This page explains how EditMyPDF uses third-party providers to operate the service. It is a transparency page for users, customers, and reviewers who want to understand what provider families may be involved when files, prompts, accounts, payments, or analytics are processed.
This page summarizes our current public approach. It does not replace the Privacy Policy, Terms of Service, Data Processing Agreement, enterprise agreement, or provider-specific terms that may apply to a particular customer relationship.
Who operates EditMyPDF?
EditMyPDF is operated by:
DATASQUEEZE SASU, societe par actions simplifiee unipersonnelle 994 883 916 R.C.S. Paris 50 AVENUE DES CHAMPS ELYSEES 75008 PARIS, France
General contact: contact@editmypdf.ai Privacy contact: contact@editmypdf.ai Data Protection Officer: dpo@editmypdf.ai
What data may be processed?
Depending on the feature, EditMyPDF may process:
- account and authentication data;
- session and technical identifiers;
- uploaded PDFs and images;
- conversion source files, such as Word, Excel, PowerPoint, HTML, TXT, CSV, and image files;
- files imported from Google Drive or Dropbox when you choose those integrations;
- prompts and editing instructions;
- OCR text, extracted text, selected snippets, rendered page images, previews, or focused document context;
- generated outputs and downloadable artifacts;
- run identifiers, job states, errors, timestamps, and routing information;
- subscription, invoice, checkout, and billing metadata;
- technical logs, security signals, and anti-abuse data;
- optional analytics, advertising, and attribution data where the required consent has been obtained.
Why providers are used
EditMyPDF uses third-party providers for practical product functions, including:
- hosting the application;
- storing temporary files and outputs during processing;
- authentication and sign-in;
- payment processing and subscriptions;
- AI-assisted planning, rewriting, vision, translation, and document editing routes;
- OCR and vision enrichment;
- fraud prevention and trial limitation;
- analytics and product measurement where consent applies;
- advertising measurement where consent applies;
- Google Drive and Dropbox import/export when selected by the user;
- support, legal compliance, audits, insurance, and professional advice.
Subprocessor and recipient matrix
| Provider or service family | Main use in EditMyPDF | Main categories of data involved | Public role assumption |
|---|---|---|---|
| AWS | Application hosting, storage, queues, logs, and infrastructure operations | Account data, run metadata, uploaded files, outputs, technical logs, billing metadata | Processor / subprocessor for hosting and infrastructure services operated by EditMyPDF |
| Auth0 | Authentication, session continuity, identity, and sign-in protection | Account identifiers, session/authentication data, minimal profile claims | Identity service provider under its contractual terms; role may vary by context |
| Stripe | Checkout, subscription lifecycle, billing portal, invoicing, and payment-related status | Customer, checkout, subscription, invoice, product, price, billing status, limited risk/attribution fields | Role may vary depending on payment and regulatory context |
| OpenAI | Planning, rewriting, multimodal context, and certain file-assisted document-processing routes | Prompts, extracted text, OCR snippets, page images, selected context, certain temporary file references | Processor / subprocessor for document-processing API routes triggered on the user's behalf |
| Anthropic | Fallback or alternative planning, multimodal interpretation, and certain vision-based detection routes | Prompts, extracted text, OCR snippets, page images, focused document context | Processor / subprocessor for document-processing API routes triggered on the user's behalf |
| xAI | Certain image redraw and image-edit routes | Prompts, selected crops, masks, reference images, focused visual context | Processor / subprocessor for document-processing API routes triggered on the user's behalf |
| Google Cloud Vision / OCR | OCR enrichment and certain object or logo detection routes where enabled | Rendered page images, OCR/vision request payloads, focused document visuals | Processor / subprocessor for OCR or vision request-response routes where enabled |
| Fingerprint Pro | Device intelligence, trial protection, anti-abuse, and fraud prevention | Device, browser, network, visitor, request, and enforcement metadata | Processor / subprocessor for anti-abuse and fraud-prevention services |
| Google Analytics / Google Tag Manager | Consent-gated analytics, measurement, and tag management | Analytics events, browser identifiers, attribution or conversion metadata where relevant | Analytics / measurement recipient; role may vary by configuration and terms |
| Microsoft Clarity | Consent-gated behavioral analytics and session insights | Behavioral analytics events, browser/session interaction signals, measurement metadata | Analytics recipient; role may vary by configuration and terms |
