Privacy Policy

1. Who We Are

PDF.CEO is a free online PDF editor and document processing service operated by Yahor Zaleski. Our service allows users to edit, convert, merge, split, and manipulate PDF and image files directly in their web browser without uploading files to our servers.

Registered office: ul. Konstancińska 2, U22, 02-942 Warszawa, Poland
Tax ID (NIP): PL5214001838
Registration: CEIDG, REGON: 524253511

2. Data Controller

Yahor Zaleski is the data controller for personal data processed through this website. For any data protection inquiries, you can contact us at:

• Email: legal@pdf.ceo
• DSA Contact: contact@pdf.ceo
• Postal: ul. Konstancińska 2, U22, 02-942 Warszawa, Poland

3. What Data We Process

3.1 Document Processing

3.2 Automatically Collected Data

When you visit our website, we may collect:

• Technical data: IP address (truncated for analytics), browser type, operating system, screen resolution
• Usage data: Pages visited, features used, interaction timestamps, referrer URL
• Device data: Device type, unique device identifiers (only with consent in EEA/UK/CH)

3.3 Cookies and Similar Technologies

We use cookies for:

• Essential cookies: Language preference, consent choices (always active)
• Analytics cookies: Google Analytics (only with consent in EEA/UK/CH)
• Advertising cookies: Google AdSense/Ad Manager (only with consent in EEA/UK/CH)

4. Legal Bases for Processing

Under GDPR and UK GDPR, we process personal data based on:

5. Advertising & Consent

Advertising & Measurement (Google only)

We monetize with Google advertising products (AdSense/Ad Manager). In the EEA, the UK and Switzerland we use a certified CMP that implements the IAB TCF v2.2 framework. Your consent choices are passed to Google (IAB vendor "Google Advertising Products", ID 755) so that ads can switch between personalized and non-personalized delivery accordingly. If you decline consent, we request Non-Personalized Ads (contextual) from Google.

Ad technology providers (ATP)

Within AdSense/Ad Manager we rely on Google's Ad technology providers (ATP) controls. We allow Google and the commonly used set of providers that Google exposes in our account for ad delivery and measurement in the EEA/UK, as surfaced to you via our CMP's vendor list. Google may update that roster over time; our CMP always shows the current vendors and purposes before you make a choice.

What data Google may use

Depending on your choice, Google may use online identifiers (e.g., cookies or device signals), IP-derived information, and contextual signals to serve and measure ads and prevent fraud/abuse. See Google's EU User Consent Policy and cookie resources for details.

Non-Personalized Ads on refusal

If you decline advertising consent in the EEA/UK/CH, our CMP prevents non-essential storage and signals Google to serve Non-Personalized Ads. These rely on context (e.g., page content, coarse geo) and are not based on past behavior.

Consent Mode v2

We use Google Consent Mode v2 so tags respect your choice. Before consent, consent states for ad_storage, ad_user_data, and ad_personalization are denied; after consent, they are updated from the CMP. This affects how Google measures ads and whether personalization is allowed.

Cookies & similar technologies (Google)

Advertising-related storage is set only after consent in the EEA/UK/CH. Examples you may encounter include first-party conversion cookies like _gcl_* and AdSense cookies like __gads / __gpi. Lifetimes and exact names can change; Google maintains an up-to-date list. You can change your choice anytime via "Cookie settings" in our footer.

Your choices & rights

• EEA/UK/CH: You can Accept, Reject, or Customize purposes and vendors in our CMP. We honor your choice and log consent as required.
• You can also manage ad personalization in Google Ad Settings.

6. International Transfers

Some of our service providers may process data outside the EEA/UK. Where this occurs, we ensure appropriate safeguards are in place:

• Google: Relies on Standard Contractual Clauses (SCCs) and additional measures for transfers outside EEA/UK. See Google's Data Processing Terms.
• Other providers: We only work with providers that offer adequate protections under GDPR Article 46 (SCCs, adequacy decisions, or other approved mechanisms).

7. Security

We implement appropriate technical and organizational measures to protect personal data:

• HTTPS encryption for all data transmission
• Regular security updates and monitoring
• Limited access to any collected data (admin only)
• No storage of user documents on our servers
• Isolated execution of advertising code

However, no method of internet transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data Retention

9. Your Rights

Under GDPR and UK GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured format
• Object: Oppose processing based on legitimate interests
• Withdraw consent: Change your mind about consent-based processing
• Complain: Lodge a complaint with your supervisory authority

To exercise your rights, contact us at legal@pdf.ceo. We will respond within one month (extendable by two months for complex requests).

10. Children's Privacy

Our service is not directed to children under 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect and how we use it
• Right to delete your personal information
• Right to opt-out of the sale of personal information (we do not sell personal data)
• Right to non-discrimination for exercising your privacy rights

We do not sell personal information. Our advertising partners may use data for targeted advertising, which may be considered a "sale" under CCPA. You can opt out via our cookie settings or the "Do Not Sell My Personal Information" link where applicable.

12. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for their privacy practices. We encourage you to read the privacy policies of any linked sites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For material changes, we may provide additional notice (e.g., a banner on our website). Your continued use after changes constitutes acceptance of the updated policy.

14. Contact Us

For any questions about this Privacy Policy or our data practices, please contact us:

When contacting us about your rights, please provide sufficient information to identify you and specify your request clearly.

15. Cookie Policy

For detailed information about the cookies and similar technologies we use, please refer to our Cookie Policy (accessible via the "Cookie Settings" link in the footer). There you can manage your preferences and learn about specific cookie purposes and providers.