NivoPDF

Privacy Policy

Last update: 2026-02-20

Introduction

This Privacy Policy explains how NivoPDF collects, uses and protects personal data of users who access and use the website and its services.

Data Controller

The data controller is NivoPDF. For any privacy-related request you can contact us at:

Data processed

While using NivoPDF services, the following data may be processed:

  • Email address and login credentials (if you create an account).
  • Authentication data via Google OAuth2, if chosen by the user.
  • Technical usage data (logs, IP, user-agent, timestamps) required for security and service stability.
  • Information related to credits, plan and performed operations (only for account management).

Zero Retention of files

NivoPDF applies a Zero Retention policy: uploaded files are not stored beyond the time required to process the request and provide the download.

IMPORTANT:
Uploaded files are automatically deleted after processing and in any case within a short maximum time, regardless of account type (anonymous, premium, business).

Purpose of processing

Personal data is processed only for the following purposes:

  • Providing and managing PDF processing services.
  • Managing registration, login and user sessions.
  • Ensuring security, preventing abuse and improving service reliability.
  • Managing plans, credits and premium features.
  • Website usage statistics (analytics) via Umami (self-hosted), in aggregated form, to improve the service.

Legal basis

Data is processed on the basis of the following legal grounds:

  • Performance of a contract (Art. 6.1.b GDPR).
  • Compliance with legal obligations (Art. 6.1.c GDPR).
  • Legitimate interest (Art. 6.1.f GDPR) for fraud prevention and service security.

Data retention

Personal data is stored only for the time necessary for the purposes described above.

  • Uploaded PDF files are automatically deleted (Zero Retention).
  • Account data (email, plan, credits) is stored until the account is deleted.
  • Technical logs may be stored for a limited period for security purposes.

Sharing with third parties

Personal data is not sold. It may be shared only with technical providers strictly necessary for the service.

  • Authentication providers (Google OAuth2, if used).
  • Infrastructure providers (hosting/server) required to run the service.
  • Email providers for transactional communications (password reset, confirmations).
  • Payments: we use Paddle as our payment provider, which may process billing and payment information to complete purchases and handle tax-related requirements.

User rights

Under GDPR, users have the right to:

  • Access their personal data.
  • Request correction or deletion.
  • Restrict or object to processing.
  • Request data portability.
  • File a complaint with the relevant supervisory authority.

Security

We adopt appropriate technical and organizational measures to protect personal data and prevent unauthorized access.

Changes to this Privacy Policy

This Privacy Policy may be updated. If relevant changes occur, a new version will be published on the website.

Back to HomeCookie Policy