Privacy Policy
Your privacy matters to us. Learn how we protect your data.
Last updated: May 8, 2026
In Brief
Introduction
This Privacy Policy describes how Kovetz PDF ("the Service", "we", "our") collects, uses, and protects information when you use our website and the services we offer.
This policy applies to all users of the Service, whether visitors, registered users, or paying subscribers. Use of the Service constitutes acceptance of this Privacy Policy.
This policy is drafted in accordance with the Israeli Privacy Protection Law, 5741-1981, and relevant regulations. As our servers are located in the European Union (Germany), we also fully comply with the EU General Data Protection Regulation (GDPR) for users from the European Union.
Data Controller
The data controller for information collected through the Service is the operator of Kovetz PDF. For privacy inquiries, please contact us through our contact page.
Information We Collect
Information we collect:
PDF files and documents you upload. These are stored temporarily on our servers solely for performing the requested operation, and are automatically deleted.
IP address (partially anonymized), browser type, operating system, entry pages, and visit duration - via Google Analytics.
Essential cookies for site operation and analytical cookies for service improvement.
Email address, password (stored hashed), display name, and usage preferences - only if you register. If you enable two-factor authentication (MFA), an encrypted TOTP secret is stored.
Your name, email address, and message are retained up to 90 days for response purposes, then deleted.
Information we do NOT collect:
- ✕ Your file contents - we process files automatically only to perform the requested operation. We do not store, analyze, or share document contents for any other purpose
- ✕ Personal identifying information (from non-registered users) - name, address, phone number, ID
- ✕ Financial information - credit card details are stored and managed solely by our payment provider
- ✕ Browsing history outside our website
- ✕ Precise location, biometric data, or other sensitive information
How We Use Information
We use collected information solely for the following purposes:
Processing your uploaded files and performing requested operations
Analyzing anonymous usage data to improve performance and user experience
Protection against abuse, cyberattacks, and suspicious activity
Responding to inquiries and sending essential service updates (registered users)
Legal basis: File processing is based on your consent (uploading the file). Anonymous usage data is processed based on our legitimate interest in improving the service.
Data Retention and Deletion
Automatic Deletion Policy
All your files are automatically deleted from our servers within 10 minutes of upload.
Automatically deleted within 10 minutes of upload
Automatically deleted within 10 minutes of creation, or immediately after download
Deleted immediately after processing is complete
Retained up to 30 days for security, monitoring, and technical support
Retained as long as the account is active. Deletion can be requested at any time via our contact page
Retained up to 90 days for response and record-keeping
Note: We do not guarantee exact deletion times, but make reasonable efforts to ensure prompt deletion. In any case, files will not be retained beyond 10 minutes.
Data Security
We implement reasonable security measures to protect your data:
All communication encrypted via HTTPS
Firewalls and advanced protection systems
Only authorized personnel can access servers
Systems and libraries updated regularly
Important: Despite our efforts, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, and you upload files to the Service at your own risk.
Third-Party Sharing
We do not sell, trade, or rent your personal information to third parties.
Parties that may receive limited data access:
- 1.Hetzner (hosting and processing): European servers (Germany) - infrastructure provider only, no access to your file contents.
- 2.Supabase (account management and user database): GDPR-compliant managed service for account data - email, hashed password, MFA secrets, and preferences. EU servers. Subject to Supabase's Privacy Policy.
- 3.Grow (payment processor): Israeli payment provider. Credit card data is stored and managed solely by Grow. We receive only payment confirmation, no card details.
- 4.Google Analytics: Anonymous usage data (anonymized IP) for traffic analysis. Subject to Google's Privacy Policy.
- 5.Google AdSense (free users only): Displays advertisements. AdSense cookies may collect data on your preferences for ad personalization. Pro users see no advertisements. Subject to Google's policies.
- 6.Sentry (error monitoring): Receives technical information (stack trace, browser type, user ID if registered) for diagnosing issues. No file contents. EU servers.
- 7.Cloudflare (CDN and security): Routes traffic to our server for DDoS protection and speed. Has no access to your file contents.
We may also disclose information when required by law, court order, or to protect our legal rights.
Cookies
Our website uses the following types of cookies:
Required for basic site functionality - language preferences, dark/light mode, session ID, kovetz_quota_id (UUID for hourly quota counting), and Supabase auth cookies for registered users (sb-*).
Anonymous usage data for service improvement. IP anonymized.
Google cookies (__gads, __gpi, IDE) for ad personalization. Not served to Pro users.
Session ID for grouping technical errors into a single report. No personal data.
Cookie management: You can block or delete cookies in your browser settings. Blocking essential cookies may affect site functionality.
Your Rights
Under applicable privacy laws, you have the following rights:
Request to know what data we hold about you
Request correction of inaccurate data
Request deletion of your data from our systems
Object to certain processing of your data
Receive your data in a readable format
Restrict the processing of your data
To exercise your rights, contact us through our contact page with the subject "Privacy Request". We will respond within 30 days.
International Data Transfers
Our servers are located in Europe (Germany, Hetzner). Analytics data may be processed by Google on servers worldwide. We ensure any such transfers are subject to appropriate safeguards.
Children's Privacy
The Service is not intended for children under 16. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor without parental consent, we will delete such data promptly.
Email Communications
We send two types of email:
- Transactional: Registration confirmation, password reset, payment receipt, subscription renewal reminders. Required for service operation, sent to all registered users.
- Marketing: Promotions, product updates, and tips. Sent only to users who explicitly opted in. You may unsubscribe at any time via the link in each email or through our contact page.
In accordance with the Israeli Communications Law (Anti-Spam) 5742-1982 and applicable EU regulations, we do not send marketing content without prior explicit consent.
Policy Changes
We may update this policy from time to time. Material changes will be published on the website. Continued use of the Service after changes are published constitutes acceptance of the updated policy.
We recommend reviewing this policy periodically to stay informed.
Governing Law
This Privacy Policy is governed by the laws of the State of Israel. Any dispute regarding privacy shall be subject to the exclusive jurisdiction of the competent courts in the Tel Aviv-Jaffa district.
Questions about your privacy?
We are committed to full transparency. If you have questions, concerns, or requests regarding your data - get in touch.
Contact Us