Privacy Policy

The short version

OneClickPDF is built on a simple principle: your documents are yours. Almost every tool on this site processes your files entirely inside your web browser. Your files never leave your device, are never uploaded to a server, and we cannot see them.

A small number of tools work differently, by design, because the feature genuinely requires server-side processing. We name each one explicitly below, explain exactly what is sent, where it goes, and how long it is kept. We use no advertising cookies, no cross-site tracking, and we do not sell or share personal information.

You do not need an account, an email address, or a payment method to use any free tool on this site.

At-a-glance processing map

This table shows, for every tool and feature, where the processing actually happens. Detailed explanations follow below.

Who we are

OneClickPDF.net is operated by Intellinapse Ltd, a private limited company registered in England and Wales (Company No. 16587897), with its registered office at 4 Park Drive, Romford, England, RM1 4LJ.

Intellinapse Ltd is the data controller for personal data processed in connection with the OneClickPDF service, for the purposes of the UK General Data Protection Regulation (UK GDPR, as amended by the Data (Use and Access) Act 2025 in force 5 February 2026), the EU GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

How to contact us

For any privacy-related question, request, or concern, contact us at:

• Email: privacy@oneclickpdf.net
• Postal: Intellinapse Ltd, 4 Park Drive, Romford, England, RM1 4LJ, United Kingdom

We aim to respond to privacy requests within five working days, and to substantive rights requests within the UK GDPR statutory window of one calendar month (extendable by two further months for complex requests, with notification to you).

Data Protection Officer (DPO) status

Intellinapse Ltd is not required to appoint a statutory Data Protection Officer under UK GDPR Article 37 because we are not a public authority, our core activity does not involve large-scale systematic monitoring of individuals, and we do not process special category data on a large scale.

We have nonetheless designated a privacy contact point (the privacy@oneclickpdf.net inbox above) to handle all privacy queries and rights requests. You retain the right to complain directly to the Information Commissioner's Office (see "Your right to complain" below).

File processing in detail

Free tools — processed entirely in your browser

Most free file processing on OneClickPDF runs inside your web browser using JavaScript and WebAssembly. The file is loaded into your browser's memory, processed locally using your device's own CPU, and the result is downloaded directly to your device.

This includes: merge, split, compress, sign, edit, redact, rotate, organise pages, delete pages, watermark, add page numbers, crop, edit metadata, PDF to JPG / PNG / Excel / PPT, image conversion, OCR, extract text, extract images, and developer utilities (JSON diff, JSON beautifier, text tools). For these tools, your files are never sent to our servers and never sent to any third party. We cannot see, store, log, index, profile, or recover them. If you close the browser tab, the file is gone from memory.

Premium PDF to Word ($0.99 per document)

PDF to Word conversion is Premium-only. We do not offer a free tier for this specific conversion because every open-source PDF-to-Word library produces poor output (broken paragraphs, missing fonts, garbled tables, no OCR for scans). Rather than ship a mediocre free version, we use Adobe's commercial PDF Services API directly. Your PDF is sent to Adobe for the conversion, then deleted by Adobe per their data handling policy after processing. OneClickPDF does not retain a copy of the source PDF or the resulting Word document.

Word / Excel / PowerPoint to PDF (free + premium)

These three Office-to-PDF tools require server-side conversion — the file formats are too complex to convert reliably in the browser. The free tier sends your file to our conversion server (hosted in London) and returns a PDF with selectable text, embedded fonts, and accurate formatting. Files are deleted immediately after conversion. The optional premium tier ($0.99 per document) sends the file to Adobe PDF Services for accessibility-grade tagged PDF output (WCAG 2.1 AA / Section 508); Adobe deletes the file after processing per their data handling policy. A 50 MB file-size cap applies to both tiers. Neither tier retains a copy.

AI-powered tools — Chat with PDF, Summarizer, Question Generator

Our AI-powered tools extract the plain text from your PDF locally in your browser. Only the extracted text — not your PDF file — is sent to the Google Gemini API for AI processing. Your PDF file stays on your device throughout.

