Privacy Policy

Last updated: July 3, 2026

Your documents never leave your device

Every DukPdf tool processes your files locally — in your browser or inside the desktop app. Your documents are never uploaded, never stored on our servers, and never seen by us or anyone else. What we do handle is the small amount of account, billing, and usage data described on this page — all of it listed, none of it sold.

Who we are

DukPdf is operated by Satyam Tiwari, an independent software developer based in India (“we”, “us”, “our”). For data-protection laws such as the UK GDPR, the operator is the data controller for the personal data described in this policy, and also acts as the designated privacy officer for the purposes of Canadian privacy law.

For any privacy question or request, email support@dukpdf.com. A postal address is available on written request.

What this policy covers

This policy covers the DukPdf website and web app at dukpdf.com and the DukPdf desktop app for macOS and Windows (together, the “Service”). The desktop app shares its account system with the web app, so everything here applies to both — differences are called out in the desktop section below.

Effective date: July 3, 2026. This version replaces the April 23, 2026 policy — the main changes are that it now covers paid plans and billing, names every third-party service we use, describes the desktop app, and documents the anonymous usage-limit cookie and consent controls.

Your files stay on your device

All file processing in DukPdf happens locally. When you drop a file into any tool — merge, compress, convert, OCR, redact, or any other — the work is done by your own browser (using WebAssembly) or by the desktop app on your machine.

Zero upload. Your file stays on your machine. Our servers have no endpoint that accepts file content — there is nowhere to upload it to.
Zero storage. We have no copy of any file you process and no record of file names or contents. There is nothing to delete because nothing is stored.
Zero visibility.We can't see your files, and neither can any third party we work with — the files never reach anyone's servers in the first place.

One honest technical note: to run tools locally, the app fetches software over the network — WebAssembly modules, OCR language models, and rendering code from our own CDN, and, if you pick a custom font for watermarks or page numbers, the font file from Google Fonts. These downloads work like loading any web page: the provider sees a routine request from your device (including its IP address), but your document is never part of any of them.

Data we collect

The complete picture, at a glance:

WHAT WE COLLECT

  • Account data — email, name, and (with Google sign-in) avatar
  • Billing records — plan, amounts, tax, card type and last 4 digits
  • Usage records — which tool ran, file count and total size (numbers only)
  • An anonymous anti-abuse ID (a first-party cookie)
  • Analytics and ad-click measurement — web only, only if you opt in
  • Error and crash reports — with paths and names scrubbed

WHAT WE NEVER COLLECT

  • Your files or their contents — ever
  • File names or document text
  • Full card numbers (payments run through Dodo Payments)
  • Browsing history on other sites — no behavioral tracking or profiles
  • Device fingerprints
  • Anything to sell — we do not sell or rent personal data

Each category is described in detail below. If you use DukPdf without an account and without opting in to analytics, the only things we handle are the anonymous anti-abuse ID, standard server logs, and any error reports your session generates — none of which identify you by name.

Account data

Email, name, and password — collected when you create an account. Passwords are stored only as a modern one-way hash by Supabase, our authentication provider; we never see or store the plain text. At signup we also record the time you accepted the Terms.
Google sign-in— if you use “Continue with Google”, Google shares your email address, name, and profile picture with us. We receive nothing else from your Google account.

Payments and billing data

Paid plans are sold through Dodo Payments, our merchant of record. Checkout happens on Dodo's systems: they collect your payment details, charge your card, calculate any tax, and issue invoices. Your full card number never touches DukPdf.

From Dodo we receive and store what's needed to run your plan and keep honest books: your plan and subscription status, payment amounts and currency, tax charged, payment method type and the last four digits of the card, invoice references, and billing dates.

See our Refund & Cancellation Policy for how billing works, and Dodo's own privacy policy for how they handle payment data.

Usage records and the anti-abuse ID

To run fair free-tier limits and prevent abuse, we record one row per conversion: which tool ran, how many files, their combined size in bytes, how long it took, and whether it succeeded. These are numbers and a tool name only — never file names, never contents.

Usage is tied to your account if you're signed in. If you're not, it is tied to dukpdf_anon_id— a random, signed, first-party cookie that lives for 90 days. It exists solely so the free tier can count conversions and stop automated abuse; it is not used for advertising or shared with anyone, and it carries no consent requirement because it is strictly necessary to provide the service you're asking for. We also use IP addresses server-side, briefly, for rate limiting.

Analytics and ad measurement — off until you say yes

The website uses Google Analytics 4 to understand which tools are useful — only if you opt invia the consent banner (“Accept”, or the Analytics toggle under “Manage cookies”). Until you consent, the Google script doesn't even load, so nothing is sent to Google. If you reject, it never loads. You can change your choices any time via “Cookie settings” in the footer.

When enabled, analytics records page views and product events (like “tool opened” or “checkout started”) with the tool name — never file names or contents. We do not send Google your name or email, and we don't use analytics user-IDs. Google acts as our processor for this data; you can read how Google uses information from sites that use its services.

Ad-click measurementis a separate opt-in, available only as a toggle under “Manage cookies”: if you enable it and you arrived from a Google ad, Google can count that the ad led to a signup or purchase, which tells us which ads are worth running. It is measurement only — personalized advertising and remarketing are permanently disabled in our code, whatever you choose, and we never show ads on DukPdf.

The desktop app contains no analytics at all.

Error and crash reports

When something breaks, the web app and the desktop app send an error report to Sentry, our error-monitoring provider, so we can fix it. Before anything is sent, reports are scrubbed on your device: file paths, file names, and your computer's name are removed or replaced with placeholders, and we have Sentry's default personal-data collection switched off. Reports contain the error, a stack trace, app version, and platform — not your documents and not your identity.

