Trust

Data Processing and Subprocessors

See the provider categories that may support hosting, AI, OCR, authentication, billing, analytics, and cloud integrations.

Last updated July 7, 2026

Trust Center

This page explains how EditMyPDF uses third-party providers to operate the service. It is a transparency page for users, customers, and reviewers who want to understand what provider families may be involved when files, prompts, accounts, payments, or analytics are processed.

This page summarizes our current public approach. It does not replace the Privacy Policy, Terms of Service, Data Processing Agreement, enterprise agreement, or provider-specific terms that may apply to a particular customer relationship.

Who operates EditMyPDF?

EditMyPDF is operated by:

DATASQUEEZE SASU, societe par actions simplifiee unipersonnelle 994 883 916 R.C.S. Paris 50 AVENUE DES CHAMPS ELYSEES 75008 PARIS, France

General contact: contact@editmypdf.ai Privacy contact: contact@editmypdf.ai Data Protection Officer: dpo@editmypdf.ai

What data may be processed?

Depending on the feature, EditMyPDF may process:

  • account and authentication data;
  • session and technical identifiers;
  • uploaded PDFs and images;
  • conversion source files, such as Word, Excel, PowerPoint, HTML, TXT, CSV, and image files;
  • files imported from Google Drive or Dropbox when you choose those integrations;
  • prompts and editing instructions;
  • OCR text, extracted text, selected snippets, rendered page images, previews, or focused document context;
  • generated outputs and downloadable artifacts;
  • run identifiers, job states, errors, timestamps, and routing information;
  • subscription, invoice, checkout, and billing metadata;
  • technical logs, security signals, and anti-abuse data;
  • optional analytics, advertising, and attribution data where the required consent has been obtained.

Why providers are used

EditMyPDF uses third-party providers for practical product functions, including:

  • hosting the application;
  • storing temporary files and outputs during processing;
  • authentication and sign-in;
  • payment processing and subscriptions;
  • AI-assisted planning, rewriting, vision, translation, and document editing routes;
  • OCR and vision enrichment;
  • fraud prevention and trial limitation;
  • analytics and product measurement where consent applies;
  • advertising measurement where consent applies;
  • Google Drive and Dropbox import/export when selected by the user;
  • support, legal compliance, audits, insurance, and professional advice.

Subprocessor and recipient matrix

Provider or service familyMain use in EditMyPDFMain categories of data involvedPublic role assumption
AWSApplication hosting, storage, queues, logs, and infrastructure operationsAccount data, run metadata, uploaded files, outputs, technical logs, billing metadataProcessor / subprocessor for hosting and infrastructure services operated by EditMyPDF
Auth0Authentication, session continuity, identity, and sign-in protectionAccount identifiers, session/authentication data, minimal profile claimsIdentity service provider under its contractual terms; role may vary by context
StripeCheckout, subscription lifecycle, billing portal, invoicing, and payment-related statusCustomer, checkout, subscription, invoice, product, price, billing status, limited risk/attribution fieldsRole may vary depending on payment and regulatory context
OpenAIPlanning, rewriting, multimodal context, and certain file-assisted document-processing routesPrompts, extracted text, OCR snippets, page images, selected context, certain temporary file referencesProcessor / subprocessor for document-processing API routes triggered on the user's behalf
AnthropicFallback or alternative planning, multimodal interpretation, and certain vision-based detection routesPrompts, extracted text, OCR snippets, page images, focused document contextProcessor / subprocessor for document-processing API routes triggered on the user's behalf
xAICertain image redraw and image-edit routesPrompts, selected crops, masks, reference images, focused visual contextProcessor / subprocessor for document-processing API routes triggered on the user's behalf
Google Cloud Vision / OCROCR enrichment and certain object or logo detection routes where enabledRendered page images, OCR/vision request payloads, focused document visualsProcessor / subprocessor for OCR or vision request-response routes where enabled
Fingerprint ProDevice intelligence, trial protection, anti-abuse, and fraud preventionDevice, browser, network, visitor, request, and enforcement metadataProcessor / subprocessor for anti-abuse and fraud-prevention services
Google Analytics / Google Tag ManagerConsent-gated analytics, measurement, and tag managementAnalytics events, browser identifiers, attribution or conversion metadata where relevantAnalytics / measurement recipient; role may vary by configuration and terms
Microsoft ClarityConsent-gated behavioral analytics and session insightsBehavioral analytics events, browser/session interaction signals, measurement metadataAnalytics recipient; role may vary by configuration and terms
MetaConsent-gated advertising attribution and conversion measurementConversion events, advertising identifiers, browser/server-side attribution metadataAdvertising / measurement recipient; role may vary by configuration and terms
TikTokConsent-gated advertising attribution and conversion measurementConversion events, advertising identifiers, click IDs, browser/server-side attribution metadataAdvertising / measurement recipient; role may vary by configuration and terms
Google Drive / DropboxUser-requested cloud import and exportSelected file metadata, OAuth/session context, imported or exported files chosen by the userCloud file-transfer recipients; role may vary by integration flow
Professional advisers, auditors, insurers, and competent authoritiesLegal compliance, defense of rights, audits, insurance, lawful disclosureData relevant to the concrete matter concernedRole depends on the specific legal or professional context

