Privacy Policy
Last updated: 1 July 2026
1. Who we are
This service ("PDF Fill", pdf.clearlogicassist.com) is operated by Clear Logic Assist (clearlogicassist.com) ("we", "us"), the data controller. You can reach us at support@clearlogicassist.com.
2. What we collect and why
| Data | Why | Legal basis (GDPR) |
|---|---|---|
| Account email | To create and identify your account, sign you in, and contact you about the service. | Contract (Art. 6(1)(b)) |
| Authentication verifier & salts | A one-way, salted hash so we can verify your login. We never receive your password. | Contract |
| Billing & usage: balance, number of documents saved/downloaded, top-ups, subscriptions | To operate the pay-as-you-go / subscription billing and for our own accounting and abuse-prevention. | Contract; legitimate interest (Art. 6(1)(f)) |
| Encrypted vault (your custom fields & signature) | Stored only as ciphertext so it syncs across your devices. Only you can decrypt it. | Contract |
| Technical logs (IP address, timestamps, request metadata) | Security, rate-limiting, diagnosing errors. | Legitimate interest |
| Your PDF — only if you use "compress on the server" | Processed on our server for that single request and immediately deleted; never stored or inspected. | Contract (you initiated it) |
3. What we do NOT have access to
- Your master password or the encryption keys derived from it.
- The decrypted contents of your vault (custom fields / signature).
- The contents of the PDFs you fill — they are rendered and edited locally in your browser.
4. Cookies & local storage
We use only essential browser storage (and no advertising or cross-site tracking cookies). See our Cookie Policy.
5. Third parties
- Google Sign-In — if you choose "Continue with Google", Google processes your sign-in per its privacy policy. We receive only your verified email.
- Payment processor — when payments go live they will be handled by a Merchant of Record (e.g. Paddle or Lemon Squeezy), which acts as reseller and processes payments, card data and VAT; we do not store card details.
- Hosting / infrastructure — our server runs on a virtual private server located within the EU/EEA.
6. Retention
We keep your account data while your account exists. When you delete your account, your encrypted data and personal details are wiped immediately; a minimal record (email + aggregate usage counts) is kept for up to 90 days for fraud/abuse prevention and accounting, then permanently deleted. Technical logs are kept for a short period.
7. International transfers
We aim to process data within the EU/EEA. Where a provider (e.g. Google) transfers data outside the EEA, it is covered by appropriate safeguards (e.g. Standard Contractual Clauses).
8. Your rights
Under the GDPR you may request access, rectification, erasure, restriction, portability, and object to certain processing. You can delete your account (and data) yourself from the account menu, or contact us. You may lodge a complaint with your national data protection authority ([supervisory authority]).
9. Security
Traffic is encrypted with TLS. Passwords are salted and hashed; your vault is end-to-end encrypted (AES-GCM) with keys derived on your device. No system is perfectly secure, but we design to hold as little of your data — and none of your secrets — as possible.
10. Children
The service is not directed at children under 16.
11. Changes
We may update this policy; we will post the new version here with a new "last updated" date.
12. Contact
Questions or requests: support@clearlogicassist.com.