Last updated May 11, 2026
This Privacy Policy describes how PAX Digitalis LLC ("Company," "we," "us," or "our"), doing business as NoStringsPDF, collects, uses, and protects your personal information when you use NoStringsPDF (the "Services").
NoStringsPDF is a web-based PDF form-filling tool. Users can upload PDF documents, automatically detect form fields, fill in information, add signatures, and download the completed document. The Free tier provides manual field placement and basic PDF utilities. The Pro tier adds automatic field detection, saved signatures, reusable templates, OCR for scanned documents, and PDF-to-Word conversion.
By using NoStringsPDF, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Services.
Summary of Key Points
What we collect: Email address, password (hashed), basic identifiers, subscription data, approximate location (country-level), and operational logs. We do NOT collect sensitive personal information, demographic data, biometric data, professional information, or education records.
What we don't do: We do not sell your data. We do not share data for advertising. We do not run third-party advertisements. We do not use Google Analytics or behavioral tracking. We do not profile users.
Who we share with: Only service providers necessary to operate the Services (Stripe for payments, Supabase for accounts, Cloudflare for hosting, and others listed below).
How long we keep it: As long as you have an active account. Deleted within 30 days of account closure (except where law requires longer retention, such as tax records).
Your rights: Access, deletion, correction, portability, and other rights depending on your jurisdiction. Contact privacy@nostringspdf.com to exercise them.
We collect personal information that you voluntarily provide when you register for an account or use the Services. This includes:
We do NOT collect:
When you access our Services, certain information is automatically collected by our infrastructure providers:
What we do not collect automatically:
When you upload a PDF document to NoStringsPDF, the document is processed in memory to provide the requested service (field detection, form filling, signing, etc.). Uploaded documents are not stored on our servers persistently and are deleted after processing completes.
Information you type into PDF form fields is also processed in memory and is not stored on our servers.
We use your personal information for the following purposes:
We do NOT use your information for:
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on the following legal bases to process your personal information under the General Data Protection Regulation (GDPR), UK GDPR, and Swiss Federal Act on Data Protection (FADP):
We process your information when necessary to provide the Services you have requested. This includes account management, service delivery, payment processing, customer support, and administrative communications.
We process certain information based on our legitimate interests, including:
When relying on legitimate interests, we balance our interests against your privacy rights. You have the right to object to processing based on legitimate interests by contacting us at privacy@nostringspdf.com.
We process certain information to comply with legal obligations, such as tax record retention (handled by our payment processor Stripe), responding to lawful government requests, and meeting other regulatory requirements.
Where required by applicable law, we will obtain your consent before processing certain information. You may withdraw consent at any time, although withdrawal does not affect the lawfulness of processing before withdrawal.
We do NOT sell your personal information. We do NOT share your information for cross-context behavioral advertising. We do NOT share your information with business affiliates (we have none) or business partners (we have none).
We share your information only with service providers (subprocessors) that help us operate the Services. These providers are contractually limited to using your information only to provide their service to us.
| Service Provider | Country | Purpose |
|---|---|---|
| Stripe | United States | Payment processing and subscription management |
| Supabase | United States | Authentication and database storage |
| Cloudflare | United States | Hosting, CDN, security (including Turnstile CAPTCHA), and cookie-free aggregate analytics |
| Railway | United States | Backend API hosting |
| Mistral AI | France (EU) | Optical Character Recognition (OCR) processing for Pro tier users who choose this feature |
| Adobe PDF Services | United States | PDF-to-Word conversion for Pro tier users who choose this feature |
| Resend | United States | Transactional email delivery (signup verification, password reset, payment receipts) |
| Sentry | United States | Error monitoring and diagnostics |
| Microsoft (Office 365 / Microsoft 365) | United States | Business email hosting for accounts including support@, privacy@, and legal@nostringspdf.com. Processes email correspondence including privacy-related inquiries and requests. |
| GoDaddy | United States | Domain registration |
| Termly | United States | Privacy policy and legal document management |
Each of these service providers operates under their own privacy policy and applicable data processing agreements. We have ensured that appropriate safeguards are in place, including Standard Contractual Clauses where applicable for transfers outside the EEA/UK/Switzerland.