| Meta | Consent-gated advertising attribution and conversion measurement | Conversion events, advertising identifiers, browser/server-side attribution metadata | Advertising / measurement recipient; role may vary by configuration and terms |
| TikTok | Consent-gated advertising attribution and conversion measurement | Conversion events, advertising identifiers, click IDs, browser/server-side attribution metadata | Advertising / measurement recipient; role may vary by configuration and terms |
| Google Drive / Dropbox | User-requested cloud import and export | Selected file metadata, OAuth/session context, imported or exported files chosen by the user | Cloud file-transfer recipients; role may vary by integration flow |
| Professional advisers, auditors, insurers, and competent authorities | Legal compliance, defense of rights, audits, insurance, lawful disclosure | Data relevant to the concrete matter concerned | Role depends on the specific legal or professional context |
AI and document-processing providers
AI-assisted and OCR-based features may require sending selected document context to third-party providers. Depending on the route, this may include:
- prompts and user instructions;
- extracted text;
- OCR text;
- selected snippets;
- rendered page images;
- previews;
- selected crops or masks;
- temporary file references;
- generated output returned by the provider.
EditMyPDF aims to send only the data needed to perform the selected feature. Different features may use different provider routes.
Cloud import and export
If you choose to import from or export to Google Drive or Dropbox, the relevant cloud provider receives the data needed to complete that user-selected transfer.
For the current Google Drive browser integration, EditMyPDF uses Google Identity Services and Google Picker in a user-initiated popup flow and uses the drive.file OAuth scope for import/export. The current implementation does not intentionally store a Google Drive refresh token in EditMyPDF systems. The access token is kept only in transient browser memory for the current page runtime.
Analytics and advertising consent
Strictly necessary technologies remain active because they support core product and security functions. Optional analytics and advertising technologies are intended to remain off by default unless and until the required consent is collected.
Optional analytics or advertising providers may include Google Analytics, Google Tag Manager, Microsoft Clarity, Meta, and TikTok, depending on your consent choices and the configuration in effect.
You can manage cookie and tracking preferences through the cookie preferences page or consent controls made available on the site.
International transfers
Some providers may process personal data outside your country of residence or outside the European Economic Area, United Kingdom, or Switzerland.
Our current public assumptions include:
- primary application hosting and storage on AWS Paris (
eu-west-3); - Auth0 account and authentication processing that may involve the United States;
- Stripe payment and billing processing that may involve the EEA, United States, or other Stripe locations;
- AI and OCR providers that may process data outside the EEA/UK/Switzerland depending on the provider, endpoint, and service configuration;
- analytics, advertising, and cloud import/export providers whose processing locations may vary by feature, consent state, browser flow, and provider infrastructure.
Where required by law, EditMyPDF seeks to rely on appropriate transfer mechanisms such as adequacy decisions, standard contractual clauses, UK addenda, data processing terms, or another legally recognized safeguard made available under the provider's terms.
Data Processing Agreement requests
Business or enterprise customers that need a Data Processing Agreement, security addendum, transfer documentation, or subprocessor review can contact:
Please include your company name, intended use case, expected document types, expected regions, and any required procurement or security documentation.
Updates to this page
The provider list may change as EditMyPDF adds, removes, replaces, or reconfigures features. We may update this page when provider relationships, processing locations, service routes, or public assumptions change.
FAQ
Does every document go to every provider?
No. The provider route depends on the feature you use. For example, a billing provider is involved in checkout, while an OCR or AI provider may be involved only when a document-processing feature requires it.
Are analytics and advertising tools always active?
Strictly necessary technologies remain active for core operation and security. Optional analytics and advertising tools are intended to remain off by default unless the required consent has been obtained.
Can business customers request a DPA?
Yes. Business customers that require a Data Processing Agreement or related security documentation can contact EditMyPDF.
Is this page the full legal agreement?
No. This page is a practical transparency summary. The Privacy Policy, Terms of Service, any DPA, and any signed customer agreement control where applicable.