Privacy Policy
SanctumPDF — sanctumpdf.com
Last updated: 12 March 2026
Operated by: Lars Holmström (Sole Trader, Melbourne, Australia)
The short version
Your files never leave your browser. SanctumPDF processes PDFs entirely on your device using WebAssembly. We cannot see, access, or store your documents.
The one exception is our Bank Statement Converter. For that tool, text is first extracted from your PDF locally in your browser. Only the extracted text (never the PDF file itself) is sent to Google's Gemini AI for structured parsing. The text is not stored by us or by Google after processing.
Beyond that, we collect only what's needed to run your account and process payments: your email address, your subscription status, and your usage counts. That's it.
No tracking cookies. No advertising. No selling your data. Ever.
1. Who we are
SanctumPDF is operated by Lars Holmström as a sole trader registered in Melbourne, Victoria, Australia. For privacy enquiries, contact: privacy@sanctumpdf.com
2. What data we collect
2.1 Account information
When you create a SanctumPDF account, we collect:
- Email address — used for account login, password reset, and transactional emails (receipts, subscription confirmations)
- Name (if provided via Google sign-in) — used for display purposes only
- Authentication data — managed by Supabase (our authentication provider). If you sign in with Google, we receive your name and email from Google's OAuth service. We do not receive or store your Google password.
2.2 Payment information
When you subscribe to a paid plan, payment is processed entirely by Stripe. We do not receive, process, or store your credit card number, bank account details, or other payment credentials. Stripe provides us with:
- Confirmation of successful payment
- Your subscription status (active, cancelled, expired)
- A Stripe customer ID (an internal reference number)
For Stripe's own data practices, see Stripe's Privacy Policy.
2.3 Usage data
We track the following to enforce plan limits and improve the product:
- Tool usage counts — which tools you use and how many times per day/month (e.g., “3 compressions today”). This is stored in our database (Supabase) linked to your account.
- File metadata for limit enforcement — file size (to enforce tier limits). We do not store file names, file contents, or any data from within your documents.
2.4 Analytics data
We use PostHog in cookieless mode for product analytics. This means:
- No cookies are set for analytics purposes
- No personally identifiable information is collected by our analytics
- We track anonymous, aggregated events such as: which tools are used most, which pages are visited, and general conversion metrics
- PostHog's EU cloud instance is used, with data stored in Frankfurt, Germany
We do not use Google Analytics, Facebook Pixel, or any advertising trackers.
2.5 Bank Statement Converter — AI processing
When you use the Bank Statement Converter:
- Your PDF file is parsed entirely in your browser. The PDF is never uploaded to our servers or any third party.
- Extracted text only (transaction dates, descriptions, amounts — as plain text) is sent to Google's Gemini API for structured parsing into table format.
- The PDF file itself, including images, fonts, metadata, and layout data, is never transmitted.
- Google's Gemini API processes the text and returns structured data. Per Google's API terms, data sent through the paid Gemini API is not used to train Google's models and is not retained after processing.
- The structured result is returned to your browser, where you can review, edit, and export it.
We do not store, log, or retain any of the text sent to or received from the Gemini API.
3. What data we do NOT collect
To be explicit:
- File contents — we never see, access, or store the contents of your PDFs
- File names — we do not record what your files are called
- Document metadata — we do not extract or store author names, creation dates, or other PDF metadata
- Browsing history — we do not track which other websites you visit
- IP addresses — we do not log or store your IP address for analytics purposes (PostHog cookieless mode anonymises this)
- Device fingerprints — we do not fingerprint your browser or device
4. How we use your data
We use collected data for the following purposes only:
| Data | Purpose | Legal basis |
|---|---|---|
| Email address | Account management, login, transactional emails | Contract performance |
| Name | Display in account UI | Legitimate interest |
| Stripe customer ID | Subscription management, payment history | Contract performance |
| Usage counts | Enforcing plan limits | Contract performance |
| Anonymous analytics | Understanding feature usage, improving the product | Legitimate interest |
We do not use your data for:
- Advertising or ad targeting
- Selling or sharing with third parties for marketing
- Profiling or automated decision-making that affects your rights
- Training AI models
5. Third-party services
We use the following third-party services that process some of your data:
| Service | What they receive | Their role |
|---|---|---|
| Supabase | Email, hashed password, OAuth tokens, usage data | Authentication and database |
| Stripe | Payment details (entered directly into Stripe's form) | Payment processing |
| Google Gemini API | Extracted text from bank statements | AI-powered table parsing |
| Vercel | Serves the website; processes web requests | Website hosting |
| PostHog | Anonymous, cookieless analytics events | Product analytics |
We do not share your personal information with any other third parties.
6. Cookies
SanctumPDF uses only essential cookies required for the service to function:
- Authentication session cookie — set by Supabase to keep you logged in. This is a strictly necessary cookie and does not require consent under GDPR or the Australian Privacy Act.
- Stripe payment cookies — set by Stripe during the checkout process for fraud prevention and payment security. These are strictly necessary for payment processing.
We do not set any:
- Analytics cookies
- Advertising or tracking cookies
- Third-party marketing cookies
Because we use only strictly necessary cookies, no cookie consent banner is required.
7. Data storage and security
- Account data is stored in Supabase's managed PostgreSQL database. Supabase uses encryption at rest and in transit.
- Payment data is stored by Stripe. We never store payment credentials on our servers.
- File data is never stored anywhere — it exists only in your browser's memory during processing and is discarded when you close the tab.
- All connections to sanctumpdf.com use HTTPS (TLS 1.3) encryption.
8. Data retention
| Data | Retention period |
|---|---|
| Account information | Retained while your account is active. Deleted within 30 days of account deletion. |
| Usage tracking data | Rolling 90-day window. Older usage data is automatically purged. |
| Payment records | Retained by Stripe per their policies and applicable tax/legal requirements. |
| Analytics data | Aggregated and anonymised. No personal data retained. |
| File contents | Never stored. Exists only in browser memory during processing. |
| Bank statement text sent to Gemini | Not retained by us or by Google after processing. |
9. Your rights
If you are in the European Union (GDPR)
You have the right to:
- Access your personal data — request a copy of all data we hold about you
- Rectify inaccurate data — update your email or name in your account settings
- Erase your data — delete your account and all associated data
- Port your data — receive your data in a machine-readable format
- Object to processing — opt out of analytics (though our analytics are already anonymous)
- Restrict processing — request we limit how we use your data
- Lodge a complaint with your local data protection authority
If you are in Australia (Privacy Act 1988)
Under the Australian Privacy Principles (APPs), you have the right to:
- Access personal information we hold about you (APP 12)
- Correct inaccurate or outdated information (APP 13)
- Know how your information is handled (this policy fulfils APP 1 and APP 5)
- Complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we have breached the APPs
For all users
To exercise any of these rights, email privacy@sanctumpdf.com. We will respond within 30 days.
To delete your account and all associated data, you can do so directly from your account settings page, or by emailing us.
10. International data transfers
SanctumPDF uses services that store data in various locations:
- Supabase — your chosen region at project setup (may be US, EU, or Asia-Pacific)
- Stripe — primarily US-based, with EU processing for EU customers
- PostHog — EU cloud instance (Frankfurt, Germany)
- