LEGAL_● PRIVACY_POLICY

Privacy Policy

LAST_UPDATED · JUNE 18, 2026 (REVISED)

> THE_SHORT_VERSION

The short version

SealedPDF is built so your PDF files never leave your browser. The PDF bytes are read, edited, and saved on your own computer. Our servers see your email, your plan, a monthly operation count, and a log of which tools you ran — nothing about the files themselves.

There are two exceptions. First, the PII redaction and contract analysis tools send the extracted plain text of your document to a scanning service so we can find entities or summarize terms. The PDF file itself still never leaves your browser. See “Tools that send text,” below.

Second, every page on this site loads a third-party site-statistics service that records your session — mouse movements, scrolls, clicks, and a video-style replay of how you interact with the interface. It does not see your PDF bytes (those still never leave your browser) but it does see filenames you select, text you type into our forms, and which tools you open. To opt out at the browser level, install a tracker-blocking extension (uBlock Origin or similar) or enable Do Not Track in your browser settings.

> WHAT_WE_COLLECT

What we collect

When you use SealedPDF we collect and store:

  • Your email address (used to sign in and to send billing and account-related email)
  • Your authentication state, stored in an HTTP-only cookie in your browser
  • Your current plan (Free, Solo, or Firm)
  • A customer reference from our payment processor and subscription status (Solo and Firm plans only)
  • A counter of how many operations you've run this month (used to enforce the Free tier limit)
  • A per-operation audit log entry: a timestamp, your user ID, and the name of the tool you ran (for example, merge or bates_stamp). For privacy-sensitive tools (PII redaction, contract analysis) the row carries nothing else — no file size, no match counts, no text.

> WHAT_WE_DON_T_COLLECT

What we don’t collect

We specifically do not collect or store any of the following:

  • The contents of your PDF
  • The file name of your PDF
  • Any content-derived metadata (hashes, extracts, page counts)
  • A copy of the output file you downloaded

You can verify this yourself: open browser DevTools, go to the Network tab, and process a PDF with any tool other than PII redaction or contract analysis. You will see zero file uploads.

> HOW_YOUR_PDF_IS_PROCESSED

How your PDF is processed

Every tool on SealedPDF runs in your browser using two open-source libraries maintained by Mozilla and community contributors: pdf-lib for creating and editing PDFs, and pdf.js for rendering pages. The PDF bytes are read into your browser's memory, transformed locally, and handed back to you as a download. Nothing about the file is sent to us.

> TOOLS_THAT_SEND_TEXT_THE_EXCEPTION_

Tools that send text (the exception)

Two tools need a server-side service to do their work: PII redaction (finds common structured PII — emails, SSNs, phone numbers, credit card numbers, URLs, IP addresses, and dates) and contract analysis(summarizes terms and flags risky clauses).

For these tools only, the plain text extracted from your PDF — not the PDF file, not images — is sent over TLS to a scanning service. That service reads the text in memory, returns the result, and does not store the text, log it, or write it to disk. Our audit-log row records that a scan happened and on which plan — nothing about the text itself.

For contract analysis, the text is sent to a third-party AI service under zero-retention contractual terms. The provider processes the text to return the analysis but does not train on it or retain it beyond that request.

We intend to eventually move these scans into your browser (using on-device ML models) so that the text never leaves your machine. Until then, those operational controls are what you are trusting.

> COOKIES_AND_LOCAL_STORAGE

Cookies and local storage

We use two categories of cookie. First, a session cookie that keeps you signed in — HTTP-only, Secure, SameSite=Lax. Second, analytics cookies set by our site-statistics service (see “Service providers we rely on”) which identify your browser across pages for the purposes of session replay and heatmaps. We do not use advertising cookies.

Your browser may cache PDF files and intermediate artifacts in its own memory while you use a tool. These never leave your device and are cleared when you close the tab.

> SERVICE_PROVIDERS_WE_RELY_ON

Service providers we rely on

We use a small number of trusted third-party service providers to run the site. We disclose them by category here rather than by name; the current vendor list is available to customers on request at the email below.

  • Infrastructure — hosting, authentication, database, payment processing, and transactional email delivery. Each receives only the data it needs to do its job (your email and account state for authentication; your card and billing address for payment processing, handled under that provider's privacy policy and kept off our servers; your email address and the message for transactional sends).
  • Site statistics — session-replay and behavioural analytics, loaded on every page. Records mouse movement, scrolls, clicks, text typed into our forms, and produces a video-style replay of your session. Does not access your PDF contents. To opt out at the browser level: install a tracker-blocking extension (uBlock Origin or similar), enable Do Not Track, or block analytics requests at your DNS layer.
  • AI services — used by the PII redaction and contract analysis tools to process the extracted plain text described under “Tools that send text.” Zero-retention contractual terms; no training on your data.

> HOW_LONG_WE_KEEP_YOUR_DATA

How long we keep your data

Your account data is kept while your account exists. When you delete your account, we delete your profile row, your usage counters, your audit-log rows, and any matter records you created. Our payment processor keeps billing records for its own compliance period regardless of our deletion.

> YOUR_RIGHTS

Your rights

You can request access to, correction of, or deletion of your personal data at any time by emailing the address below. If you are in a jurisdiction with a statutory right to data portability or to object to processing (for example, the EU or California), those rights apply and we will honor them.

> CHILDREN

Children

SealedPDF is not directed to children under 13 and we do not knowingly collect data from children.

> CHANGES_TO_THIS_POLICY

Changes to this policy

If we change this policy in a way that affects how we handle data, we will update the “Last updated” date at the top and, for material changes, send an email to the address on your account.

> CONTACT

Contact

Questions or requests about this policy can be sent to hello@sealedpdf.com.