Privacy Policy
v1.0.0
September 25, 2025
This Privacy Policy explains how Stirling PDF, Inc. (“Stirling,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you visit our websites, use our products and services, or otherwise interact with us.
We design our Services to minimize personal data. We do not sell personal information and do not share it for cross‑context behavioral advertising. We also do not use automated decision‑making that produces legal or similarly significant effects.
If you do not agree with this Policy, please do not use the Services. You can contact us anytime at [email protected] with questions or requests.
1. What information do we collect?
A. Information you provide to us
Account & contact data. Name, email address, organization, and similar information when you create an account, sign up for communications, request support, or otherwise contact us.
Billing. If you purchase a paid offering, payment details are processed by our payment processor (e.g., Stripe). We do not store full payment card numbers.
Content you choose to send us. When you voluntarily share files or information with our support team (e.g., for troubleshooting), we process that content solely to address your request.
Recruiting or event data. Information you submit when applying for a role or signing up for events or surveys.
B. Information collected automatically
Usage & device data. IP address (stored and/or logged in a truncated or full form), browser and device type, pages visited, referring/exit pages, timestamps, and similar diagnostic data to operate, secure, and improve the Services.
Approximate location. We infer a general location from IP address. We do not collect precise (GPS‑level) location.
Cookies & similar technologies. See Section 5.
C. Information from third parties and integrations
Authentication providers. If you log in with a provider (e.g., GitHub or Google), we receive basic profile details permitted by that provider (usually name, email, avatar) for authentication and account linking (see Section 6).
Payments & fraud prevention. Payment processors supply limited data to confirm transactions and prevent fraud.
Google APIs (if you connect them). Where applicable, we access Google user data only to provide requested functionality and handle it in line with the Google API Services User Data Policy (Limited Use).
Self‑hosted vs. SaaS. If you deploy self‑hosted Stirling PDF, your organization controls that environment. We do not access your self‑hosted files or logs unless you choose to share them with us (e.g., support). For our hosted Services (SaaS), we process data as described here to operate the product.
Sensitive data. We do not intentionally collect or process “special categories of personal data” under the GDPR (such as health, biometric, racial/ethnic origin, political opinions, or religious beliefs). Please do not submit such data to us. If you do, we will delete it.
We may collect personal information, such as your name, email address, phone number, or other identifiable information you provide when registering, subscribing to newsletters, or contacting us. Additionally, we may collect usage data, such as your IP address, browser type, pages visited, and other usage details when you interact with the Site. We also use cookies and similar technologies to enhance your experience.
2. How do we use personal information?
We use personal information to:
Provide and maintain the Services (including account creation, authentication, core functionality, and customer support).
Secure and monitor the Services (fraud, abuse, incident detection, and service reliability).
Improve and develop features (analytics, quality assurance, research, and de‑identified reporting).
Communicate with you (service notifications, transactional emails, and—if you opt in—product updates or marketing that you can unsubscribe from at any time).
Comply with law and enforce our terms.
Protect vital interests where required (e.g., to prevent harm).
We do not use personal information for cross‑context behavioral advertising or for automated decisions with legal or similarly significant effects.
3. What legal bases do we rely on (EEA/UK)?
Where GDPR applies, we process personal data on these bases:
Contract (to provide the Services you request).
Legitimate interests (e.g., securing and improving the Services) balanced against your rights.
Consent (e.g., for certain cookies/marketing where required; you may withdraw at any time).
Legal obligation and vital interests where applicable.
When we process customer data on behalf of an organization (e.g., in self‑hosted environments or enterprise arrangements), that organization is the controller and we act as a processor under a separate agreement.
4. When and with whom do we share information?
We share personal information only with:
Service providers that help us operate the Services (e.g., hosting, security, analytics, email, customer support, and payments). They access data under contract and only to perform work for us.
Organizational admins (if your account is provided by your employer or team).
Corporate events (merger, acquisition, or asset transfer) subject to continuity of protections.
Legal/ safety reasons (to comply with law, enforce terms, or protect rights and safety).
We do not sell personal information and do not share it for cross‑context behavioral advertising. We also do not permit our service providers to use your data for their own marketing.
