Documentation

Privacy Best Practices

Protect privacy while using PDF Ghost

Understanding and following privacy best practices helps protect both your organization and your recipients.

Data Collection

What Data PDF Ghost Collects

User Account Data

  • Email address (for authentication)
  • Name (for display purposes)
  • Password (encrypted)
  • Profile picture (optional)

Organization Data

  • Organization name
  • Team member list
  • Billing information
  • Usage statistics

Job Data

  • Original PDF files
  • Recipient information (emails or names)
  • Fingerprinting options
  • Generated artifacts

Usage Data

  • Login activity
  • Job creation and downloads
  • Feature usage
  • Error logs
  • Basic cookieless telemetry is always on; cookie consent controls sensitive analytics enrichment only.

What PDF Ghost Doesn't Collect

  • Content of your documents is not analyzed
  • Recipient personal data beyond what you provide
  • Browsing history outside the application
  • Contact lists or address books
  • Social media information

Minimizing Data Collection

Only Collect What's Needed

Recipient Information

  • Use email addresses only (not full profiles)
  • Don't include unnecessary personal data
  • Remove recipients from list after distribution
  • Use generic identifiers when possible

Document Content

  • Remove unnecessary metadata before upload
  • Redact sensitive information
  • Use minimum required pages
  • Don't include draft or scratch notes

Recipient Privacy

Respect Recipient Information

  • Only use data for intended purpose
  • Don't share recipient lists
  • Secure storage of recipient data
  • Delete when no longer needed

Inform Recipients

  • Let recipients know documents are fingerprinted
  • Explain the purpose (leak prevention)
  • Provide contact for questions
  • Be transparent about tracking

Data Storage and Retention

Storage Policies

Where Data is Stored

  • Secure cloud storage (encrypted)
  • Database with access controls
  • Automatic backups
  • Geographic redundancy

How Long Data is Kept Retention periods vary by plan:

  • Free: 7 days
  • Starter: 30 days
  • Pro: 90 days
  • Team: 180 days
  • Enterprise: 365 days (1 year)

What Happens After Retention

  • Artifacts automatically deleted
  • Job metadata retained (no PDFs)
  • Billing records kept per regulations
  • Audit logs maintained

Managing Your Data

Download Your Data

  • Export job history
  • Download all artifacts
  • Save recipient lists
  • Export reports

Delete Your Data

  • Delete individual jobs
  • Remove organization
  • Delete account (removes all data)
  • Request data deletion (contact support)

Compliance

GDPR Compliance

For EU Recipients

  • Lawful basis for processing
  • Minimal data collection
  • Right to access data
  • Right to deletion
  • Data portability
  • Privacy by design

Your Responsibilities

  • Obtain consent when required
  • Provide privacy notices
  • Honor data subject requests
  • Report breaches promptly

CCPA Compliance

For California Recipients

  • Disclose data collection
  • Allow opt-out of sale (not applicable)
  • Provide access to data
  • Enable data deletion
  • Non-discrimination

Other Regulations

HIPAA (Healthcare)

  • Business Associate Agreement may be needed
  • Additional security measures
  • Audit trail requirements
  • Enterprise features recommended

FERPA (Education)

  • Student privacy protections
  • Parental access rights
  • Secure handling of education records

Sharing and Access

Internal Sharing

Within Your Organization

  • Only share with necessary team members
  • Use appropriate role assignments
  • Audit access regularly
  • Remove access promptly when not needed

Job Visibility

  • Organization members can view jobs with ORGANIZATION privacy
  • Job artifacts are downloadable based on job privacy and access rules
  • Admin and Owner roles govern organization-scoped resources only
  • Members can create jobs and download artifacts they are authorized to access
  • Job ownership is mandatory (userId is required on every job); before member/user removal, resolve owned jobs by deletion or reassignment

External Sharing

With Recipients

  • One artifact per recipient only
  • Use secure transmission methods
  • Don't bulk-share download links
  • Track distribution

With Third Parties

  • PDF Ghost doesn't share your data
  • No advertising or marketing use
  • No data selling
  • Processors bound by agreements

Privacy Features

Built-in Privacy Protection

Organization Isolation

  • Each organization's data is separate
  • No cross-organization access
  • Independent billing and storage
  • Secure multi-tenancy

Encryption

  • Data encrypted in transit (HTTPS)
  • Data encrypted at rest
  • Secure key management
  • Modern encryption standards

Access Controls

  • Role-based access (Owner, Admin, Member)
  • Session management
  • Two-factor authentication
  • Automatic logout

Audit Trails

  • All access logged
  • Download tracking
  • Member activity
  • Leak check history

Privacy Best Practices

For Organizations

Policy Development

  • Create internal privacy policy
  • Document data handling procedures
  • Train team members
  • Regular privacy reviews

Data Minimization

  • Only fingerprint necessary documents
  • Remove old jobs promptly
  • Limit recipient information
  • Use shortest retention period needed

Access Management

  • Assign minimum necessary permissions
  • Review access quarterly
  • Revoke access for departing members
  • Monitor for unusual activity

For Individual Users

Personal Data Protection

  • Use strong passwords
  • Enable two-factor authentication
  • Review active sessions
  • Sign out on shared devices

Recipient Respect

  • Don't over-distribute documents
  • Honor confidentiality requests
  • Secure recipient information
  • Delete data when done

Data Breach Response

If You Discover a Breach

  1. Immediate Actions

    • Change passwords
    • Revoke compromised sessions
    • Document the incident
    • Assess scope of breach

  2. Notification

    • Notify PDF Ghost support
    • Inform affected individuals
    • Report to authorities if required
    • Follow internal procedures

  3. Investigation

    • Determine cause
    • Identify affected data
    • Assess potential harm
    • Implement remediation

  4. Prevention

    • Update security measures
    • Review access controls
    • Train team members
    • Update procedures

Privacy Settings

Account Privacy

Profile Visibility

  • Control what information is visible
  • Manage profile picture
  • Username privacy
  • Email visibility to team

Activity Privacy

  • Job creation visibility
  • Download history
  • Usage statistics
  • Activity logs

Organization Privacy

Member Information

  • Who can see member list
  • Contact information sharing
  • Role visibility
  • Activity tracking

Job Privacy

  • Who can view jobs
  • Download permissions
  • Artifact access
  • History retention

Questions About Privacy

Common Privacy Questions

"Can PDF Ghost see my document content?" PDF Ghost processes your PDFs to add fingerprints but doesn't read or analyze the content for any other purpose.

"Who has access to my jobs?" Access depends on job privacy:

  • USER jobs are visible to the job owner and organization Owners/Admins
  • ORGANIZATION jobs are visible to members of that organization (based on role permissions)

"How long is my data kept?" Artifacts are kept according to your plan's retention period, then automatically deleted.

"Can I delete all my data?" Yes, you can delete individual jobs, your organization, or your entire account.

"Is my data sold or shared?" No, PDF Ghost never sells your data or shares it with third parties for marketing.

Next Steps

Privacy Best Practices | Documentation | PDF Ghost