GDPR & Data Protection
Last updated June 6, 2026
This page explains, concretely, how Pdfblizz meets the GDPR principles — i.e. where and how we measure compliance, not just a claim.
Lawful basis
We process account and billing data to perform our contract with you, and security/diagnostic data under legitimate interest (keeping the Service safe).
Data minimisation & storage limitation — measurable
- Free-tier files auto-delete after 1 hour. This is enforced by an automated sweeper that runs every 30 seconds and hard-deletes expired files from disk and database — it is not manual.
- We never store payment card numbers (Stripe handles them); we keep only a customer reference and payment history.
- Passwords are stored only as salted hashes.
Security measures
- All traffic is encrypted in transit over HTTPS/TLS.
- The "Protect PDF" tool uses AES-256 encryption.
- Access to files is scoped per-account; one user cannot access another's files.
Sub-processors
- Stripe — payment processing.
- Anthropic — AI Chat / Summarize (document text sent only to answer your request; not used for training).
- Cloud hosting for the application and database.
Your rights (access, rectification, erasure, portability, objection)
Email support@pdfblizz.com to exercise any right; we respond within 30 days. You can also delete files and your account directly in the app.
Data transfers
Where data is processed outside your region, we rely on the safeguards (e.g. Standard Contractual Clauses) provided by our sub-processors.