• PDF Expert
  • Features
    • iPhone and iPad
      • All Features
      • Read PDF
      • Annotate PDF
      • Edit PDF
      • Fill out PDF Forms
      • Sign PDF
    • Mac
      • All Features
      • Edit PDF
      • Read PDF
      • Annotate PDF
      • Fill out PDF Forms
      • Combine PDFs
      • Sign PDFs
  • Resources
    • Blog
    • Templates
    • Help Center
    • Experience iOS
    • Experience Mac
    • How-to Guides for iOS
      • All How-Tos
      • Edit PDF
      • Fill out PDF Forms
      • Sign PDF
      • Merge PDFs
      • Annotate PDF
      • View PDF
      • Transfer PDFs
      • Convert PDF
      • Create PDF
      • Compress PDF
    • How-to Guides for Mac
      • All How-Tos
      • Fill out Tax Forms
      • Edit PDF
      • Fill out PDF Forms
      • Sign PDF
      • Merge PDFs
      • Create PDF
      • Compress PDF
    • Responsible Disclosure
    • Legal
  • Business
  • Pricing
  • PDF Expert
Free download Buy now
Legal
Legal
Terms of Service
Privacy Notice Website
Privacy Notice for App
Cookie Policy
Data Processing Agreement (EEA)
Data Processing Agreement (US)
Responsible Disclosure
Privacy FAQ
Archives

PDF Expert Privacy Notice for App

Last updated: August 5, 2022 (view archived versions)

Key changes to the Privacy

In Readdle, we respect your privacy, so we are informing you about changes in our Privacy Notice.

These updates became effective on 5 August, 2022. Here are some of the notable changes. We:

  • made the document better organised and easier for you to read and understand;
  • added information about the account;
  • changed 5 data subjects’ categories to 2: Free User and Paying User;
  • added information about the personal data we process in connection with the subscriptions to PDF Expert Premium;
  • changed the scope of personal data we process;
  • added the information about our security measures;
  • clarified the information about data subjects’ rights as US citizens;
  • described how we convert your files now with Convert API.

Please, read the document carefully here. If you have any doubts or questions, you can contact our DPO at dpo@readdle.com.

We are Readdle Limited ("Readdle" or "we"), and we provide you with our application "PDF Expert" ("App" or "PDF Expert") under the Terms of Service.

We understand you care about your privacy, and we appreciate the trust you place in us. To justify that trust, we embed the latest data security standards, improve our awareness of privacy matters, and comply with the General Data Protection Regulation and other privacy laws.

This Privacy Notice describes how your personal data is collected, stored, and used and what happens when you use PDF Expert.

We do not collect, track or store any personal data over what we need to provide and improve our products and services.

For us, you can be:

Data subject Description
User any natural person or legal entity who uses the App.
Free User User that uses the App with certain functionality limits on a free basis.
Paying User User that uses the App on a paid basis or via trial of the paid version.

Table of content

  1. Purpose and scope of this Privacy Notice
  2. Who we are
  3. Personal data in PDF Expert
    • Personal data by source
      • Data we can get from the users
      • Data assigned to the users
      • Automatically-collected, technical, and received by the third parties data
    • Personal data by features
      • App usage
      • Registration of the account
      • Subscription or trial
      • Conversion of the files
      • Login via third-party services
      • Support request
      • Receiving marketing data
      • Invoice history
      • Push notifications
  4. Age limitation
  5. Term of storage
    • General
    • Backup storage
  6. Data transfer outside the European Economic Area
  7. Data sharing with third parties
    • Details
    • Data received from third parties
  8. Security measures
  9. Data subjects rights
    • EU residents
    • U.S. residents
  10. Do-not-track requests
  11. Privacy Notice update

Purpose and scope of this Privacy Notice

This Privacy Notice is our (data controller) statement to you (data subject) that describes how we collect, use, retain and disclose personal data.

This Privacy Notice applies to the App, available on the App Store.

You own and control the personal data we collect about you. You can choose not to provide certain information or disable it and prevent us from collecting, storing, and processing it.

Please be aware you will not be able to take advantage of some of the PDF Expert’s features in this case.

