Skip to main content
New Try AI PDF Chat free
Verify Metadata Compress PDF PDF Software

Privacy Policy

Last updated: April 28, 2026

1. Overview

PDFCheck ("we", "our", or "us"), operated by BusinessPress (businesspress.io), provides PDF analysis, validation, and related tools at pdf.businesspress.io, and via our Chrome browser extension.

This Privacy Policy explains what data we collect, why we collect it, how long we keep it, and the rights you have over your data. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable data protection law.

2. Data We Collect

2.1 PDF Files You Upload

When you upload a PDF for analysis, the file is read and processed on our servers. We do not retain the original PDF file — it is discarded from memory immediately after analysis is complete. We do not store, copy, or transmit the file contents to any third party.

AI Chat PDF retention

For PDF AI Chat, PDFCheck stores the original PDF privately and stores extracted page chunks so your chat can continue. The file and chunks are deleted when you delete the chat.

2.2 Analysis Results (Stored)

The results of each analysis are stored on our servers so you can review them and share them via a unique report link. Stored analysis data includes:

  • Original filename
  • File size
  • File hash (SHA-256, used to detect duplicate submissions)
  • Extracted PDF metadata (title, author, creator application, creation date, modification date, PDF version, page count, etc.)
  • Analysis results (validation checks, AI-detection signals, verification status)
  • A unique, randomly generated share token for the report link
  • Timestamp of the analysis

Report links (/analysis/{token}) are persistent and shareable. Anyone with the link can view the report.

2.3 Anonymous (Guest) Usage

Guest users do not need to register. We assign an anonymous session identifier stored in a browser cookie to associate analyses with your session and enforce daily rate limits. We also store:

  • A hashed IP address (to enforce daily check limits — the raw IP is not stored)
  • Session cookie (expires when you close your browser)
  • Number of analyses performed today

2.4 Registered Accounts

If you create an account, we additionally collect and store:

  • Name
  • Email address
  • Hashed password
  • Account creation date and last login date
  • API token(s) you generate
  • Analysis history associated with your account

2.5 Chrome Extension

The PDFCheck Chrome extension sends PDF files to our API (https://pdf.businesspress.io/api/v1) over HTTPS. The extension stores the following data locally on your device using chrome.storage.local:

  • Your optional API token (if you choose to add one)
  • Local history of recent analyses (filenames, file sizes, report tokens, timestamps)

This locally stored data is never transmitted to our servers or any third party. The extension does not collect your browsing history. It only accesses the active page when you explicitly click "Scan page for PDF links".

Chrome Web Store disclosure: The use of information received from Chrome APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements. We do not use extension-collected data for advertising, profiling, or any purpose other than providing the PDF analysis service.

2.6 API Usage

Requests to our API are authenticated with an API token. We log API request counts per token to enforce rate limits. We do not log the content of uploaded files or request bodies beyond what is necessary to return a result.

3. Legal Basis for Processing (GDPR)

Processing activity Legal basis
Analyzing an uploaded PDF and storing the result Contractual necessity (performance of the service you requested)
Daily rate limiting via hashed IP Legitimate interest (preventing abuse and ensuring fair use)
Registered account data (name, email, password hash) Contractual necessity (account management)
Session cookies for guest users Legitimate interest (service delivery without login)
API usage logging Legitimate interest (rate limiting and abuse prevention)

4. How We Use Your Data

We use your data exclusively to:

  • Deliver PDF analysis results to you
  • Make shareable report links available
  • Maintain your analysis history (for account holders and session users)
  • Enforce daily rate limits and prevent abuse
  • Send transactional emails (account verification, password reset) to registered users
  • Respond to support requests

We do not use your data for advertising, profiling, or sell or share it with third parties for any commercial purpose.

5. Data Retention

Data type Retention period
Original PDF file Never stored — discarded immediately after analysis
AI Chat PDF retention The original PDF stays in private storage until you delete this chat.
Analysis results (guest) 90 days, then automatically deleted
Analysis results (registered user) Retained while your account is active; deleted when you delete your account
Registered account data Retained until account deletion is requested
Hashed IP / rate limit counters Rolling 24-hour window
Session cookies (guest) Browser session (expire on browser close)

6. Your Rights

Under the GDPR (and similar applicable laws), you have the following rights regarding your personal data:

Access

Request a copy of the personal data we hold about you.

Rectification

Ask us to correct inaccurate or incomplete data.

Erasure

Request deletion of your data ("right to be forgotten"). Registered users can delete their account and all associated data from account settings. Guest users can email us to request deletion of analysis records by providing the report share token(s).

Portability

Receive your personal data in a structured, machine-readable format.

Restriction

Request that we restrict processing of your data in certain circumstances.

Objection

Object to processing based on legitimate interests.

Complaints

Lodge a complaint with your local supervisory authority (e.g., the ICO in the UK or the relevant Data Protection Authority in the EU).

To exercise any of these rights, contact us at dpo@businesspress.io. We will respond within 30 days.

7. Cookies

We use only strictly necessary cookies. We do not use advertising cookies, tracking pixels, or third-party analytics that identify individual users.

Cookie Purpose Duration
pdfcheck_session Laravel session (links your browser to your anonymous usage data) Browser session / 2 hours of inactivity
XSRF-TOKEN Cross-site request forgery protection (security) Browser session
remember_web_* Persistent login for registered users (only set if you tick "Remember me") 400 days

8. Data Security

  • All data in transit is encrypted using HTTPS (TLS 1.2+)
  • Passwords are hashed using bcrypt and never stored in plain text
  • IP addresses are hashed before storage; raw IPs are not retained
  • Report links use randomly generated tokens — they are not sequential or guessable
  • Our infrastructure is hosted on servers with restricted access
  • We do not retain uploaded PDF file content at any point

If you discover a security vulnerability, please report it responsibly to dpo@businesspress.io.

9. Third-Party Services

PDF analysis is performed entirely on our own servers. We do not send your uploaded files or extracted metadata to any third-party service.

We use a hosting provider for our servers (infrastructure only). Our hosting provider processes data in accordance with GDPR-compliant data processing agreements. They do not access or use your analysis data.

10. International Data Transfers

Our servers are located in the EU/EEA. If you access our service from outside the EU, your data travels to and is stored in the EU. We do not transfer personal data to countries outside the EEA except where required by law or where appropriate safeguards (such as Standard Contractual Clauses) are in place.

11. Children's Privacy

Our service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has submitted data to us, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make material changes, we will update the "last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact & Data Protection Officer

For any questions about this Privacy Policy, to exercise your rights, or to report a concern, contact our Data Protection Officer:

BusinessPress

Data Protection Officer

Email: dpo@businesspress.io

Website: businesspress.io

We aim to respond to all legitimate data protection requests within 30 days. If your request is complex or you have made multiple requests, we may extend this period by a further two months; we will notify you if this is the case.