Privacy Policy
Last updated: February 2026
1. Introduction
EasyPDF (hereinafter "we", "our" or "the Service") is committed to protecting the privacy of its users. This privacy policy explains how we collect, use, store and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
2. Data Controller
The data controller for personal data is LORENET SYSTEMS, operating the EasyPDF service. SIRET: 931 841 290.
For any questions regarding the protection of your data, you can contact us at: [email protected]
3. Data Collected
We collect the following categories of data:
3.1 Identification Data
- First and last name
- Email address
- Password (stored encrypted)
3.2 Connection Data
- IP address
- Browser type and operating system
- Date and time of connection
- Pages visited
3.3 Payment Data
- Billing information (processed by Stripe)
- Transaction history
3.4 Uploaded Documents
- PDF files uploaded to our servers for processing (automatically deleted within 24 hours)
- Documents generated by the Service
4. Purposes of Processing
Your data is collected for the following purposes:
- Provision and improvement of the Service
- Management of your user account
- Payment processing and billing
- Service-related communications (notifications, updates)
- Customer support
- Compliance with our legal obligations
- Fraud prevention and security
- Anonymized statistical analyses
- Sharing pseudonymized usage data with advertising partners or marketplaces, only with your explicit consent collected via our cookie management panel
5. Legal Basis for Processing
The processing of your data is based on the following legal grounds:
- Performance of contract: processing necessary for the provision of the Service
- Consent: for analytics cookies, marketing/advertising cookies and data sharing with advertising partners
- Legitimate interest: improvement of the Service, security, fraud prevention, internal audit of user activities
- Legal obligation: retention of billing data
6. Data Retention
We retain your data for the following periods:
- Account data: for the duration of your registration, then 3 years after account deletion
- Uploaded documents: Uploaded to our servers for processing, then automatically deleted within 24 hours for users without a subscription, or retained for the subscription duration for Pro users
- Billing data: 10 years (legal obligation)
- Connection logs: 12 months
7. Data Recipients
Your data may be shared with:
7.1 Technical Subcontractors
- Stripe: payment processing
- Railway: infrastructure hosting
- OAuth Authentication Services: Google, GitHub (if you use these login methods)
- Google Analytics: audience measurement and usage statistics (only with your consent)
7.2 Advertising Partners and Marketplaces
With your explicit consent (collected via our cookie management panel, category "Marketing & advertising partners"), pseudonymized usage data may be shared with third-party advertising partners and data marketplaces. This data includes: anonymous session identifier, type of content viewed, site interactions, device type and approximate location.
No direct personal data (name, email address, password) is shared with these partners. You can withdraw your consent at any time via the "Manage cookies" link in the site footer.
All our subcontractors and partners are contractually required to protect your data and use it only for the purposes for which it is provided.
8. Transfers Outside the EU
Some of our subcontractors may be located outside the European Union. In such cases, we ensure that appropriate safeguards are in place:
- European Commission Standard Contractual Clauses
- Privacy Shield Certification (if applicable)
- European Commission Adequacy Decision
9. Your Rights
In accordance with the GDPR, you have the following rights:
- Right of access: obtain a copy of your personal data
- Right to rectification: correct inaccurate or incomplete data
- Right to erasure: request the deletion of your data
- Right to restriction: restrict the processing of your data
- Right to portability: receive your data in a structured format
- Right to object: object to the processing of your data
- Right to withdraw consent: at any time, without affecting the lawfulness of prior processing
To exercise these rights, contact us at: [email protected]
You also have the right to lodge a complaint with the CNIL (French National Commission for Information Technology and Civil Liberties): www.cnil.fr
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Data encryption in transit (HTTPS/TLS)
- Password encryption (bcrypt)
- Restricted access to personal data
- Access monitoring and logging
- Regular backups
12. Changes to This Policy
We may update this privacy policy. In the event of a substantial change, we will inform you by email or via a notification on the site.
13. Contact
For any questions regarding this privacy policy or your personal data, contact us at:
