# Security

URL: https://pdf.net/policies/security

Your documents contain sensitive information. We build pdf.net with security at the core, not as an afterthought.

## Secure Infrastructure

### Enterprise-Grade Cloud Platform

We run on Google Cloud Platform, leveraging infrastructure trusted by the world's largest organizations. This means your data benefits from the same security controls used by Fortune 500 companies.

### Encryption Everywhere

- **In Transit**: All data transfers use End-to-End HTTPS/TLS encryption. Your documents are protected from the moment they leave your device.
- **At Rest**: Customer data-including files and database records-is encrypted using AES-256, the same standard used by governments and financial institutions worldwide.

### Reliability You Can Count On

Our infrastructure is designed for 99.99% uptime. We use redundant systems, automated backups, and monitoring to ensure pdf.net is available when you need it.

### Access Controls

Access to customer data is strictly limited and follows the principle of least privilege. Only essential personnel have access to production systems.

### Two-Factor Authentication

Two-Factor Authentication (2FA) is enabled by default for all accounts, adding an extra layer of security to protect your documents and account from unauthorized access.

### Payment Security

All payment processing is handled by PCI DSS certified providers, ensuring your credit card data is protected according to Payment Card Industry Data Security Standards. We never store your payment information on our servers.

## How We Handle Your Data

### Your Documents Are Yours

We treat your files as confidential information. Period.

- **We do not sell** your documents, metadata, or any derived information.
- **We do not share** document content with third parties for advertising, marketing, or data brokerage.
- **We do not train models** on your documents without explicit permission.

### Purpose-Limited Processing

When you use AI-powered features (like summarization or data extraction), we process your document only to fulfill that specific request. The processing is:

- Immediate and temporary
- Scoped to the feature you requested
- Governed by strict data processing agreements with our AI providers

## Third-Party Service Providers

Like all modern cloud platforms, pdf.net relies on carefully selected service providers. Each provider is chosen for reliability and security, and operates under contractual agreements that:

- **Limit data use** strictly to delivering services to pdf.net
- **Prohibit use of your documents for training**, profiling, advertising, or resale
- **Require compliance** with data protection standards

### Infrastructure & Storage
- Google Cloud Platform (GCP)
- Cloudflare
- Vercel

### AI & Processing
- Anthropic
- Mistral AI
- OpenAI

### Analytics & Monitoring
- Amplitude
- Axon (axon.ai)
- Google Analytics
- Google reCAPTCHA
- Langfuse
- Sentry

### Payments
- Apple Pay
- Braintree
- Checkout.com
- Google Pay
- PayPal
- Sticky.io

### Operations & Communication
- Customer.io
- MaxMind
- Twilio SendGrid
- Trustpilot

## Commitment to Transparency

We believe security and privacy should be clear, not hidden in legal jargon.

We follow industry-standard security practices and partner with providers that maintain enterprise compliance certifications, ensuring your data is handled with the highest level of care.

### Privacy Policy
For detailed information about how we collect, use, and protect your personal information, please review our [Privacy Policy](/policies/privacy).

### Questions?
If you have specific security requirements or questions about our practices, please contact us at [privacy@pdf.net](mailto:privacy@pdf.net). We're happy to discuss our security posture in detail.