Who we are

We are the controller of the personal data for the Users from the moment of the User’s consent to the Terms of Service.

This means we determine the amount, purpose, and means of personal data processing when you use the App.

For details about our role as controller and as processor of personal data, please contact us at dpo@readdle.com. You can also send us a letter.

Data Controller Readdle Limited
Registration number 630281
VAT IE 3560869EH
Address Glandore Business Centre, Grand Canal House,
1 Grand Canal Street Upper, Dublin 4, D04 Y7R5, Ireland.
Email dpo@readdle.com — for privacy questions
rdsupport@readdle.com — for other questions

Personal data in PDF Expert

We collect your personal data according to this Privacy Notice when you use the App.

Please note: not every piece of data we receive and store. Even more, mainly the data is stored locally on your device, and we see pseudonymised or even anonymised data.

Mainly, we process technical data and the data you give to us. Some of it you see in your interface, and some of it is processed on the backend.

Client-Side is the part of the App displayed or takes place on the users’ devices

Backend is an invisible crucial part of our App, where algorithms operate on the variables and data points.

We can process personal data based on the following legal bases:

  • performance of the contract — for processing that is strictly necessary for service provision as written in Terms of Service, technical and customer support;
  • legitimate interest — for processing that is reasonable for the user and required for the development of the service;
  • consent — for additional processing for specific purposes.

Personal data by source

The data we process is divided into categories by its source:

  • data we can get from the Users;
  • data assigned to the Users;
  • automatically-collected, technical, and received by the third parties data.
Data we can get from the Users
Data list Feature Legal basis
All Users: name, email, country, occupation, App functions preferences.

Paying Users: payment data.
App usage contact, legitimate interest
Registration of the account contract
Subscription or trial contract
Conversion of the files contract
Login via third-party services contract
Support request legitimate interest
Receiving marketing data consent
Invoice history legal obligation
Push notifications consent
Data assigned to the Users
Data list Feature Legal basis
All Users: user ID, subscription id, history of payment, history of requests, account data. App usage contact, legitimate interest
Registration of the account contract
Login via third-party services contract
Subscription or trial contract
Conversion of the files contract
Support request legitimate interest
Automatically-collected, technical and received by the third parties data
Data list Feature Legal basis
All Users: IP address, hardware model, identifier, version, date/time of the first and last login, iOS/Android version, report version, crashed thread, data about your interaction with the App and session ID, deviceUUID, device name, device model, timezone, account data, connected platforms ("App usage data").

Paying Users: subscription data and payment data.
App usage contact, legitimate interest
Login via third-party services contract
Subscription or trial contract
Conversion of the files contract

Personal data by features

We understand that you might wish to know the details about our privacy practices. We grouped our data privacy processes by features. Please click on each feature to read more.

App usage

Here, we described the data you see in our App.

Pay attention to the fact that we collect your device’s name for security purposes.

Type of data Type of user Data description Legal basis The reasoning Term of Storage
Provided by User All Users App usage data Providing a service App functioning Duration of the service provision and 1 year after
your App settings Legitimate interest Analytics
Assigned App usage data Legitimate interest Statistics Security

Registration of the account

Type of data Type of user Data description Legal basis The reasoning Term of Storage
Provided by User All Users Email Performance of the contract Creation of the account to allow access to the App functions Duration of the service provision and 1 year after
Occupation Legitimate interest Help us to develop the App Stored in aggregated form
Assigned Aoo functions preferences Legitimate interest Stored in aggregated form
User ID Performance of the contract Duration of the service provision and 1 year after

Subscription or trial

Receipt is an electronic document provided by Apple, Stripe, or other charging platform about your payment. It is stored on your device. We receive only a hash (electronic value) to verify the transaction.