If we are involved in a merger, acquisition, sale of assets, financing, or bankruptcy proceeding, your personal information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.
We may disclose your information if required to do so by law, court order, or governmental request, or to protect our rights, property, or safety, or that of our users or others.
NoStringsPDF is operated from the United States, and most of our service providers are located in the United States. When you use our Services from outside the United States—including from the European Economic Area, United Kingdom, Switzerland, Canada, or other countries—your personal information will be transferred to and processed in the United States and other countries where our service providers operate.
To ensure adequate protection of your personal information during international transfers, we rely on:
Specific countries where personal information is transferred:
By using our Services, you acknowledge that your personal information will be transferred internationally to enable us to provide the Services to you.
We use a minimal set of cookies and similar technologies necessary to operate the Services.
Because we only use strictly necessary cookies, we do not display a cookie consent banner under most privacy laws. You can manage cookies through your browser settings, but disabling necessary cookies will prevent the Services from functioning correctly.
For more details, please see our Cookie Policy.
We use third-party AI services to provide certain Pro tier features. These features are optional and only triggered when you explicitly choose to use them.
For Pro tier users who choose to use Optical Character Recognition (OCR) on scanned PDF documents, we send the relevant document content to Mistral AI for processing. Mistral AI is headquartered in France, and OCR processing occurs entirely within the European Union. Per Mistral's terms, documents are not retained after processing and are not used to train AI models.
For Pro tier users who choose to convert PDFs to editable Word documents, we send the relevant document content to Adobe PDF Services for processing. Adobe processes the document and returns the converted output. Per Adobe's terms, documents are not retained beyond the time required for processing.
AI processing only occurs when you explicitly activate an AI-powered feature (such as clicking "OCR this document" or "Convert to Word"). To opt out, simply do not use these features. All other NoStringsPDF functionality operates without AI processing.
You may also opt out by:
We retain your personal information for as long as necessary to provide the Services to you, unless a longer retention period is required or permitted by law.
Specifically:
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it.
We have implemented appropriate technical and organizational security measures designed to protect the security of your personal information, including:
However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. While we take reasonable measures to protect your information, we cannot guarantee its absolute security.
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. By using the Services, you represent that you are at least 18 years old.
If we become aware that we have collected personal information from a child under 18, we will take reasonable steps to delete that information from our records. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@nostringspdf.com.
Depending on where you live, you may have certain rights regarding your personal information. These may include:
You can exercise your privacy rights through any of the following methods:
To protect your information, we may need to verify your identity before processing requests. Typically, this means confirming the request comes from the email address associated with your account.
We will respond to verifiable requests within the timeframes required by applicable law (typically 30-45 days). For complex requests, we may extend this period by up to an additional 45 days with notice to you.
If we deny your privacy request, you have the right to appeal our decision. Submit appeals to privacy@nostringspdf.com with "APPEAL" in the subject line. We will review your appeal and respond within the timeframes required by applicable law.
If you are a resident of a U.S. state with applicable privacy laws, you may have specific rights under those laws. The states currently covered include:
California (CCPA/CPRA), Colorado (CPA), Connecticut (CTDPA), Delaware (DPDPA), Florida (FDBR), Indiana (INDPA), Iowa (ICDPA), Kentucky (KCDPA), Maryland (MDDPA), Minnesota (MNDPA), Montana (MCDPA), Nebraska (NEDPA), New Hampshire (NHPA), New Jersey (NJDPA), Oregon (OCPA), Rhode Island (RIDTPPA), Tennessee (TIPA), Texas (TDPSA), Utah (UCPA), and Virginia (VCDPA).
These laws generally provide rights similar to those described in Section 11 above. The specific rights, response times, and procedures may vary by state. To exercise your rights, contact us using the methods in Section 11.
We do NOT sell your personal information for monetary or other valuable consideration. We do NOT share your personal information for cross-context behavioral advertising purposes. Because we do not engage in these practices, there is no opt-out mechanism required, and the Global Privacy Control signal has no additional effect on our Services.
We do NOT collect sensitive personal information as defined under California and other state laws.
