Privacy Policy

HTMLPDF.dev operates the website htmlpdf.dev and the HTMLPDF.dev HTML-to-PDF generation service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Questions? Email us at [email protected].

Account Information

When you register, we collect:

• Name and email address
• Password (stored as a one-way bcrypt hash — we cannot read it)
• Subscription plan and billing status

Payment Information

We use Stripe to process payments. We never store your card number, CVC, or full card details on our servers. Stripe stores and processes this data under their own Privacy Policy. We store only your Stripe customer ID and subscription metadata.

Usage Data

We automatically collect:

• API request logs (timestamp, HTML/URL submitted, response status, processing time)
• Monthly PDF generation counts per API key
• IP address of API requests (for rate limiting and abuse prevention)
• Browser type and OS when using the web dashboard

Content You Submit

When you call the API, you submit HTML strings or URLs to convert to PDF. We process this content to generate PDFs and do not store resulting PDFs beyond the immediate request lifecycle (except in json response mode, where the PDF binary is held in memory for up to 24 hours before expiry). Submitted URLs and HTML metadata are logged for abuse prevention and retained for 30 days.

Cookies & Analytics

• To provide, operate, and maintain the HTMLPDF.dev service
• To process payments and manage your subscription
• To send transactional emails (verification, OTP codes, receipts)
• To enforce API rate limits and monthly PDF generation quotas
• To detect and prevent abuse, fraud, and unauthorised access
• To respond to support requests
• To send service-related notices (maintenance, security updates)
• To improve the service using aggregated, anonymised usage patterns

We use Mailgun to deliver transactional emails: verification, two-factor codes, and subscription confirmations. These are essential to the service and cannot be opted out of while maintaining an active account.

We do not send marketing emails unless you explicitly opt in.

We share data only with the following sub-processors:

We may disclose information if required by law or to protect the rights, property, or safety of HTMLPDF.dev, our users, or the public.

• Account data: retained for the duration of your account, deleted within 30 days of closure upon request
• API request logs: retained for 30 days for abuse prevention, then deleted
• Billing records: retained for 7 years as required by applicable tax law
• Generated PDFs: not stored server-side; in JSON response mode, binary data is held in memory for up to 24 hours then discarded

• TLS encryption for all data in transit (HTTPS enforced via HSTS)
• Passwords hashed with bcrypt (cost factor 12)
• API keys stored as hashed values
• Two-factor authentication available for all accounts
• Database not exposed to the public internet
• Rate limiting and brute-force protection on all auth endpoints

No method of transmission or storage is 100% secure. We take all reasonable steps to protect your data but cannot guarantee absolute security.

Depending on your location, you may have the right to:

To exercise any of these rights, email [email protected]. We will respond within 30 days.

Our servers are located in the European Union. If you access the service from outside the EU, your data may be transferred internationally when processed by our sub-processors. These transfers are covered by standard contractual clauses or equivalent safeguards.

HTMLPDF.dev is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice in the dashboard. The "Last updated" date at the top reflects the most recent revision. Continued use after changes constitutes acceptance.

For any privacy-related questions or requests: