Privacy Policy
Last updated: December 2025
Your privacy and the confidentiality of your documents are fundamental to how we build PDFDancer. This Privacy Policy explains how The Famous Cat Ltd. ("we," "our," or "us") collects, stores, and processes information when you use PDFDancer, including the website pdfdancer.com, the API, and our SDKs (collectively, the "Service").
1. Who We Are
PDFDancer is operated by The Famous Cat Ltd., a company registered in Hong Kong. We provide developer tools and APIs for analyzing and editing existing PDF files.
For privacy or data protection inquiries, contact: support@pdfdancer.com
2. What We Collect
We collect only the data necessary to operate the Service securely and effectively.
2.1. Account and Authentication
When you sign up or log in using Clerk, we receive:
- Your email address
- Name or display name (if provided)
- Authentication identifiers managed by Clerk
We never store or access your password. Authentication data is handled entirely by Clerk.
2.2. API and SDK Usage Logs
We collect minimal technical logs such as:
- API request timestamps
- API key or account identifier
- File size and processing status codes
- Error messages for debugging and monitoring
These logs never include PDF content or document metadata.
2.3. Analytics (Website Only)
We use PostHog to understand general website usage. Analytics data is anonymized, respects "Do Not Track," and contains no PDF or user content. We use it solely to improve site performance and user experience.
3. Handling of Uploaded PDFs
We take document confidentiality extremely seriously.
3.1. Storage and Encryption
- When a PDF is submitted to the API or through an SDK session, it is stored temporarily in encrypted form on our servers hosted by Hetzner in the European Union.
- All documents are encrypted at rest using AES-256 and in transit using HTTPS/TLS.
- Only automated processing components (not humans) access the document to perform the requested operations (e.g., parsing, editing, rendering).
3.2. Access and Visibility
- No employees, contractors, or external systems can view or retrieve your uploaded PDFs.
- We do not manually inspect, index, or analyze document content.
- PDFs are never shared with third parties, used for model training, or included in analytics.
3.3. Retention and Deletion
- PDFs are automatically deleted when the SDK/client session ends, the document processing completes, or after a short safety buffer (normally 15–60 minutes) to allow for retries or downloads.
- Temporary files and cache entries are periodically purged from storage systems.
- If you explicitly close a session via API call, the associated files are deleted immediately.
- We keep only minimal metadata (e.g., file size, processing duration) for billing and performance statistics — never the content itself.
3.4. Enterprise / Self-Hosted Users
When you deploy PDFDancer under an Enterprise license, you control all storage, retention, and security settings. We have no access to your documents or data.
4. Infrastructure and Providers
To operate the Service, we rely on a small number of trusted subprocessors:
| Provider | Purpose | Region |
|---|---|---|
| Hetzner Online GmbH | Hosting of API servers, temporary file storage | EU (Germany) |
| Cloudflare | CDN, caching, and DDoS protection | Global / EU edge nodes |
| Clerk | Authentication and account management | US / EU |
| PostHog | Website analytics (anonymized) | EU instance |
| Stripe or Paddle (if applicable) | Payment processing | Global |
All subprocessors are GDPR-compliant and operate under appropriate data-processing agreements.
5. How We Use Collected Information
We use information solely to:
- Operate and improve the Service
- Authenticate users and manage subscriptions
- Monitor performance, reliability, and abuse prevention
- Communicate account or billing updates
- Ensure security and compliance
We never sell, rent, or trade user data or document contents.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| PDFs and temporary files | Deleted automatically after processing (typically <1 hour) |
| API logs | Up to 30 days |
| Account data | Until account deletion |
| Analytics data | Aggregated, anonymized, retained indefinitely |
You can request deletion of your account and associated data by emailing support@pdfdancer.com.
7. Cookies and Tracking
We use only essential cookies for:
- Authentication sessions (via Clerk)
- Site performance and security (via Cloudflare)
- Anonymous usage metrics (via PostHog, first-party only)
No third-party advertising or tracking cookies are used.
8. Data Transfers
Our primary servers are located in the European Union. As a Hong Kong company, some administrative data may be processed in Hong Kong or other jurisdictions under GDPR-compliant safeguards (Standard Contractual Clauses).
9. Your Rights
If you are based in the EEA, UK, or another jurisdiction with data protection laws, you have the right to:
- Access, correct, or delete your personal data
- Request data portability
- Object to processing or withdraw consent
Contact support@pdfdancer.com to exercise these rights. We respond within 30 days.
10. Security Practices
- All communication uses HTTPS/TLS encryption.
- Files are stored encrypted at rest (AES-256).
- Access is restricted through role-based permissions and logged.
- Systems are monitored for intrusion and abuse.
While no system is perfectly secure, we continuously review and improve our security controls.
11. Availability and Status
Service uptime and maintenance announcements are posted at status.pdfdancer.com. You can subscribe there to receive updates on maintenance windows, downtime, and incident resolutions.
Unplanned outages may still occur, but we will communicate transparently and restore service promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material updates will be announced by email or via the dashboard.
The latest version is always available at pdfdancer.com/privacy.
13. Contact
The Famous Cat Ltd.
Hong Kong SAR