Privacy Policy — EditPDF
Effective date: 10 July 2026 · Last updated: 10 July 2026
EditPDF ("the App") is developed and operated by KiroLabs. Email: labskiro@gmail.com
This Privacy Policy explains what data we process, why, and what rights you have. We designed EditPDF to be offline-first: reading, annotating, signing, and organizing PDFs happens entirely on your device.
1. Summary
- The free reader and its tools work completely offline. Your documents are not uploaded.
- Your PDF files, signatures, and form data are stored locally on your device.
- A file is only transmitted to our servers when you actively use an online feature (e.g., AI background removal). Such files are automatically deleted from our servers within 24 hours.
- We do not sell your data and we do not show third-party advertising.
2. Data We Process
2.1 Documents and content (on-device)
Your PDF files, annotations, filled form data, and saved signatures are processed and stored locally on your device. We have no access to them. Saved signatures are stored in encrypted storage on your device.
2.2 Documents you send to online features
When you actively use an online feature (currently: AI background removal for images), the relevant file or image is transmitted to our servers over an encrypted connection (TLS), processed, returned to you, and permanently deleted from our servers within 24 hours. We do not use your documents to train AI models. We do not view, analyze, or share their content.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
2.3 Account data
Creating an account is optional and only required for premium features. When you register, we process your email address, authentication credentials (password hash), or your Google account identifier if you use Google Sign-In, plus your account creation date. Authentication is provided by Firebase Authentication (Google Ireland Ltd.).
Legal basis: Art. 6(1)(b) GDPR.
2.4 Crash reports and diagnostics
To keep the App stable, we use Firebase Crashlytics. If the App crashes, we receive a crash log containing: device model, operating system version, App version, and the technical state of the App at the time of the crash. Crash logs do not contain your documents.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing a stable product).
2.5 Usage analytics
We collect limited, pseudonymized usage events (e.g., which feature was opened) via Firebase Analytics to understand which features matter and to improve the App. Analytics events never include document content or file names.
Legal basis: Art. 6(1)(f) GDPR. You can object at any time (see Section 7).
2.6 Cloud storage integrations (optional)
If you connect Google Drive, OneDrive, or Dropbox, the App accesses your files there only on your instruction (open/save). Authentication tokens are stored securely on your device. You can disconnect a provider at any time in the App settings, which deletes the stored token. Your use of these services is additionally governed by their own privacy policies.
Legal basis: Art. 6(1)(b) GDPR.
2.7 App lock
If you enable the app lock, biometric verification (fingerprint) is performed entirely by the Android operating system on your device. We never receive or store biometric data.
3. What We Do NOT Do
- We do not sell or rent personal data.
- We do not show third-party advertising or use advertising trackers.
- We do not read, analyze, or profile the content of your documents.
- We do not use your documents to train AI models.
4. Recipients and Processors
We use the following processors under data processing agreements pursuant to Art. 28 GDPR:
| Provider | Purpose | Location |
|---|---|---|
| Google Ireland Ltd. (Firebase: Auth, Crashlytics, Analytics) | Authentication, stability, analytics | EU / USA* |
*Transfers to the USA are safeguarded by the EU–U.S. Data Privacy Framework and/or EU Standard Contractual Clauses (Art. 46 GDPR).
5. Retention
- Documents sent to online features: deleted within 24 hours of processing.
- Account data: retained until you delete your account.
- Crash and analytics data: retained for a maximum of 12 months.
6. Account Deletion
You can delete your account directly in the App (Settings → Account → Delete Account) or by emailing labskiro@gmail.com. Deletion removes your account data from our systems. Locally stored files remain on your device and under your control.
7. Your Rights (GDPR)
You have the right to access your personal data (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), object to processing based on legitimate interest (Art. 21), and withdraw consent at any time where processing is based on consent (Art. 7(3)). You may also lodge a complaint with a supervisory authority. Competent for us: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Ansbach, Germany. You may also contact the authority of your habitual residence.
To exercise your rights, contact labskiro@gmail.com.
8. Children
The App is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
9. Security
We use TLS encryption for all network transfers, encrypted local storage for sensitive data (signatures, credentials), and AES-256 encryption for the PDF password-protection feature. Passwords you set on your PDF documents are never transmitted to us or logged.
10. Permissions Used by the App
- Storage / file access (via system file picker): to open and save your PDF files. The App only accesses files you explicitly select.
- Biometric: only if you enable app lock; handled by the operating system.
- Internet: only for your account and the online features described above.
11. Changes to This Policy
We may update this policy when the App or legal requirements change. The current version is always available at https://kirolabs.io/editpdf/privacy and within the App. Material changes will be announced in the App.
12. Contact
KiroLabs
Email: labskiro@gmail.com
© 2026 KiroLabs. This document is provided for transparency and does not constitute legal advice.