Your Data, Your Control
PDFFillr does not sell your personal information. Your documents are processed solely to provide the Service and are never used to train AI models. Questions? Contact us at Support@pdffillr.ai
Introduction & Scope
This Privacy Policy explains how PDFFillr, operated by Engineersmind Corp, collects, uses, stores, and protects information. The Application is operated from Jersey City, United States.
PDFFillr is a browser-based AI solution designed to perform automated document analysis using content provided by users. This Policy applies to all individuals who create an account or otherwise use the Application.
Definitions
The following terms are used throughout this Privacy Policy:
Engineersmind Corp, the legal entity operating and maintaining the Service.
The web-based application operated by the Company, including its UI, backend services, and supporting infrastructure.
Any individual who creates an account or otherwise accesses or uses the Service.
The registered profile created by a User to access and use the Service.
Information provided during account registration, such as name, email address, and login credentials.
Any documents, files, data, or information uploaded, submitted, or generated by a User through use of the Service.
Any information relating to an identified or identifiable User collected or processed in connection with the Service.
Any operation performed on Personal Data or User Content, including collection, storage, use, modification, and deletion.
External services or providers integrated into the Service for authentication, hosting, analytics, or security.
Any confirmed unauthorized access, disclosure, alteration, or destruction of Personal Data or User Content.
The period for which Personal Data or User Content is retained by the Company.
Third-party accounts voluntarily connected by the User, including Google Drive, Dropbox, and Microsoft OneDrive.
Data Controller & Contact
The User (or the organization on whose behalf the User acts) is the Data Controller for any personal data submitted through the Service. The Company acts as a Data Processor and processes personal data solely for the purpose of providing the Services.
Categories of Data Collected
4.1 — Account Information
4.2 — Documents and File Metadata
4.3 — Usage and Technical Data
4.4 — Integration and Authorization Data
Methods of Data Collection
Information is collected:
- Directly from Users when they create accounts, upload documents, or provide inputs;
- From Connected Accounts when Users authorize access to selected files;
- Automatically through Application operation, logging, and security monitoring.
Cloud Storage Integrations
The Service enables Users to import documents from third-party cloud storage providers. Access is initiated exclusively by the User and is limited to the specific document explicitly referenced.
6.1 — Google Drive
6.2 — Dropbox
6.3 — Microsoft OneDrive
Purpose of Data Use & Legal Basis
The Company processes personal data for the following purposes and on the following legal bases under GDPR Article 6:
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Providing core Service functionality (document analysis, PDF generation) | Performance of a contract (Art. 6(1)(b)) |
| Account management and authentication | Performance of a contract (Art. 6(1)(b)) |
| Security monitoring and fraud prevention | Legitimate interests (Art. 6(1)(f)) |
| System performance and operational logging | Legitimate interests (Art. 6(1)(f)) |
| Support and quality assurance | Legitimate interests (Art. 6(1)(f)) |
| Legal compliance obligations | Legal obligation (Art. 6(1)(c)) |
AI Processing & Human Review
The Application uses automated AI systems including large language models to process documents.
User data is not used to train AI models. AI processing occurs solely to deliver the Service in response to explicit User actions.
Human Review: Documents may also be reviewed by authorized Company personnel for support, quality assurance, or security purposes. Such personnel are bound by confidentiality obligations. Human review is conducted only on an exceptional basis — for example, to investigate a support request or security incident — and is not a routine process. Users may contact Support@pdffillr.ai to request further information.
Data Storage, Retention & Deletion
User data is stored on secure cloud infrastructure. Documents and generated outputs explicitly saved by the User are retained for the duration of the active account. Upon deletion:
- Data is removed from active systems within 30 days;
- Data may persist in encrypted backups for up to 90 days, after which it is overwritten in the ordinary course of backup rotation.
Operational logs are retained for up to 90 days for security and troubleshooting purposes.
Security Measures
The Company implements appropriate administrative, technical, and organizational measures to protect personal data, including:
- Encryption of data in transit and at rest;
- Role-based access controls limiting data access to authorized personnel only;
- Internal data minimization practices to limit the scope of data collected and processed.
User Rights & Choices
In accordance with applicable law, Users may exercise the following rights. All requests will be responded to within 30 days and may be submitted through the Application or by emailing Support@pdffillr.ai.
| Right | Description | How to Request |
|---|---|---|
| Access | Obtain a copy of your personal data | Support@pdffillr.ai |
| Correction | Correct inaccurate personal data | In-app or Support@pdffillr.ai |
| Deletion | Delete your personal data and account | In-app or Support@pdffillr.ai |
| Portability (GDPR) | Receive your data in a structured, machine-readable format | Support@pdffillr.ai |
| Restriction (GDPR) | Restrict processing in certain circumstances | Support@pdffillr.ai |
| Objection (GDPR) | Object to processing based on legitimate interests | Support@pdffillr.ai |
| Opt-out of sale (CCPA) | We do not sell personal data | N/A |
International Data Transfers
The Company is based in the United States. Where personal data of EU or UK individuals is transferred outside the EEA, the Company relies on Standard Contractual Clauses (SCCs) as the legal transfer mechanism in accordance with GDPR Chapter V. For further information or to obtain a copy of applicable SCCs, contact Support@pdffillr.ai.
Data Breach Notification
In the event of a Security Incident, the Company will:
- Notify relevant supervisory authorities within 72 hours of becoming aware of the incident, where required by GDPR;
- Notify affected Users without undue delay where the incident is likely to result in a high risk to their rights and freedoms;
- Provide information on the nature of the incident, data affected, likely consequences, and measures taken.
Notifications will be sent to the email address associated with your account. Ensure your account email is kept current.
Children's Privacy
The Application is not intended for use by children under 18. The Company does not knowingly collect personal data from minors.
Updates to This Policy
The Company may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification with at least 30 days' advance notice before changes take effect.