PannaPDF (“we”, “us”, or “our”) operates the website pannapdf.com, the PannaPDF Chrome browser extension, and related services (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.

By using the Service you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account we collect your name and email address. If you sign in with Google, we receive your name, email, and profile picture from Google. Passwords are hashed using PBKDF2 with 100,000 iterations and are never stored in plain text.

1.2 Payment Information

Payments are processed by Razorpay. We do not store your credit card number, CVV, or full card details on our servers. Razorpay handles all payment data under their Privacy Policy. We store only the transaction ID, plan type, and payment status.

1.3 Usage Data

We collect anonymous, aggregated data such as which tools are used, page views, referral source, and general traffic patterns. This helps us improve the Service. We use Google Analytics and Google Ads conversion tracking (via gtag.js) to measure advertising effectiveness.

1.4 Files and Documents

Our core PDF tools (merge, split, compress, annotate, fill & sign, convert, rotate, watermark, protect, redact, etc.) process files entirely in your browser. No files are uploaded to our servers for these operations. Your documents never leave your device.

1.5 AI-Powered Features

AI features (AI assistant, AI Create PDF, translate, image-to-text, ATS score checker, resume builder, cover letter generator, LinkedIn to Resume) send extracted text only to the Anthropic Claude API for processing. The original PDF file is not transmitted. Text is not stored by us or Anthropic after processing is complete.

1.6 E-Signature Documents

When you send a document for e-signature, the PDF is temporarily stored in encrypted cloud storage so signers can access it. Documents are retained only until all parties have signed and are automatically deleted afterward.

2. Chrome Extension — Data Handling

The PannaPDF Chrome Extension provides quick access to PannaPDF tools from your browser toolbar and context menu. This section discloses exactly what the extension does and does not do.

2.1 Permissions Used

contextMenus — Adds “Open in PannaPDF” to your right-click menu on PDF links and images. Does not read page content.
activeTab — Allows the extension to interact with the current tab only when you explicitly click the extension icon or a context menu item.
storage — Stores your extension preferences (e.g., recently used tools) locally on your device.

2.2 Data the Extension Collects

The PannaPDF extension does not collect:

Personally identifiable information (PII)
Browsing history
Page content or form data
Cookies or authentication tokens from other websites
Keystrokes or screenshots

The extension only:

Detects PDF links on the current page to show a count badge (no URLs are transmitted)
Opens pannapdf.com in a new tab when you click a tool (with a ?ref=ext parameter so we know the visit came from the extension)
Stores your preferences locally using chrome.storage.local

2.3 No Remote Code

The extension does not load or execute any remote code. All functionality is bundled within the extension package. No external scripts are fetched at runtime.

2.4 Network Requests

The extension makes no network requests on its own. It only opens pannapdf.com URLs in new browser tabs when you explicitly click a tool or context menu item.

3. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the Service
Process transactions and manage your subscription
Send you service-related emails (account confirmation, password reset, plan updates)
Analyze usage patterns to improve the Service
Measure advertising effectiveness via Google Ads conversion tracking
Detect and prevent fraud or abuse

We do not use your information for targeted advertising, profiling, or automated decision-making.

4. Data Sharing

We do not sell, rent, or trade your personal data to third parties. We share data only with the following service providers, solely for operating the Service:

Cloudflare — Hosting, CDN, and database (Cloudflare Pages & D1)
Anthropic — AI processing via Claude API (text only, not stored)
Razorpay — Payment processing
Google — Analytics, Ads conversion tracking, and optional OAuth sign-in

Each provider processes data under their own privacy policy and applicable data protection agreements.

5. Cookies and Tracking

We use a minimal set of cookies and local storage for authentication (session token) and preferences (theme). Google Analytics sets its own cookies for traffic measurement. We do not use personal tracking cookies, fingerprinting, or third-party advertising trackers beyond Google Ads conversion tags.

6. Data Retention

Account data — Retained until you delete your account
Files processed in-browser — Never stored on our servers
AI-processed text — Not retained after the request completes
E-signature documents — Deleted after all parties sign
Usage analytics — Aggregated data retained indefinitely; personally identifiable logs deleted within 90 days

7. Data Security

We implement industry-standard security measures including encrypted data storage, HTTPS everywhere, hashed passwords, and access controls. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

You have the right to:

Access your personal data via your account dashboard
Update your name, email, and password in Settings
Delete your account and all associated data at any time
Export your data by contacting us
Opt out of analytics by using browser-based ad/tracker blockers

If you are located in the EU/EEA, you have additional rights under GDPR including the right to data portability, restriction of processing, and lodging a complaint with a supervisory authority.

9. Children's Privacy

The Service is not directed to individuals under 13 (or under 16 in the EU/EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

10. International Data Transfers

Our servers and service providers may be located outside your country of residence. By using the Service you consent to the transfer of your data to these locations. We ensure appropriate safeguards are in place in accordance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new “Last updated” date, and where appropriate, via email notification.

12. Contact Us

If you have any questions about this Privacy Policy or your personal data, contact us at:

Email: [email protected]
Website: https://pannapdf.com