Skip to content

Privacy Policy

Last updated: April 9, 2026

pdfs.build (“we”, “us”) provides a web application and APIs for designing and generating documents. This policy describes how we handle personal information when you visit pdfs.build, use our hosted product, or contact us.

Who we are

The service is operated by Brilliminds FZC, a company registered in Sharjah, United Arab Emirates. Brilliminds FZC is the data controller for your personal information. For privacy-related requests, contact [email protected].

What we collect

Depending on how you use the product, we may process:

  • Account data — such as email address, name, and credentials you provide when you register or sign in (including through identity providers you choose).
  • Usage and technical data — such as IP address, device and browser type, approximate location derived from IP, pages viewed, and diagnostic logs needed to operate and secure the service.
  • Content you submit — such as templates, JSON schemas, sample data, prompts you send to the AI assistant, and generated outputs. We use this strictly to provide the service you request.
  • Billing data — if you purchase a paid plan, our Merchant of Record, Paddle, collects and processes payment details on our behalf. We receive limited billing metadata (such as subscription status, country, and transaction IDs) but never full card numbers.

How we use information

We use personal information to:

  • Provide, maintain, and improve the product;
  • Authenticate users, prevent fraud and abuse, and enforce our terms;
  • Communicate with you about the service, security, and (where permitted) product updates;
  • Comply with law and respond to lawful requests.

Where we rely on AI or subprocessors to deliver features (for example, model providers), we contractually limit use of your data to providing those features unless you agree otherwise.

Legal basis for processing (GDPR)

If you are in the European Union or European Economic Area, we process your personal data on the following legal bases:

  • Contract performance — processing necessary to provide the Service you signed up for (e.g., account data, content you submit).
  • Legitimate interests — security, fraud prevention, and service improvement, balanced against your rights and freedoms.
  • Consent — where you have opted in, such as for optional analytics or marketing communications. You may withdraw consent at any time.
  • Legal obligation — tax records, compliance, and responses to lawful requests.

Retention

We retain information only as long as needed for the purposes above, including legal, accounting, or reporting requirements. You may request deletion of your account subject to applicable law and legitimate business needs (such as billing records).

Sharing

We do not sell your personal information. We share data with vendors who help us run the service under confidentiality and data-processing agreements, and when required by law.

Data subprocessors

Key third parties that may process your data on our behalf include:

  • Paddle (Merchant of Record / payments) — Ireland & United States
  • Cloud hosting provider — for application infrastructure and data storage
  • AI model providers — to power the chat-based template assistant

A complete list of subprocessors is available on request by emailing [email protected].

International transfers & EU data

As a UAE-based company, your data may be processed outside the European Economic Area. Where personal data of EU/EEA users is transferred to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent safeguards, to protect your data. Our subprocessors maintain appropriate data protection agreements. You may request a copy of the applicable SCCs by contacting [email protected].

Cookies

We use cookies and similar technologies in the following categories:

  • Essential cookies — required for authentication, session management, and security. These cannot be disabled.
  • Analytics cookies — help us understand how the service is used so we can improve it. These are optional and can be managed through your browser settings.

You can control cookies through your browser settings. Disabling essential cookies may prevent parts of the Service from functioning correctly.

Your rights

Depending on where you live, you may have rights regarding your personal data. For users in the EU/EEA, these include:

  • Right of access (GDPR Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure / "right to be forgotten" (Art. 17)
  • Right to restrict processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object to processing (Art. 21)
  • Right to withdraw consent at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact [email protected]. We will respond to verified requests within 30 days. You also have the right to lodge a complaint with a supervisory authority in your EU/EEA member state.

Children

The service is not directed to individuals under 18, and we do not knowingly collect personal information from minors.

Changes

We may update this policy from time to time. We will post the revised version on this page and update the “Last updated” date.

This page is provided for transparency. It is not legal advice. For enterprise terms or a signed DPA, contact [email protected].