LootReader respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our PDF editing service.
1. Data Controller and Contact
LootReader is the data controller responsible for your personal information. If you have any questions about this policy or our data practices, please contact us at:
2. Information We Collect
We collect several types of information to provide and improve our service:
- Account Data: When you register, we collect your name, email address, and optional phone number. We also store encrypted authentication credentials.
- Document Content: PDF files and other documents you upload for editing are temporarily stored on our secure servers. We do not access or analyze document contents except to perform the operations you request (editing, merging, splitting, annotating, optimizing).
- Usage Data: We automatically collect information about your interactions with our platform, including features used, processing times, file sizes, and error reports. This helps us improve performance and reliability.
- Technical Data: IP address, device type, browser version, operating system, and approximate geographic location (city level) are collected for security and analytics.
- Communication Data: If you contact our support team, we retain your messages and any information you provide to resolve your inquiry.
3. How We Use Your Information
We use your personal data for the following legitimate purposes:
- To provide, operate, and maintain our PDF editing service
- To process and execute document modifications you initiate
- To improve, personalize, and optimize our platform based on usage patterns
- To respond to customer support requests and technical issues
- To detect, prevent, and address security vulnerabilities or fraudulent activity
- To comply with legal obligations and enforce our Terms of Use
- To send service-related notifications (maintenance, updates, security alerts)
4. Legal Basis for Processing (GDPR Compliance)
For users in the European Economic Area, we process your personal data based on the following legal grounds:
- Contractual necessity: Processing is required to deliver the service you requested.
- Legitimate interests: Improving our service, preventing fraud, and ensuring security.
- Legal obligations: Compliance with tax, anti-fraud, and data retention laws.
- Consent: For optional communications, you may withdraw consent at any time.
5. Data Retention
We retain your personal data only as long as necessary for the purposes described in this policy:
- Document files: Temporarily stored during active editing sessions. Files are automatically deleted within 24 hours after your last interaction. You are responsible for downloading or saving edited documents.
- Account data: Retained while your account is active. After account deletion, we anonymize or delete personal data within 30 days, except where legal retention periods apply.
- Usage logs: Aggregated technical data is kept for up to 12 months for security analysis.
- Support tickets: Retained for 24 months to track resolution quality.
6. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:
- Service providers: Trusted third parties that help us operate our infrastructure (cloud hosting, database management, email delivery). These parties are bound by strict confidentiality agreements and cannot use your data for any other purpose.
- Legal requirements: If required by law, court order, or governmental regulation, we may disclose information to comply with legal processes.
- Business transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred to the new owner, with continued protection under this policy.
- Protection of rights: When necessary to enforce our Terms of Use or protect the safety, property, or rights of LootReader or our users.
7. International Data Transfers
LootReader operates from Germany, and your data may be processed on servers located within the European Union. For necessary third-party services, we ensure appropriate safeguards such as Standard Contractual Clauses or adequacy decisions. We do not transfer data to unsafe jurisdictions.
8. Data Security
We implement robust security measures to protect your data:
- TLS 1.3 encryption for all data transmitted between your device and our servers
- AES-256 encryption for stored document files
- Regular security audits and penetration testing
- Access controls limiting employee access to personal data
- Automated file purging after processing completion
Despite our efforts, no internet transmission is completely secure. You are responsible for maintaining the security of your account credentials.
9. Your Rights (GDPR and Other Jurisdictions)
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Correct inaccurate or incomplete information.
- Erasure: Request deletion of your data when it is no longer necessary.
- Restriction: Limit how we process your data under certain conditions.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: For processing based solely on consent.
To exercise these rights, contact us at contact@lootreader.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
10. Children's Privacy
Our service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately, and we will delete such data.
11. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revised "Last updated" date. Significant changes will be notified via email or an in-service notification.
