Skip to content
PDFSamurai

Legal

GDPR Compliance.

Last updated · 3 November 2025

PDFSamurai is committed to compliance with the UK General Data Protection Regulation, the EU General Data Protection Regulation and the UK Data Protection Act 2018. This page summarises the practical steps we have taken to meet those obligations. Read alongside our Privacy Policy.

1. Data minimisation by design

The defining feature of PDFSamurai is that we have engineered the tools so they do not need to receive your documents. PDFs are processed in your browser using JavaScript and WebAssembly. As a result, the most sensitive category of data on a document manipulation site — the documents themselves — is never collected, stored, processed or transferred by us. This is data minimisation taken about as far as it can go.

2. Lawful bases

We rely on the lawful bases set out in our Privacy Policy. Where consent is the basis (notably for advertising cookies), it is collected through an opt-in banner that lets you accept or refuse before any non-essential technology is loaded.

3. Your rights

You can exercise the following rights under the GDPR:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete data we hold.
  • Restriction — limit how we process your data while a question is resolved.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — change your mind at any time about consent-based processing.

To exercise any of these, write to privacy@pdfsamurai.co.uk. We will respond within one month, in line with the GDPR's requirements, and will not charge you a fee unless your request is manifestly unfounded or excessive.

4. International transfers

Our infrastructure providers may process data outside the UK and EEA. Where transfers occur, we rely on the UK International Data Transfer Addendum or Standard Contractual Clauses adopted by the European Commission, supplemented by additional measures where appropriate.

5. Data breach response

Because we do not store your documents, the surface area for a breach is unusually small. We monitor our infrastructure, apply security updates promptly, and have a written incident-response procedure. In the unlikely event of a breach affecting personal data, we will notify the relevant supervisory authority within 72 hours where required, and notify affected individuals where the risk warrants it.

6. Children

Our Service is not directed at children under 16 and we do not knowingly collect their personal data.

7. Complaints

If you believe we have not handled your personal data properly, please contact us first at privacy@pdfsamurai.co.uk. You are also entitled to complain to a supervisory authority:

  • UK — Information Commissioner's Office (ico.org.uk)
  • EEA — your country's national data protection authority

8. Updates

Material updates to this page will be reflected by changing the “Last updated” date.