Your personal data: where, how, how long

iFillPDF is published by BRK SAS (France) with a GDPR-native approach. Here's how your data is processed.

Hosting

Database + PDF files: Supabase Frankfurt region (Germany, EU).

CDN: Cloudflare (US) with EU PoPs for latency β€” data transits only, not stored.

Sub-processors

Stripe (payments, Ireland), Resend (emails, US, Data Privacy Framework), AWS Textract (OCR, eu-central-1), Google Gemini (AI, US, DPF), Plausible (analytics, Estonia).

Full list + DPAs in the privacy policy.

Your GDPR rights

Right of access, rectification, erasure ("right to be forgotten"), portability in JSON exportable format, objection to processing, restriction. See GDPR Articles 15–22 (EU Regulation 2016/679).

Request to contact@ifillpdf.com, response within 1 month max (extendable to 2 months for complex requests, GDPR Art. 12.3). No ID required unless reasonable doubt.

Complaint possible to your country's supervisory authority (CNIL in France, ICO in the UK, AEPD in Spain, ANPD in Brazil) or to the EDPB (edpb.europa.eu).

Full policy and exercising rights

The iFillPDF privacy policy details the exhaustive list of sub-processors, retention durations by data type, transfers outside the EU, and the legal bases (GDPR Article 6) for each processing activity.

You can also export or delete your data autonomously from Settings > Account > "Export my data" or "Delete my account" β€” no support ticket needed.

Related articles
Doesn't this article answer your question? Contact support
GDPR personal data β€” iFillPDF Help