PDFFill

Privacy Policy

Last updated: 1 July 2026

Privacy by design. PDF Fill does its work in your browser. Your PDF is not uploaded to us — except the one optional "compress on the server" action, where the file is processed and immediately discarded (never stored). Anything you save under an account (your custom fields and signature) is end-to-end encrypted on your device: we only ever hold ciphertext and cannot read it.

1. Who we are

This service ("PDF Fill", pdf.clearlogicassist.com) is operated by Clear Logic Assist (clearlogicassist.com) ("we", "us"), the data controller. You can reach us at support@clearlogicassist.com.

2. What we collect and why

DataWhyLegal basis (GDPR)
Account emailTo create and identify your account, sign you in, and contact you about the service.Contract (Art. 6(1)(b))
Authentication verifier & saltsA one-way, salted hash so we can verify your login. We never receive your password.Contract
Billing & usage: balance, number of documents saved/downloaded, top-ups, subscriptionsTo operate the pay-as-you-go / subscription billing and for our own accounting and abuse-prevention.Contract; legitimate interest (Art. 6(1)(f))
Encrypted vault (your custom fields & signature)Stored only as ciphertext so it syncs across your devices. Only you can decrypt it.Contract
Technical logs (IP address, timestamps, request metadata)Security, rate-limiting, diagnosing errors.Legitimate interest
Your PDF — only if you use "compress on the server"Processed on our server for that single request and immediately deleted; never stored or inspected.Contract (you initiated it)

3. What we do NOT have access to

4. Cookies & local storage

We use only essential browser storage (and no advertising or cross-site tracking cookies). See our Cookie Policy.

5. Third parties

6. Retention

We keep your account data while your account exists. When you delete your account, your encrypted data and personal details are wiped immediately; a minimal record (email + aggregate usage counts) is kept for up to 90 days for fraud/abuse prevention and accounting, then permanently deleted. Technical logs are kept for a short period.

7. International transfers

We aim to process data within the EU/EEA. Where a provider (e.g. Google) transfers data outside the EEA, it is covered by appropriate safeguards (e.g. Standard Contractual Clauses).

8. Your rights

Under the GDPR you may request access, rectification, erasure, restriction, portability, and object to certain processing. You can delete your account (and data) yourself from the account menu, or contact us. You may lodge a complaint with your national data protection authority ([supervisory authority]).

9. Security

Traffic is encrypted with TLS. Passwords are salted and hashed; your vault is end-to-end encrypted (AES-GCM) with keys derived on your device. No system is perfectly secure, but we design to hold as little of your data — and none of your secrets — as possible.

10. Children

The service is not directed at children under 16.

11. Changes

We may update this policy; we will post the new version here with a new "last updated" date.

12. Contact

Questions or requests: support@clearlogicassist.com.