GDPR

最終更新日: February 2026

PDFEditor (operated by Bestami Caner Kınalı) is committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This page provides detailed information about how we process your data and your rights under the GDPR.

1. Data Controller

Bestami Caner Kınalı is the data controller responsible for your personal data. If you have any questions about data processing, please contact our Data Protection Officer at dpo@pdfius.com.

2. Data We Process

Email address: Provided during registration, used for account management and service communications.
Subscription data: Plan type, billing history, and subscription status, managed through LemonSqueezy.
Usage data: Anonymized analytics data collected through PostHog to improve the Service.
Temporarily processed files: For PDF compression and unlocking, files are temporarily sent to our servers and deleted immediately after processing.

3. Legal Basis for Processing

We process your personal data on the following legal bases:

Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service you subscribed to, including account management and subscription billing.
Legitimate interests (Art. 6(1)(f)): Processing for analytics and service improvement, where our interest does not override your rights.
Consent (Art. 6(1)(a)): For non-essential cookies and analytics tracking, which you can accept or reject via our cookie consent banner.
Legal obligation (Art. 6(1)(c)): Where we are required to retain data for tax, accounting, or other legal requirements.

4. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of access (Art. 15): You may request a copy of the personal data we hold about you.
Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
Right to erasure (Art. 17): You may request deletion of your personal data when it is no longer necessary for the purpose it was collected.
Right to data portability (Art. 20): You may request your personal data in a structured, commonly used, and machine-readable format.
Right to restriction (Art. 18): You may request that we restrict the processing of your personal data in certain circumstances.
Right to object (Art. 21): You may object to the processing of your personal data based on legitimate interests.
Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at dpo@pdfius.com. We will respond to your request within 30 days.

5. Data Retention

Account data: Retained for the duration of your active account, plus 30 days after account deletion.
Billing records: Retained for up to 7 years as required by tax and accounting regulations.
Analytics data: Anonymized analytics data is retained for up to 24 months.
Temporarily processed files: For compression and unlocking, files are deleted immediately after processing and are never stored on our servers.

6. International Data Transfers

Your data may be processed by third-party service providers located outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your personal data.

7. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption of data in transit and at rest, regular security assessments, and access controls.

8. Complaint Procedure

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. You may contact the data protection authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

9. Data Protection Officer

Our Data Protection Officer can be reached at dpo@pdfius.com. The DPO is responsible for overseeing our data protection strategy and ensuring compliance with GDPR requirements.

10. Changes to This Policy

We may update this GDPR information page from time to time. Any material changes will be communicated through our website and, where appropriate, by email.

ホームに戻る

2. Data We Process

Email address: Provided during registration, used for account management and service communications.

Subscription data: Plan type, billing history, and subscription status, managed through LemonSqueezy.

Usage data: Anonymized analytics data collected through PostHog to improve the Service.

Temporarily processed files: For PDF compression and unlocking, files are temporarily sent to our servers and deleted immediately after processing.

3. Legal Basis for Processing

We process your personal data on the following legal bases:

Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service you subscribed to, including account management and subscription billing.

Legitimate interests (Art. 6(1)(f)): Processing for analytics and service improvement, where our interest does not override your rights.

Consent (Art. 6(1)(a)): For non-essential cookies and analytics tracking, which you can accept or reject via our cookie consent banner.

Legal obligation (Art. 6(1)(c)): Where we are required to retain data for tax, accounting, or other legal requirements.

4. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of access (Art. 15): You may request a copy of the personal data we hold about you.

Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.

Right to erasure (Art. 17): You may request deletion of your personal data when it is no longer necessary for the purpose it was collected.

Right to data portability (Art. 20): You may request your personal data in a structured, commonly used, and machine-readable format.

Right to restriction (Art. 18): You may request that we restrict the processing of your personal data in certain circumstances.

Right to object (Art. 21): You may object to the processing of your personal data based on legitimate interests.

Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at dpo@pdfius.com. We will respond to your request within 30 days.

5. Data Retention

Account data: Retained for the duration of your active account, plus 30 days after account deletion.

Billing records: Retained for up to 7 years as required by tax and accounting regulations.

Analytics data: Anonymized analytics data is retained for up to 24 months.

Temporarily processed files: For compression and unlocking, files are deleted immediately after processing and are never stored on our servers.