Type of data Type of user Data description Legal basis The reasoning Term of Storage
Provided Paying Users Charging platform name Performance of the contract Providing a service 2 years after the latest date in record
Paying Users Auto Renewal of the subscription status Performance of the contract Billing process and invoice storage
Assigned Paying Users Subscription start and expiration dates Performance of the contract Provinding a service
Paying Users Subscription status Performance of the contract Providing a service
Paying Users Subscription or trial mark Performance of the contract Providing a service
Paying Users Trial use status Performance of the contract Providing a service 2 years after the latest date in record
Received from 3rd parties Paying Users Confirmation of the payment, receipt Legal obligation Billing and invoice storage 6 years after the completion of the transaction

Conversion of the files

We provide you with the functionality for the conversion of the files into the different formats.

To convert your files, we use Convert API. The Convert API does not read or collect file content, metadata, or other data from the uploaded files.

Type of data Type of user Data description Legal basis The reasoning Term of Storage
Provided All Users Files you convert Performance of the contract Providing a service Up to 7 days

Login via third-party services

One of the main parts of our services is designed to make your experience with PDF Expert more comfortable and easy. So we provide you with the possibility to link accounts from 3rd-party services (Apple or Google) for integration and synchronisation of data.

Type of data Type of user Data description Legal basis The reasoning Term of Storage
Provided All Users All cloud data and third-party app data Performance of the contract Providing a service Duration of the service provision and 1 year after

Support request

We may collect your detailed log files to help you with your problem. These log files may contain sensitive personal information and are attached to you.

Pay attention to our practice on the log files:

  • iOS or iPadOS – when you address your support request, you can choose whether to add detailed log files or not;
  • macOS – when you address your support request, we collect your log files by default.
Type of data Type of user Data description Legal basis The reasoning Term of Storage
Provided All Users Name legitimate interest This data is processed by us to provide you with help in case of request. We need your email to communicate with you, although all other data listed here will help us to solve your request more quickly and professional The duration of the service provision and 1 year after.

After this period data is anonymised and stored in an aggregated way for analytical purposes.
All Users Email Performance of the contract
All Users Type of device legitimate interest
All Users Support message legitimate interest
All Users Attached files legitimate interest
All Users Your choices in the Helpspot legitimate interest
Collected All Users Detailed log files, containing information Performance of the contract

Receiving marketing data

We may send you marketing data only if you agree to receive it.
Type of data Type of user Data description Legal basis The reasoning Term of Storage
Provided All Users Name, email Consent Marketing Duration of the service provision and 1 year after or until you withdraw a consent

Invoice history

To track and issue invoices on time, we process your receipt. We also keep the history of payments, as this is a legal requirement, and we cannot delete this information until the filing of the annual accounts expires.

Type of data Type of user Data description Legal basis The reasoning Term of Storage
Provided Paying Users Data on previously purchased subscription, Receipt Legal obligation Compliance with a legal obligation 6 years after completion of the transaction

Push notifications

We can send you small notifications to inform you about changes or updates via pushes from the App. You can allow or disable push notifications in the App Settings on your device.

Type of data Type of user Data description Legal basis The reasoning Term of Storage
Collected All Users Push token Consent Informing you about the App Duration of the service provision and 1 year after or until you withdraw a consent

Age limitation

The services are not directed at individuals under 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information. If you become aware that a child has provided us with personal data, please contact us.

Term of storage

General

After the above respective periods expire, we anonymise the data and store it for statistical and analytical purposes.

We process your personal data based on your consent during the provision of services, during the term of storage (as defined above) or until you withdraw your consent.

You can exercise your right to request us to delete your personal data. In this case, we will delete your personal data from our servers within 30 days of your request.

However, you can exercise your right to delete your data. In this case, we will delete your data from our servers within 30 days of your request.

Storage limitation
Data that are processed on the basis of a performance of the contract Stored for 3 years after completion of services OR 1 year from the last communication
Data that are processed on the basis of a legitimate interest Stored for 1 year after the completion of services/unsubscribe OR 1 year from the last communication

Backup storage

We store your data in the backups of databases. We regularly back up our databases: at least once a day and store them 1 week.

Data transfer outside the European Economic Area

The personal data we collect is stored on servers in the USA. The data is stored in the USA by default, but we may need to process your personal data in another country. We also share some data with our service providers in Ukraine.

There is no adequate decision by the European Commission regarding neither the US nor Ukraine. This means that the USA and Ukraine are not deemed to provide an adequate level of protection for your personal data. We use adopted Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.