AI and document-processing providers

AI-assisted and OCR-based features may require sending selected document context to third-party providers. Depending on the route, this may include:

  • prompts and user instructions;
  • extracted text;
  • OCR text;
  • selected snippets;
  • rendered page images;
  • previews;
  • selected crops or masks;
  • temporary file references;
  • generated output returned by the provider.

EditMyPDF aims to send only the data needed to perform the selected feature. Different features may use different provider routes.

Cloud import and export

If you choose to import from or export to Google Drive or Dropbox, the relevant cloud provider receives the data needed to complete that user-selected transfer.

For the current Google Drive browser integration, EditMyPDF uses Google Identity Services and Google Picker in a user-initiated popup flow and uses the drive.file OAuth scope for import/export. The current implementation does not intentionally store a Google Drive refresh token in EditMyPDF systems. The access token is kept only in transient browser memory for the current page runtime.

Analytics and advertising consent

Strictly necessary technologies remain active because they support core product and security functions. Optional analytics and advertising technologies are intended to remain off by default unless and until the required consent is collected.

Optional analytics or advertising providers may include Google Analytics, Google Tag Manager, Microsoft Clarity, Meta, and TikTok, depending on your consent choices and the configuration in effect.

You can manage cookie and tracking preferences through the cookie preferences page or consent controls made available on the site.

International transfers

Some providers may process personal data outside your country of residence or outside the European Economic Area, United Kingdom, or Switzerland.

Our current public assumptions include:

  • primary application hosting and storage on AWS Paris (eu-west-3);
  • Auth0 account and authentication processing that may involve the United States;
  • Stripe payment and billing processing that may involve the EEA, United States, or other Stripe locations;
  • AI and OCR providers that may process data outside the EEA/UK/Switzerland depending on the provider, endpoint, and service configuration;
  • analytics, advertising, and cloud import/export providers whose processing locations may vary by feature, consent state, browser flow, and provider infrastructure.

Where required by law, EditMyPDF seeks to rely on appropriate transfer mechanisms such as adequacy decisions, standard contractual clauses, UK addenda, data processing terms, or another legally recognized safeguard made available under the provider's terms.

Data Processing Agreement requests

Business or enterprise customers that need a Data Processing Agreement, security addendum, transfer documentation, or subprocessor review can contact:

contact@editmypdf.ai

Please include your company name, intended use case, expected document types, expected regions, and any required procurement or security documentation.

Updates to this page

The provider list may change as EditMyPDF adds, removes, replaces, or reconfigures features. We may update this page when provider relationships, processing locations, service routes, or public assumptions change.

FAQ

Does every document go to every provider?

No. The provider route depends on the feature you use. For example, a billing provider is involved in checkout, while an OCR or AI provider may be involved only when a document-processing feature requires it.

Are analytics and advertising tools always active?

Strictly necessary technologies remain active for core operation and security. Optional analytics and advertising tools are intended to remain off by default unless the required consent has been obtained.

Can business customers request a DPA?

Yes. Business customers that require a Data Processing Agreement or related security documentation can contact EditMyPDF.

Is this page the full legal agreement?

No. This page is a practical transparency summary. The Privacy Policy, Terms of Service, any DPA, and any signed customer agreement control where applicable.

Data Processing and Subprocessors | EditMyPDF