Google processes the text under the Google Gemini API Terms of Service. We do not retain a copy of the text on our servers. Your first three uses are free; further use requires a $0.99 day pass that unlocks the AI tools for 24 hours. You should not paste content into AI tools that you are not comfortable sending to Google for processing — for example, confidential medical, legal, or financial documents that you have not been authorised to share.

Translate PDF (free)

The Translate tool extracts text from your PDF locally in your browser and sends only the extracted plain text to the Google Translate API. Your PDF file is not sent. Translated text returns to your browser and is not stored on our servers.

Sign from Phone (optional)

The Sign PDF tool offers an optional feature to draw a signature on your phone and transfer it to a desktop browser session. When you use this feature, a short-lived session is created on our infrastructure (hosted by Upstash) that holds only the drawn signature image. The session expires and the data is automatically deleted after 10 minutes. Your PDF file is not transmitted. If you prefer not to use Sign from Phone, you can draw, type, or upload your signature directly on your desktop, and the signature stays entirely in your browser.

Scan from Phone (optional)

The Scan to PDF tool offers an optional feature to capture images on your phone and transfer them to a desktop browser session. When you use this feature, a short-lived session is created on Upstash that holds the captured images (up to 800 KB each, maximum 20 images per session). The session expires and the data is automatically deleted after 10 minutes. If you prefer not to use Scan from Phone, you can upload images directly on your desktop.

Webpage to PDF

To render a webpage as a PDF, our server fetches the HTML of the URL you enter and returns it to your browser. The actual PDF rendering happens in your browser. We do not store the URL or the fetched HTML on our servers. The URL is processed only in transit to perform the fetch.

Analytics, cookies, and tracking

What we use. If you accept the cookie banner, we use Google Analytics 4 to understand which tools are popular, how users navigate the site, and where we can improve. Google Analytics collects anonymous usage data such as which pages were visited, which tools were opened, approximate geographic region, basic device type, and browser. It does not see or record the contents of any file you process.

What we do not use. We do not use advertising cookies. We do not use cross-site tracking. We do not use Facebook Pixel, TikTok Pixel, or any other advertising or attribution tracker. We do not set any third-party cookies for advertising or marketing purposes. We do not sell or share your personal information.

How consent works. When you first arrive on the site, you see a cookie consent banner with two choices: Accept and Decline. No analytics scripts are loaded and no analytics cookies are set unless you choose Accept. If you choose Decline, the site works exactly the same way and no analytics data is collected at all.

Withdrawing consent. If you previously accepted and want to withdraw consent, clear the cookies for this domain in your browser settings — the banner will reappear on your next visit so you can change your choice. We also respect the "Do Not Track" intent expressed via standard browser controls: if you decline the banner, no analytics request is made.

Cookies we set when you consent. Only after explicit opt-in, Google Analytics sets first-party cookies (typically named _ga and _ga_*) containing a randomly generated identifier used to distinguish unique visitors. These do not contain personal data such as your name, email, or document content. For a full cookie list and durations, see our Cookie Policy.

Local storage in your browser

Some features (such as saved signatures, last-used tool preferences, and your consent choice itself) use your browser's localStorage to remember settings between sessions. This data is stored only on your device and is never transmitted to us or to any third party. You can clear it at any time through your browser settings.

Payments

Paid features — Premium PDF to Word ($0.99 per document), Office-to-PDF premium ($0.99 per document), and the AI tools day pass ($0.99 per 24 hours) — are processed by Stripe. When you choose to pay, your card details (card number, expiry, CVC) are submitted directly to Stripe through Stripe Elements; the card data never touches our servers.

From Stripe, we receive only the information needed to confirm the payment (a PaymentIntent ID and confirmation status). We do not store any payment card information. You do not need to create an account to pay.

Refunds

If a premium conversion fails entirely and no output file is produced, you are entitled to a full refund. Contact us at privacy@oneclickpdf.net with your payment reference and we will process the refund promptly. This does not affect your statutory rights under the UK Consumer Rights Act 2015.

Refunds are not available for quality-related concerns about premium conversions. The output quality is determined by Adobe's PDF Services engine; OneClickPDF acts as an intermediary between you and Adobe's API and does not control or guarantee the output quality. Results may vary depending on the complexity and structure of the source document.