You can read more detailed measures to protect your personal data here and in our Data Processing Agreement.

However, if a data transfer is required to perform a contract or provide you services, we have the right to do so without your consent.

Data sharing with third parties

We use your personal data on the basis of the performance of the contract to provide services and communicate with the users.

We share your personal data with our contractors in the scope we need to provide services and technical and customer support. Also, we can share your data on the following grounds: consent, compliance with the law, and legitimate interest.

Details

Consent. We share your personal data based on your explicit consent.

Compliance with the law. We will disclose your personal data to third parties to the extent that it is necessary:

  • to comply with a government request, court order, or applicable law;
  • to prevent unlawful use of our App or violation of the Terms of Service and our policies;
  • to protect against claims of third parties;
  • to help prevent or investigate fraud.

Legitimate interest or performance of the contract: We share your personal data with third parties based on a public offer for processing on our behalf, subject to technical and organisational measures to protect your personal data. We may transfer your personal data to certain companies, consultants, and contractors, as a part of our core team that is hired to provide certain services on our behalf.

We will ask for your consent unless data transfer is part of the contract performance.

Data received from third parties

Also, we can collect some data from third parties.

We share your data with the service providers who, for example, help us:

  • operate, develop, and improve the features and functionality of our Website;
  • provide you with their services;
  • complete your payment transactions;
  • fulfil your support requests;
  • convert your files;
  • communicate with you as described elsewhere in this Privacy Notice.

The scope of the data collected, the purposes, and the legal basis for the processing is determined by the respective privacy documents of these parties:

Third parties Description Link to privacy documents
Google Analytics We use Google Analytics for statistics and analytics. Safeguarding your data
Google We use Google for log-in purposes Privacy & Terms
Apple We use Apple for log-in purposes Privacy Notice
Slack We use Slack for communication and support. Privacy Policy
Stripe We use Stripe to make payments for our services. Privacy Policy
Digital Ocean DigitalOcean backup images. Privacy Policy
Hetzer This is backup storage for manually managed servers. Privacy Policy
Backblaze B2 This is backup storage for manually managed servers. Privacy Policy
Wistia We use Wistia for marketing activities. Privacy Policy
Paddle We use Paddle to handle our tax obligations. Privacy Policy
Convert API We use Convert API to convert your files. Privacy Policy
Note: we can get data from third parties, but we won't necessarily get it. It all depends on your settings and the features you use.

Security measures

We regularly perform Data Protection Impact Assessments to ensure that we use an appropriate level of technical and organisational measures to prevent accidental or unlawful destruction, loss, alteration, and unauthorised disclosure of or access to personal data transmitted, stored, or otherwise processed. We follow ISO 27001 Standard to put all security controls in place as a basis.

To be more specific, to protect your personal data, we use HTTPS and encryption, divided group and individual access (where appropriate), an alarm system, corporate VPN, and written approved internal policies (like password policy and physical access policy).

Moreover, we systematically monitor our technologies’ state of the art and never forget about the backups. All our contractors are under contractual obligations compliant with the GDPR requirements.

Here you can find information about the steps we mentioned above:

Physical measures
Limited access to premises
We use logically separate databases to prevent unauthorised persons from accidentally reading data to separate data.
Access to the data is also restricted because employees use services (applications) that control access.
Stress-tests
Organisational measures
Policies and instructions
  1. Password policy. We regulate access to our systems via password procedures and the use of SSH keys of at least 4096 bits in length
  2. Monitoring and physical access policy
  3. Contractual obligations and corporate VPN
  4. Internal security policy
  5. Access control policy
Transfer protection
  1. Data protection agreements
  2. Data transfer agreements
  3. Standard contactual clauses
Agreements
  1. Non-disclosure agreements
  2. Data protection agreements
Contractor and staff training Privacy protection
  1. Implementation of privacy by design and privacy by default
  2. Internal procedures for GDPR compliance
Regular access and policy review
Code review
Technical measures
Encryption technologies:
encryption in transit, backup encryption, state-of-the-art methods of cryptographic keys
Backup:
We ensure the availability of data in several ways. For example, there is a regular backup of the entire system. This can be used if the other availability measures fail.
Two-factor authentication Critical services are operated redundantly in multiple data centres and controlled by a high-availability system.
Static Analysis Quality Assurance
Regular Patch Management Dependency and Supply Chain Vulnerability Check