We do NOT offer financial incentives in exchange for the collection, sale, or retention of personal information.
We will not discriminate against you for exercising your privacy rights. We will not deny you services, charge different prices, or provide a different level of quality based on your exercise of privacy rights.
This section provides additional information for California residents under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
In the past 12 months, we have collected the following categories of personal information:
| Category | Collected | Disclosed for Business Purposes | Sold/Shared |
|---|---|---|---|
| Identifiers (email, IP address, account IDs) | Yes | Yes (to subprocessors) | No |
| California Customer Records (signatures, limited financial information) | Yes | To payment processor only | No |
| Characteristics (demographics) | No | No | No |
| Commercial information (subscription data) | Yes | Yes (to subprocessors) | No |
| Biometric data | No | No | No |
| Internet/network activity | Yes | Yes (to subprocessors) | No |
| Geolocation (approximate, IP-based) | Yes | Yes (to subprocessors) | No |
| Sensory data (audio, video, etc.) | No | No | No |
| Professional/employment information | No | No | No |
| Education information | No | No | No |
| Inferences/profiles | No | No | No |
| Sensitive personal information | No | No | No |
Personal information is collected directly from you (when you create an account or use the Services) and automatically (through standard web infrastructure such as server logs and aggregate analytics).
See Section 2 "How We Use Your Information."
See Section 4 "Who We Share Information With" for the full list of subprocessors.
California Civil Code Section 1798.83 permits California residents to request information about disclosures of personal information to third parties for direct marketing purposes. We do NOT share personal information with third parties for their direct marketing purposes. Therefore, we have no information to disclose under this section.
California residents may use an authorized agent to submit privacy requests on their behalf. We require written authorization from the consumer for the agent to act on their behalf, and we may require the consumer to verify their identity directly with us.
If you are located in the European Economic Area (EEA), United Kingdom, Switzerland, Iceland, Liechtenstein, or Norway, you have rights under the General Data Protection Regulation (GDPR), UK GDPR, and Swiss Federal Act on Data Protection (FADP).
See Section 3 "Legal Bases for Processing" for details on the legal grounds we rely on under GDPR.
We have not appointed an EEA or UK representative under GDPR Article 27 because our processing of personal data of EEA/UK residents is occasional, does not include large-scale processing, does not include special categories of personal data, and is unlikely to result in risk to the rights and freedoms of data subjects. EEA and UK residents may exercise their rights by contacting us directly at privacy@nostringspdf.com.
We are not required to appoint a Data Protection Officer under GDPR Article 37. However, we have designated a Privacy Officer responsible for handling privacy-related matters. The Privacy Officer can be reached at privacy@nostringspdf.com.
If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with the data protection authority in your country of residence.
If you are a resident of Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws, including Quebec's Law 25.
Your rights include:
To exercise your rights, contact us at privacy@nostringspdf.com.
Some web browsers offer a "Do Not Track" (DNT) signal or the Global Privacy Control (GPC) signal, which communicates a user's preference to opt out of certain data practices.
Because we do NOT sell personal information, do NOT share personal information for cross-context behavioral advertising, and do NOT engage in targeted advertising or behavioral profiling, DNT and GPC signals have no additional effect on our Services. The privacy protections these signals are designed to invoke already apply to all users by default.
If we ever begin engaging in practices that would be subject to DNT or GPC opt-out requirements, we will implement appropriate recognition of these signals and update this Privacy Policy accordingly.
We may update this Privacy Policy from time to time to reflect changes in our practices, the law, or for other operational reasons. When we make material changes, we will:
For minor updates (typo corrections, clarifications that don't change substantive rights), we may update without prior notice.
Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us:
Privacy Officer
PAX Digitalis LLC (d/b/a NoStringsPDF)
3711 Boxwood Ct
Hanover, NJ 07981
United States
Email: privacy@nostringspdf.com
For general inquiries, you may also contact support@nostringspdf.com.
For legal notices and updates, the contact email is legal@nostringspdf.com.
This Privacy Policy is provided as a draft suitable for beta launch. For broader public availability with paying customers or enterprise sales, we recommend legal counsel review and consideration of a maintained legal framework.