Lawful bases for processing

Under the UK GDPR (as amended by the Data (Use and Access) Act 2025, in force 5 February 2026) and the EU GDPR, we rely on the following lawful bases for the personal data we process:

• Consent (Article 6(1)(a)): Site analytics are collected only after you explicitly opt in via the cookie banner. You can withdraw this consent at any time by clearing the site's cookies, which restores the banner.
• Contract performance (Article 6(1)(b)): When you choose to use a server-side conversion (Office to PDF, Premium PDF to Word), the AI-powered tools, or the Translate PDF tool, processing the data required to deliver that service is necessary to perform the agreement you entered into by requesting the service.
• Contract performance (Article 6(1)(b)): When you purchase a premium feature, processing your payment through Stripe is necessary to fulfil the purchase you have requested.
• Legitimate interests (Article 6(1)(f)): We rely on legitimate interests for (a) temporary session storage to deliver the Sign from Phone and Scan from Phone features (the legitimate interest being delivering the optional feature you requested, balanced against your privacy by limiting the session to 10 minutes and storing only the minimum data needed); and (b) basic site security measures such as rate limiting and abuse prevention. We have completed a Legitimate Interests Assessment for these purposes.
• Legal obligation (Article 6(1)(c)): Where we are required by law — for example, retaining tax-relevant records of paid transactions for HMRC purposes — we process personal data on the basis of legal obligation.

We do not currently rely on the "recognised legitimate interest" basis introduced by Schedule 4 of the Data (Use and Access) Act 2025. If this changes, we will update this policy and explain the change clearly.

We do not process any special category data (UK GDPR Article 9) such as health data, biometric data used for identification, or data revealing political opinions for our own purposes. If a user happens to upload a document containing such data into a browser-based tool, that data stays in the user's browser and is never seen by us.

Automated decision-making and profiling

Under UK GDPR Article 22A (as amended by the Data (Use and Access) Act 2025), individuals have specific protections in relation to decisions made solely by automated means that produce legal or similarly significant effects.

OneClickPDF does not make any solely automated decisions about you that produce legal or similarly significant effects. The AI-powered tools (Chat with PDF, Summarizer, Question Generator, Translate) operate on document text you submit, not about you, and do not make decisions about you, your eligibility for anything, or any other significant matter.

We do not engage in profiling for marketing, credit, employment, or any other purpose.

International data transfers

OneClickPDF is operated from the United Kingdom but uses infrastructure and third-party services located outside the UK and the European Economic Area. The table below identifies each transfer and the legal mechanism we rely on.

Where data is transferred outside the UK, we rely on the UK Government's adequacy regulations, the UK Extension to the EU-U.S. Data Privacy Framework, or the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, as appropriate to the specific recipient. We have entered into the relevant Data Processing Agreements with each processor and keep them under periodic review.

Data retention

We retain personal data only for as long as necessary for the purposes set out in this policy, after which it is deleted or anonymised.

Your rights

Under the UK GDPR and the EU GDPR, you have the following rights in relation to your personal data:

• Right to be informed: to know what personal data we hold and how we use it. This privacy policy provides that information.
• Right of access: to request a copy of any personal data we hold about you.
• Right to rectification: to ask us to correct any inaccurate personal data we hold about you.
• Right to erasure: to request the deletion of your personal data.
• Right to restriction of processing: to ask us to limit how we use your personal data in certain circumstances.
• Right to data portability: to receive your personal data in a structured, commonly used, machine-readable format.
• Right to object: to processing based on legitimate interests, and to direct marketing (we do not currently send direct marketing).
• Right to withdraw consent: to withdraw consent (for example, for analytics) at any time, as easily as it was given. Clear this site's cookies in your browser settings and the banner will reappear so you can change your choice.
• Rights in relation to automated decision-making: where applicable under UK GDPR Article 22A and EU GDPR Article 22. As stated above, OneClickPDF does not perform automated decisions with legal or similarly significant effects.

Because we do not require accounts and process almost all data client-side, in practice we hold very little personal data about you. To exercise any of these rights, contact us at privacy@oneclickpdf.net. We will respond within one calendar month, in line with UK GDPR Article 12(3). For complex requests we may extend this by two further months and will tell you within the first month if we do.