Email and support

We send transactional email only — account confirmation, password notices, billing receipts, and replies to your messages — via Resend, our email provider, and Supabase's auth mailer. We don't send marketing email. If we ever start a newsletter, it will be strictly opt-in with an unsubscribe link in every message.

If you write to support or use the contact form, we receive your email address and message and keep the correspondence for as long as needed to help you and keep a reasonable record.

Server logs

Like every website, our hosting infrastructure keeps short-lived technical logs of requests (IP address, browser type, requested page) for debugging and abuse prevention. Logs never contain file content or file names — those never reach our servers — and are retained only briefly.

The desktop app

The desktop app is local-first in the same way, with a few specifics of its own:

  • No analytics. The desktop app sends no analytics events. The only telemetry is the scrubbed crash reporting described above.
  • Update checks. The app periodically fetches a version file from our CDN to offer updates. This is a plain download request — no account data is attached.
  • On-demand components. Some features download open-source components on first use — LibreOffice (for Office-to-PDF, from our mirror or The Document Foundation) and OCR language data. These are software downloads; your documents are not involved.
  • Local storage.Your sign-in session is stored in the operating system's keychain or credential manager. A small local file tracks free-trial usage counts. Saved preferences stay on your machine.

Why we process data, and for how long

For readers in the UK and other GDPR-style jurisdictions, this is the purpose, legal basis, and retention for everything above:

  • Running your account and plan (account + billing data) — necessary to perform our contract with you. Kept until you delete your account; billing records are then kept up to 7 years where tax and accounting rules require it (legal obligation).
  • Free-tier limits, security, and abuse prevention (usage records, anti-abuse ID, server logs, rate limiting) — our legitimate interest in keeping the free tier fair and the Service safe. The anonymous ID expires after 90 days; usage records are kept only as long as needed for limits and abuse patterns; server logs are short-lived.
  • Product analytics and ad-click measurement — your consent, per category, on the website only. Google Analytics retains event data for at most 14 months; ad-click cookies last about 90 days; withdraw consent any time via Cookie settings.
  • Fixing errors (crash reports) — our legitimate interest in a working product. Sentry retains events for 90 days.
  • Support — our legitimate interest in answering you; correspondence kept as long as reasonably needed.

We make no automated decisions with legal or similarly significant effects, and we do no profiling.

The services we rely on

We share personal data only with the service providers that run DukPdf, only for the purposes above — never for their advertising, and never for sale:

Vercel (USA) — hosts the website and processes requests, including server logs.
Supabase (USA) — authentication and our database: account, billing, and usage records.
Dodo Payments — merchant of record for all purchases; handles payment details and tax, sends us the billing metadata described above.
Google (Google LLC, USA) — opt-in website analytics and opt-in ad-click conversion measurement; personalized ads and remarketing permanently disabled.
Sentry (USA) — error and crash reports, scrubbed before sending.
Resend (USA) — sends our transactional email (receipts, account notices, support replies).
Cloudflare (USA) — serves downloads and tool assets (WebAssembly modules, OCR models, the desktop installer) from our CDN; sees standard request logs.
The Document Foundation (Germany) — the desktop app may download LibreOffice directly from their archive as a fallback; they see a standard download request only.

We do not sell, rent, or trade personal information, and we do not “share” it for cross-context behavioral advertising as US state laws define that term.

Where your data lives

Our infrastructure providers store data primarily in the United States. Because the operator works from India, account and support data is also accessed from India when running the Service and answering you. Wherever data moves, it stays under this policy, and our providers commit to recognized transfer safeguards (such as standard contractual clauses and the UK addendum) in their data processing agreements.

Your rights

You control your data. Everyone, everywhere, can ask us to access, correct, delete, or export their data by emailing support@dukpdf.com — we act on requests within 30 days. Depending on where you live, these rights are also backed by law:

  • UK & EU— rights of access, rectification, erasure, restriction, portability, and objection, and the right to withdraw consent (for analytics) at any time without affecting anything else. You can complain to your supervisory authority — in the UK, the Information Commissioner's Office (ico.org.uk) — though we'd appreciate the chance to fix things first.
  • California— we disclose the categories we collect and the third parties above; we don't sell or share personal information. Because there is no tracking to opt out of, browser “Do Not Track” and Global Privacy Control signals don't change anything — the protections they request are already everyone's default. Material changes to this policy are announced as described below.
  • Canada — you may access and correct your personal information and withdraw consent. The operator is the designated privacy officer; unresolved concerns can go to the Office of the Privacy Commissioner of Canada (priv.gc.ca).
  • Australia — we handle personal information consistently with the Australian Privacy Principles; complaints can go to the OAIC (oaic.gov.au).

Deleting your account

Email support@dukpdf.com from your account address and we will delete your account and associated personal data within 30 days. Billing records that tax law requires us to keep are retained for the statutory period and then deleted. Remember: there is no file data to delete, because we never had any.

Security and breaches

How we protect data is described on our Securitypage. If a breach ever creates a real risk of harm to you, we will notify you and the relevant regulators promptly, as the law requires, and tell you plainly what happened and what we're doing about it.

Children

DukPdf is not directed at children. We do not knowingly collect personal information from anyone under 13 (or under 16 where local law sets a higher bar). If you believe a child has created an account, email us and we will delete it.

Changes to this policy

When we make material changes, we email account holders before the changes take effect and update the “Last updated” date at the top of this page. Earlier versions are available on request.

Contact

Questions about this policy, your data, or anything privacy-related? Email support@dukpdf.com. We read every message.