.

To exercise any of these rights, write to [email protected]. We respond within 30 days, typically within 72 hours.

6. Your rights under CCPA

California residents have the right to know what personal information is collected, to delete personal information, to opt out of the sale of personal information (we do not sell personal information), and to non-discrimination for exercising these rights.

To submit a request, write to [email protected] or use the Data Request form in your account settings.

7. Cookies and tracking

We use a minimal set of cookies: an essential session cookie required to log you in, a CSRF token, and an analytics cookie for anonymized page-view metrics. We do not use advertising or cross-site tracking cookies.

See our Cookie Policy for the complete inventory and management controls.

8. Children's privacy

imisspdf is not directed to children under 13 (under 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected such information, write to [email protected] for immediate deletion.

9. International data transfers

imisspdf is operated from Indonesia with primary processing in the European Union. By using our service, you consent to the transfer of your data to these locations. We rely on Standard Contractual Clauses for transfers outside the EEA.

10. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email to account holders and a banner at the top of the site for 30 days. The "Last updated" date at the top reflects the latest revision.

11. Contact us about privacy

Our Data Protection Officer is reachable at [email protected]. For postal correspondence: imisspdf, Attn: DPO, Jl. Mayjen Sungkono No. 89, Surabaya 60224, Indonesia.