Privacy Policy

Last updated: 2026-02-18

Service Provider
Softwareservice Fuhrmeister
Owner: Klaus Fuhrmeister
Uhlandstr. 1, 65520 Bad Camberg, Germany
Support: support@software-fuhrmeister.de
Legal contact: legal@software-fuhrmeister.de

1. Scope

This Privacy Policy explains how pdftables.io (“we”, “us”) processes personal data when you visit our landing page, use our web application and API, upload PDF documents, and generate exports (XLSX, CSV, JSON).

2. Categories of Data We Process

• Account and contact data: e.g., name, email address.
• Billing and payment data: e.g., billing address, VAT ID (if provided), subscription status, Stripe customer ID, invoice details. We do not store full card details.
• Uploaded content: PDF files you upload and generated export files (XLSX, CSV, JSON).
• Usage and technical data: IP address, timestamps, request paths, device/browser information, user agent, and error/diagnostic data.
• Analytics data (landing page): aggregated usage metrics collected via Google Analytics.

3. Purposes and Legal Bases

We process personal data for the following purposes and based on the following legal bases (GDPR):

• Providing the service (uploads, extraction, exports, API access) — Art. 6(1)(b) GDPR (performance of a contract).
• Account management (authentication, user support) — Art. 6(1)(b) GDPR (contract) and/or Art. 6(1)(f) GDPR (legitimate interests).
• Payments, subscriptions and invoicing (processing payments, managing renewals, handling invoices) — Art. 6(1)(b) GDPR (contract) and Art. 6(1)(c) GDPR (legal obligations, where applicable).
• Operating, securing and improving the service (abuse prevention, troubleshooting, availability) — Art. 6(1)(f) GDPR (legitimate interests).
• Usage measurement / plan-limit counting (counting processed pages for usage and plan limits) — Art. 6(1)(b) GDPR (contract) and/or Art. 6(1)(f) GDPR (legitimate interests).
• Landing page analytics — Art. 6(1)(a) GDPR (consent), where required.

4. Hosting and Infrastructure (Netcup, Europe)

Our backend and frontend are hosted on servers provided by netcup located in Europe. Processing of personal data may occur on these servers to provide the service.

Processor (hosting provider): [netcup GmbH], [Address], [Country].
Data Processing Agreement (DPA): [available/contracted] (Art. 28 GDPR).

5. File Storage (AWS S3)

Uploaded PDF files and generated exports (XLSX, CSV, JSON) are stored in Amazon Web Services (AWS) S3.

• Region: eu-central-1 (Frankfurt)
• Access control: private bucket / restricted IAM roles
• Encryption: SSE-S3
• Retention/deletion: e.g., deleted per plan settings or until user deletes manually

Processor (cloud provider): Amazon Web Services, Inc. / Amazon Web Services EMEA SARL (as applicable).
DPA: contracted (Art. 28 GDPR).

6. Document Analysis (AWS Textract)

To support PDF analysis (e.g., OCR for scanned documents), we use in addition to our own algorithms AWS Textract. When Textract is used, relevant document content is transmitted to AWS for processing.

• Purpose: OCR/document understanding to improve extraction results for scanned PDFs.
• Region: eu-central-1 (Frankfurt)
• Data minimization: only the selected pages for the requested job

7. Logging (Backend Access Logs and Usage Counting)

We log backend access for security and troubleshooting, and to count usage (e.g., processed pages) for plan limits and billing-relevant checks. Log entries may include:

• IP address, timestamp, request method/path, status code
• User email address, request ID
• Technical metadata (user agent), and error/diagnostic information

Log retention: 28 days. Access to logs is restricted to authorized personnel.

8. Payments and Subscriptions (Stripe)

For payment processing and subscription management, we use Stripe. Depending on the payment method, Stripe processes personal data such as your name, email address, billing address, payment method details, and transaction data. We receive from Stripe information necessary to administer your subscription (e.g., payment status, invoice details, Stripe customer/subscription IDs). We do not receive or store full card numbers.

Provider: Stripe Payments Europe, Ltd. (as applicable), [Address].
DPA: contracted (Art. 28 GDPR).

Legal basis: Art. 6(1)(b) GDPR (contract) and Art. 6(1)(c) GDPR (legal obligations, where applicable).

International transfers: Stripe may transfer data to countries outside the EEA/UK. We rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and/or other valid transfer mechanisms, where applicable.

9. Landing Page Analytics (Google Analytics)

Our landing page uses Google Analytics to measure and analyze traffic and improve marketing and content. Google Analytics may set cookies or use similar technologies. Where required, we activate analytics only after your consent.

9.1 Cookies and Consent

Where required, we use a consent banner to obtain your consent before enabling analytics cookies (Art. 6(1)(a) GDPR). You can withdraw your consent at any time via: [cookie settings link or instructions].

9.2 Provider and Transfers

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (for users in the EEA).
Transfers: Data may be transferred to the United States or other countries. We rely on appropriate safeguards such as Standard Contractual Clauses (SCCs), where applicable.

10. Cookies

We use cookies and similar technologies for:

• Essential: login/session management and core functionality.
• Analytics: Google Analytics (landing page), where enabled by consent.

Details (cookie name, purpose, retention): currently no cookies.

11. Data Sharing and Recipients

We share personal data only as necessary to provide the service and comply with law. Recipients may include:

• Hosting provider (Netcup) – infrastructure hosting (Europe)
• AWS (S3, Textract) – file storage and analysis
• Stripe – payments and subscriptions
• Google – landing page analytics (with consent where required)
• Authorities/courts – where legally required

12. International Data Transfers

If personal data is transferred outside the EEA/UK, we ensure appropriate safeguards, such as:

• EU adequacy decisions (where applicable)
• Standard Contractual Clauses (SCCs)
• EU-U.S. Data Privacy Framework participation (where applicable)
• Additional technical/organizational measures

13. Retention and Deletion

• Account data: retained for the duration of the account and as required by law.
• Billing/invoice data: retained as required by tax and commercial law (10 years).
• Uploaded PDFs and exports: retained per plan settings or until user deletes.
• Logs (usage/security): retained 28 days.
• Analytics data: retained per Google Analytics settings (30 days).

14. Security

We implement appropriate technical and organizational measures to protect personal data, including:

• TLS encryption in transit
• Access controls and least-privilege permissions
• Encrypted storage where applicable
• Monitoring and logging
• Backups / incident response processes

15. Your Rights (GDPR)

You have the following rights, subject to legal requirements:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR), especially against processing based on legitimate interests
• Right to withdraw consent at any time (Art. 7(3) GDPR), where processing is based on consent
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, contact us at privacy@pdftables.io.

16. Contact

If you have questions about this Privacy Policy or our data processing, contact:

Softwareservice Fuhrmeister, Klaus Fuhrmeister
Uhlandstr. 1, 65520 Bad Camberg, Germany
Email: legal@software-fuhrmeister.de

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The current version is published on this page and indicated by the “Last updated” date above.