Data subjects rights

EU residents

You, as a data subject, have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them:

The right Description
Right to access You can request an explanation of the processing of your personal data.
Right to rectification You can change the data if it is inaccurate or incomplete.
Right to erasure You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law.
Right to restrict the processing You may partially or completely prohibit us from processing your personal data.
Right to data portability You can request all the data that you provided to us, as well as request to transfer data to another controller.
Right to object You may object to the processing of your personal data.
Right to withdraw consent You can withdraw your consent at any time.
Right to file a complaint If your request was not satisfied, you can file a complaint to the regulatory body.
To exercise your rights, contact us.

If your request is not satisfied, you can file a complaint with the regulatory body — The Data Protection Commission (DPC).

U.S. residents

You, as data subjects, have some special privacy rights. To use them, please contact us.

Note: Depending on the state and legislative requirements, we have from 30 to 60 days to exercise your request with the right to postpone it for 30 days more.

If your complaint is not satisfied, you can file a complaint with the Federal Trade Commission.

Your rights vary depending on the laws that apply to you, but may include:

Tight Description Area
Right to access You can request an explanation of the processing of your personal data. California, Virginia, Ohio, Colorado, Nevada, Massachusetts Minnesota, New York, North Carolina, Pennsylvania, Delaware, Utah
Right to rectification You can change the data if it is inaccurate or incomplete. California, Virginia, Colorado, Nevada, Delaware Massachusetts, Minnesota, New York, North Carolina
Right to deletion You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. California, Virginia, Ohio, Colorado, Massachusetts Minnesota, New York, North Carolina, Pennsylvania, Utah
Right to restriction You may partially or completely prohibit us from processing your personal data. California, Massachusetts New York
Right to portability You can request all the data that you provided to us, as well as request to transfer data to another controller. California, Virginia, Ohio, Colorado, Massachusetts Minnesota, New York, North Carolina, Utah
Right to Opt-Out You may prohibit the sharing or selling of your data. California, Virginia, Ohio, Nevada, Massachusetts, Minnesota New York, North Carolina, Pennsylvania, Delaware, Colorado, Utah
Right Against Automated Decision Making You have the right not to be subject to a decision based solely on automated means if the decision produces legal effects concerning you or significantly affects you in a similar way. California, Virginia, Colorado, Massachusetts Minnesota, New York, North Carolina
Right to lodge a complaint If your request was not satisfied, you can file a complaint to the regulatory body. by default
Note: Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please contact us.

Do-not-track requests

California residents visiting our websites may request that we do not automatically gather and track information pertaining to their online browsing movements across the Internet.

Such requests are typically made through web browser settings that control signals or other mechanisms that allow consumers to exercise choice regarding collecting personal data about an individual consumer's online activities over time and across third-party websites or online services.

We currently do not have the ability to honour these requests. We may modify this Notice as our abilities change.

Privacy Notice update

This Privacy Notice and the relationships falling under its effect are regulated by the GDPR.

Existing laws and requirements for the processing of personal data are subject to change. In this case, we will publish a new version of the Privacy Notice in the App.

If significant material changes are made that affect your privacy and confidentiality, we will notify you by displaying information in the App and ask for your consent.

Features

  • iPhone and iPad
  • Mac

How-Tos

  • iPhone and iPad
  • Mac

Company

  • Blog
  • Press Kit
  • Help Center
  • Become an Affiliate

Legal

  • Privacy Notice - Web
  • Privacy Notice - App
  • Terms of Service
Copyright © 2007 - 2025 Readdle Limited.

Apple, the Apple logos, MacBook, iPad, iPhone, Apple Watch and Apple Vision Pro are trademarks of Apple Inc., registered in the U.S. and other countries. App Store and Mac App Store are a service mark of Apple Inc., registered in the U.S. and other countries.

Terms of Service
Privacy Notice