5. Cookies and similar technologies
We use essential cookies to run our site and Services and may use optional analytics cookies to understand usage and improve the product. You can manage preferences through our cookie banner or your browser.
6. How we handle social logins
If you choose to register or log in using a social account (e.g., GitHub or Google), we receive basic profile information permitted by that provider solely to create or link your account. You can disconnect through the provider’s settings and, where applicable, in your account with us.
7. International data transfer
We are a U.S. company and may process information in the United States and other countries. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for transfers from the EEA/UK/Switzerland.
8. How long we keep information
We retain personal information only as long as necessary to provide the Services, comply with law, resolve disputes, and enforce agreements. Account‑level information is kept while your account is active, then deleted or de‑identified within a reasonable period unless a longer retention period is required by law or to establish or defend legal claims.
For example:
Billing and transaction records: 7 years (tax/legal compliance)
Account information: until your account is deleted, then for up to 12 months in backups/logs
Support tickets and correspondence: 2 years
9. How we protect information
We use a combination of organizational and technical measures (access controls, encryption in transit, logging, and other safeguards) designed to protect personal information. No system is 100% secure; you are responsible for maintaining the security of your credentials and devices.
10. Children's Privacy
The Services are not intended for individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we will take appropriate steps to delete it.
11. Your privacy rights (global)
Depending on your location, you may have rights to:
Access the personal information we hold about you;
Correct inaccurate data;
Delete your data;
Port a copy of your data;
Restrict or object to certain processing (including where we rely on legitimate interests);
Withdraw consent (where processing is based on consent); and
Lodge a complaint with your local data protection authority.
In the EEA, UK, and Switzerland, you also have the right to lodge a complaint with your local data protection authority. A list of EU authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en.
In the UK, you can complain to the Information Commissioner’s Office (ICO): https://ico.org.uk.
To exercise rights, see Section 16.
12. Do-Not-Track signals
Most browsers offer Do‑Not‑Track (DNT). Because there is no industry standard for DNT, we currently do not respond to such signals. You can control cookies and analytics as described in Section 5.
13. US state privacy disclosures (including California)
Some U.S. state laws (e.g., California, Colorado, Connecticut, Utah, Virginia, and others) give residents specific rights. We provide the following disclosures:
Categories collected. We generally collect:
Identifiers (e.g., name, email, IP address, account IDs);
Internet/Network activity (e.g., usage logs, device/browser information);
Commercial information at an account level (e.g., subscription status, transaction history via our processor); and
General geolocation (inferred from IP).
We do not collect sensitive personal information, biometric data, precise geolocation, or information about minors as minors.
Purposes. See Sections 2, 4, and 5.
Sources. From you, your devices, and service providers/partners that operate at your direction (e.g., authentication or payment providers).
Disclosure for business purposes. We disclose data to service providers under contract to operate the Services (hosting, security, analytics, payments, customer communications). We have not sold personal information and do not share it for cross‑context behavioral advertising.
Your state rights may include the ability to: access/know, correct, delete, obtain a portable copy, and opt out of sale, sharing, targeted advertising, and certain profiling.
Because we do not sell or share personal information and do not engage in targeted advertising or significant profiling, our opt‑out is currently a confirmation of that practice.
You will not be discriminated against for exercising your rights.
See Section 16 to submit a request. We may verify your identity and, where permitted, respond through an authorized agent.
14. Changes to this Policy
We may update this Policy from time to time. The “Last updated” date reflects the latest version. Material changes will be posted on this page (and, where appropriate, notified to you).
15. How to contact us
Email: [email protected]
Mail: Stirling PDF, Inc., 548 Market Street PMB 887643, San Francisco, CA 94104, United States.
For EU/UK residents: Stirling PDF, Inc. is the data controller of your personal information. We have appointed Anthony Stirling, United Kingdom, as our EU/UK representative for purposes of the General Data Protection Regulation (GDPR) and the UK GDPR. You may contact him regarding GDPR matters at [email protected].
16. How to access, update, or delete your information
You can submit a privacy request to access, correct, delete, or export your personal information by emailing [email protected] with the subject line “Privacy Request.” We will verify your request and respond as required by applicable law.