Data Processing Agreement
Last Updated: 19/02/2026
This Data Processing Agreement (“DPA”) forms part of the Terms and Conditions and applies automatically when you create an account or use PDFBridge.
1. Roles of the Parties
Where PDFBridge processes personal data on behalf of a customer in connection with uploaded documents or generated outputs:
- The customer acts as the Data Controller
- PDFBridge (operated by TechhSpyder) acts as the Data Processor
2. Scope of Processing
PDFBridge processes personal data solely for the purpose of providing the Service, including:
- Generating, transforming, and delivering PDF documents
- Temporary storage required for processing
- Service operation, security, and reliability
- Zero-Retention Processing (Ghost Mode): Where requested by the customer, personal data in generated outputs is processed without persistent storage, ensuring immediate deletion post-delivery.
3. Customer Obligations
Customers confirm that they have the necessary rights and lawful basis to upload and process any personal data using the Service.
4. PDFBridge Obligations
- Process personal data only on documented customer instructions
- Ensure confidentiality of personnel with access to data
- Implement appropriate technical and organizational security measures
- Not access, use, or disclose customer content except as required to provide the Service
5. Sub-processors
PDFBridge uses trusted sub-processors to deliver the Service, including infrastructure, storage, and payment providers.
- Cloudflare (CDN, storage, security)
- Neon (database hosting)
- Render (application hosting)
- Redis (caching and queues)
- Paystack and Paddle (payment processing)
- Google (Intelligent PDF analysis)
Sub-processors are subject to contractual obligations consistent with this DPA.
6. Data Subject Rights
PDFBridge will reasonably assist customers in responding to requests from data subjects where required under applicable data protection laws.
7. Security & Data Breaches
PDFBridge implements reasonable safeguards to protect personal data and will notify customers without undue delay in the event of a personal data breach affecting customer data.
8. Data Deletion
Upon termination of the Service or at the customer’s request, PDFBridge will delete or return personal data in accordance with its retention practices and applicable laws.
9. International Transfers
Where personal data is transferred outside the customer’s jurisdiction, appropriate safeguards are applied in accordance with applicable data protection laws.
This DPA should be read together with our Terms and Conditions and Privacy Policy.