NinjaPDF
Upgrade

Privacy Notice

Last updated: May 5, 2026

1. Who we are

NinjaPDF is operated by Redr Group LLC. Redr Group LLC is the data controller of the personal data described in this notice. References to "we", "us", and "our" mean Redr Group LLC.

2. Personal data we collect

  • Account data: name, email address, password (hashed), display name.
  • Profile data: plan, preferences, role assignments.
  • Usage and telemetry: pages viewed, tools used, file sizes, success/error events.
  • Device and connection: IP address, user agent, referrer, approximate location.
  • Support data: messages and attachments you send to support.
  • AI inputs/outputs: prompts and documents you submit to AI features, and the responses returned.
  • Payment data: handled directly by Paddle (see Section 5). We receive billing status, plan, and limited transaction metadata — not full card numbers.

3. Why we use it (purposes & legal bases)

  • Provide the Service (account creation, processing files, delivering AI features) — performance of contract.
  • Security and fraud prevention (abuse detection, rate limiting, audit logs) — legitimate interests.
  • Service improvement (aggregated analytics, error monitoring) — legitimate interests.
  • Customer support (responding to inquiries) — performance of contract / legitimate interests.
  • Legal compliance (tax records, responding to lawful requests) — legal obligation.
  • Marketing (only where you have opted in) — consent.

4. Files you process

Many of NinjaPDF's tools run entirely in your browser — your files are not uploaded to our servers for those tools. For features that explicitly require server-side processing (for example AI PDF reader, OCR), files or extracted text may be transmitted to our infrastructure or to third-party AI providers solely to deliver the requested feature, and are deleted from short-term processing storage as soon as the request completes.

5. Who we share data with

  • Paddle.com Market Limited — our Merchant of Record. Paddle processes payments, subscriptions, invoicing, and tax compliance, and may collect payment, billing, and contact data directly from you at checkout.
  • Hosting and database providers (e.g. Supabase, cloud edge networks) — to operate the Service.
  • AI providers — to power features you choose to use (prompts and document content are sent only when you invoke those features).
  • Analytics and error monitoring providers — to understand usage and detect bugs.
  • Email delivery providers — to send transactional and authentication emails.
  • Professional advisors (legal, accounting) where reasonably necessary.
  • Authorities where required by law or to protect rights, safety, or property.

6. International transfers

Personal data may be transferred to and processed in countries outside your own, including the United States. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

7. Data retention

We keep account and billing data for as long as your account is active and for a reasonable period afterwards to comply with legal, tax, and accounting obligations. Usage logs and error events are kept for a limited period and then aggregated or deleted. Files processed entirely in your browser are not retained by us.

8. Your rights

Depending on your jurisdiction, you may have the right to:

  • access, correct, or delete your personal data;
  • object to or restrict certain processing;
  • port your data to another service;
  • withdraw consent where processing is based on consent;
  • complain to your local data protection authority.

To exercise any of these rights, contact us through the support channel in your account. We will respond within the time required by applicable law (usually one month).

9. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, encrypted storage, access controls, role-based permissions, and audit logging. No system is perfectly secure; you are responsible for keeping your account credentials confidential.

10. Cookies

We use essential cookies and local storage required to operate the Service (for example, to keep you signed in). We may also use limited analytics cookies to understand how the Service is used. You can control cookies through your browser settings.

11. Children

The Service is not directed to children under 13 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal data from children.

12. Changes

We may update this notice from time to time. Material changes will be communicated through the Service or by email. The "Last updated" date at the top reflects the latest revision.

13. Contact

For privacy questions or to exercise your rights, contact Redr Group LLC through the support channel in your account dashboard.