We will not charge you for exercising your rights, unless your request is manifestly unfounded or excessive (for example, repetitive), in which case we may either charge a reasonable fee or refuse the request, explaining why.

Your right to complain

If you are not satisfied with how we have handled your personal data or a privacy request, you have the right to lodge a complaint with a supervisory authority.

For users in the UK, the supervisory authority is:

• Information Commissioner's Office (ICO)
• Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
• Telephone: 0303 123 1113
• Website: https://ico.org.uk/make-a-complaint/

For users in the European Union, you can complain to the data protection authority of your country of residence, place of work, or where the alleged infringement occurred.

Data breach notification

In the unlikely event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the UK Information Commissioner's Office without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in line with UK GDPR Article 33.

Where a breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify affected individuals directly and without undue delay, in line with UK GDPR Article 34. Notifications will describe the nature of the breach, the likely consequences, the measures taken or proposed to address it, and a point of contact for further information.

Because the vast majority of our processing happens entirely inside the user's browser, the scope for a personal data breach affecting our infrastructure is structurally limited. The most realistic risk surface is the short-lived session data used by Sign from Phone, Scan from Phone, and payment verification — each of which is automatically deleted within 24 hours at most.

Data protection principles

We apply the seven data protection principles in UK GDPR Article 5 to every part of the OneClickPDF service:

• Lawfulness, fairness and transparency: we process data on clearly stated lawful bases and explain our processing in this policy in plain English.
• Purpose limitation: we use personal data only for the purposes described in this policy.
• Data minimisation: our architecture is built around minimisation — most files never leave the user's browser, so we never possess the data in the first place.
• Accuracy: we have no accounts, so there is no stored profile to keep accurate. Where you give us information for a rights request, we will correct any inaccuracy on request.
• Storage limitation: we retain data only for the documented periods set out in the Data Retention table above.
• Integrity and confidentiality (security): data in transit is protected by TLS 1.2 or higher. Session data in Upstash Redis is accessed only via authenticated keys with TTL expiry. Payment data flows directly to Stripe and never touches our infrastructure.
• Accountability: we keep records of our processing activities, our Legitimate Interests Assessments, and our Data Processing Agreements with the third parties listed above, and can produce them on request from a supervisory authority.

Third-party services we use

Full details of the third-party services we rely on, the data each one receives, and links to each provider's own privacy policy:

• Vercel — hosting and global content delivery. vercel.com/legal/privacy-policy
• Stripe — payment processing for premium features. Card details go directly to Stripe; they never reach our servers. stripe.com/privacy
• Adobe PDF Services — server-side conversion for the Premium PDF to Word and Office-to-PDF premium tier. adobe.com/privacy/policy.html
• Fly.io — hosts our conversion server (London region) used for the free Office-to-PDF tier. fly.io/legal/privacy-policy/
• Google Gemini API — AI text processing for Chat with PDF, Summarizer, and Question Generator. Only extracted text is sent — your PDF stays in your browser. ai.google.dev/gemini-api/terms
• Google Translate API — text translation for the Translate PDF tool. cloud.google.com/translate/docs/tos
• Google Analytics — anonymous usage analytics, only when you consent. policies.google.com/privacy
• Upstash — temporary session storage for mobile signature/scan features and payment verification tokens. upstash.com/trust/privacy.html
• jsDelivr CDN — static asset delivery for OCR language model files used by the PickText Chrome extension. No personal data is sent. jsdelivr.com/terms/privacy-policy-jsdelivr-net

Chrome extensions

PickText OCR

The PickText OCR Chrome extension performs all optical character recognition processing locally in your browser using Tesseract.js WebAssembly. No images and no extracted text are sent to any server. The English language model is bundled with the extension; other language models are downloaded on demand from the jsDelivr public CDN and then cached locally on your device. The extension stores your OCR history and settings only in chrome.storage.local on your device. The extension contains links to oneclickpdf.net but does not transmit any data to our servers.

