Security Best Practices

Follow these security best practices to maximize protection when using PDF Ghost.

Account Security

Strong Authentication

Use Strong Passwords

• Minimum 12 characters
• Mix of uppercase, lowercase, numbers, symbols
• Avoid common words or patterns
• Don't reuse passwords from other services

Enable Two-Factor Authentication If available in your organization:

• Add authenticator app (Google Authenticator, Authy, etc.)
• Save backup codes in secure location
• Don't share codes with anyone
• Use different 2FA for different services

Session Management

Review Active Sessions Regularly

• Check Settings → Security → Active Sessions
• Look for unfamiliar devices or locations
• Revoke any suspicious sessions immediately

Sign Out When Done

• Always sign out on shared computers
• Use private/incognito mode on public devices
• Don't save passwords in public browsers

Social Login Security

If using connected accounts:

• Keep your Google/GitHub account secure
• Review authorized applications regularly
• Revoke access if no longer needed

Organization Security

Team Member Management

Principle of Least Privilege

• Give members only the access they need
• Use Member role for regular users who create jobs
• Reserve Admin for trusted team leaders
• Only give Owner role when transferring organization control

Regular Access Reviews

• Review member list monthly
• Remove departing employees immediately
• Audit admin access quarterly
• Update roles when responsibilities change

Invitation Security

• Verify email addresses before inviting
• Don't send invitations to external addresses
• Revoke unused invitations
• Use corporate email domains only

Job Security

Recipient Verification Before creating a job:

• Double-check all recipient emails
• Verify names are correct
• Remove any test or invalid entries
• Confirm you have authorization to send

Visible Watermarks Consider using visible watermarks:

• Deters unauthorized sharing
• Reminds recipients of confidentiality
• Provides visual confirmation of fingerprinting
• Can include confidentiality notices

Distribution Security When sending fingerprinted PDFs:

• Use encrypted email when possible
• Secure file sharing services only
• Never post in public locations
• Track who received what and when

Document Protection

Before Fingerprinting

Document Preparation

• Remove sensitive metadata first if needed
• Ensure document is final version
• Check for embedded objects or scripts
• Test PDF opens correctly

Content Review

• Verify all information is appropriate
• Remove draft markers or comments
• Check page numbers and ordering
• Ensure proper formatting

After Distribution

Monitor for Leaks

• Set up Google Alerts for document keywords
• Check relevant forums or sites
• Review employee departure procedures
• Conduct periodic audits

Recipient Education Educate recipients about:

• Confidentiality requirements
• Consequences of unauthorized sharing
• Proper handling procedures
• Who to contact with questions

Data Protection

Privacy Considerations

Minimal Data Collection

• Only add necessary recipient information
• Don't include excessive personal data
• Use email addresses instead of full profiles
• Review data retention policies

Secure Storage

• Download artifacts promptly
• Store locally in encrypted drives
• Use secure backup solutions
• Delete from PDF Ghost when no longer needed

Data Retention

• Retention periods vary by plan (Free: 7 days, Starter: 30 days, Pro: 90 days, Team: 180 days, Enterprise: 365 days)
• Download important artifacts promptly before your plan-specific retention period expires
• Delete jobs when distribution is complete
• Archive systematically

Compliance

Industry Regulations Ensure compliance with:

• GDPR (for EU recipients)
• CCPA (for California recipients)
• HIPAA (for healthcare documents)
• SOX (for financial documents)
• Industry-specific requirements

Internal Policies

• Follow your organization's data handling policies
• Document distribution procedures
• Maintain audit trails
• Report incidents properly

Incident Response

If You Suspect a Leak

1. Document Everything

   • Save the leaked document
   • Note where you found it
   • Record date and time
   • Screenshot the location

2. Use Leak Detection

   • Upload the document to PDF Ghost
   • Run leak analysis
   • Save the results
   • Export the evidence report

3. Internal Investigation

   • Don't confront recipient immediately
   • Review distribution records
   • Check job history
   • Assess damage

4. Escalate Appropriately

   • Notify your security team
   • Contact legal counsel if needed
   • Follow incident response procedures
   • Report to management

If Your Account is Compromised

1. Immediate Actions

   • Change your password immediately
   • Revoke all active sessions
   • Enable two-factor authentication
   • Review recent activity

2. Assess Impact

   • Check recent jobs created
   • Review member changes
   • Verify billing information
   • Look for unauthorized access

3. Notify Others

   • Alert your organization admins
   • Contact PDF Ghost support
   • Inform affected team members
   • Update security procedures

Best Practices Checklist

Daily

• Sign out when leaving workstation
• Verify recipient information before creating jobs
• Use strong, unique passwords

Weekly

• Review active sessions
• Check for completed jobs to download
• Monitor plan usage

Monthly

• Review organization members
• Audit job history
• Update passwords
• Review security settings

Quarterly

• Comprehensive access review
• Security training for team
• Update security procedures
• Compliance audit

Security Features in PDF Ghost

Built-in Protection

Invisible Fingerprinting

• Undetectable to recipients
• Survives printing and scanning (to some degree)
• Unique per recipient
• Cryptographically secure

Secure Storage

• Encrypted at rest
• Secure transmission (HTTPS)
• Isolated per organization
• Regular security audits

Access Controls

• Role-based permissions
• Organization isolation
• Secure authentication
• Session management

Audit Trail

• All actions logged
• Job creation tracked
• Download events recorded
• Member activity monitored

Next Steps

• Review Privacy Practices
• Learn about Leak Detection
• Read FAQ