StitchStitch logo

Privacy Policy

Last updated: February 28, 2026

1. Who We Are

StitchPDF is operated by Gorg Rails Tech Solutions, Limitada, a company established in Portugal.

For the purposes of data protection laws, we act as the data controller of your personal data.

For privacy inquiries, contact: [email protected]

2. Overview

StitchPDF is designed to minimize data collection.

Most PDF operations (merge, split, reorder, sign, image conversion) are processed locally in your browser using your device's resources.

Files are only transmitted to our servers when necessary, such as for password protection or when you are signed in and choose to store files in your dashboard.

Our servers are located in Germany (European Union).

3. Data We Collect

We may collect the following categories of data:

Account Information

When you create an account, we collect:

  • Email address
  • Encrypted password

Payment Information

Payments are processed by Stripe. We do not store credit card details. Stripe processes payment data according to its own privacy policy.

Usage Data

We use Google Analytics to understand how our service is used (e.g., pages visited, features used).

You can opt out using your browser settings or the Google Analytics opt-out extension.

4. Your Files

Processing

Most PDF operations are processed entirely in your browser.

Password protection requires temporary server-side processing. Files used for password protection are automatically deleted within 24 hours.

Storage

If you are signed in, processed files may be stored on our servers so they are accessible from your dashboard.

For free accounts, dashboard files are automatically deleted after 24 hours. For paid accounts (Plus and Pro), files remain stored until you delete them.

Files are encrypted at rest.

When you delete a file, it is permanently removed from our systems.

Anonymous users' files are not stored on our servers, except temporary processing required for password protection.

Saved Signatures

Saved signatures are stored securely until you delete them.

5. Legal Basis for Processing (EEA Users)

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases:

  • Performance of a contract — to provide PDF services and manage your account
  • Legitimate interests — to ensure security and prevent abuse
  • Consent — for analytics cookies

6. Data Retention

  • Account data is retained while your account remains active.
  • Free account files are automatically deleted after 24 hours.
  • Paid account files (Plus and Pro) remain until deleted by you.
  • Password-protection processing files are deleted within 24 hours.
  • Analytics data retention is governed by Google Analytics settings.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • HTTPS encryption (TLS)
  • Secure password hashing
  • Encrypted storage
  • Restricted server access

8. International Data Transfers

All primary data processing occurs within the European Union (Germany).

If any service providers process data outside the EU, we ensure appropriate safeguards are in place as required by law.

9. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Request correction
  • Request deletion
  • Restrict or object to processing
  • Request data portability
  • Lodge a complaint with your local supervisory authority

You can delete your files directly from your dashboard.

To delete your account and associated data, contact [email protected].

10. Children

StitchPDF is not intended for users under the age of 13.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of the service after changes constitutes acceptance of the updated policy.