ScreenSnap

The ScreenSnap Chrome extension captures screenshots of webpages and provides a built-in editor for annotations, blur, and OCR. All screenshot capture, editing, and text extraction runs entirely in your browser. No screenshots, images, or text are sent to any server. Extension settings are stored only in chrome.storage.local on your device. The extension contains links to oneclickpdf.net but does not transmit any data to our servers.

California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, the CCPA) gives you specific rights about personal information businesses collect about you. As of the CCPA's 1 January 2026 amendments, those rights and our obligations have expanded; the section below reflects the current rules.

We do not sell or share personal information

OneClickPDF does not sell personal information, and we do not "share" personal information as that term is defined under the CCPA (i.e., for cross-context behavioural advertising). We use no advertising cookies, no cross-site tracking, and we do not transfer personal information to advertising networks or data brokers.

Your CCPA rights

• Right to know — what personal information we have collected about you over the past 12 months (or for periods extending back to 1 January 2022 where we retain such records).
• Right to delete — to request deletion of personal information we collected from you.
• Right to correct — to request correction of inaccurate personal information.
• Right to opt out of sale or sharing — already satisfied by default: we do not sell or share personal information.
• Right to limit use of sensitive personal information — we do not use sensitive personal information beyond what is necessary to provide the requested service.
• Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA rights.

How to exercise your rights

To make a CCPA request, contact us at privacy@oneclickpdf.net. We will verify your request by asking you to provide enough information for us to identify you (typically minimal because we do not require accounts) and respond within 45 days, extendable by a further 45 days where reasonably necessary. Because we do not sell or share personal information, no specific opt-out flow is required — there is nothing to opt out of.

Children's privacy

OneClickPDF is a general-purpose productivity tool, not directed at children. Different jurisdictions set different ages at which a child can consent to data processing for online services:

• United Kingdom: the age at which a child can consent to information society services under UK GDPR is 13.
• European Economic Area: the threshold varies by member state — between 13 and 16. We treat 16 as the conservative threshold for EEA users.
• United States: the Children's Online Privacy Protection Act (COPPA) applies to children under 13.

We do not knowingly collect personal information from children under 13. In the EEA, we expect users below the local consent threshold (between 13 and 16, depending on the member state) to have parental or guardian consent before using our service.

If you are a parent or guardian and believe a child has provided personal information to us, contact us at privacy@oneclickpdf.net and we will delete the information promptly. Because the vast majority of our tools process files entirely in the browser, the volume of personal information we could even possess about any user, including a child, is very small.

Security

We use appropriate technical and organisational measures to protect personal data, including:

• Transport encryption — all communication with the site uses TLS 1.2 or higher (HTTPS only; the site rejects insecure HTTP connections).
• Browser-side processing — most file processing never reaches our infrastructure, eliminating the largest class of risk by design.
• Minimised infrastructure — the only server-side processing involves short-lived session data (10 minutes for mobile transfer features, 24 hours for payment verification tokens), automatically deleted by TTL expiry.
• Direct-to-Stripe payment flow — card data never touches our servers.
• Vendor due diligence — we have Data Processing Agreements in place with all processors listed above and review their security posture periodically.
• Access controls on infrastructure — admin access to Vercel, Upstash, Fly.io, and Stripe dashboards is restricted to a small number of authorised personnel using strong authentication.

No security measure is perfect. If you have a security concern or believe you have identified a vulnerability, please contact us at privacy@oneclickpdf.net so we can investigate and address it.

Server access logs

Our hosting provider (Vercel) maintains standard server access logs that record the IP address, page URL, timestamp, and basic browser metadata of each HTTP request. These logs exist for security, abuse prevention, and operational debugging. They are retained for approximately 30 days (per Vercel's default) and are not used for marketing, profiling, or analytics. The lawful basis for this processing is legitimate interests (Article 6(1)(f)) — the legitimate interest being the security and reliability of the service, balanced against your privacy by short retention and the absence of any cross-referencing with file content.

Changes to this policy

We may update this policy from time to time to reflect changes in our service, our use of third parties, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where the change is significant, prominently highlight the update on the site for a reasonable period after publication. Continued use of the service after a policy update constitutes acknowledgement of the updated policy. For material changes affecting the legal basis or scope of processing, we will, where required, seek fresh consent.

Version history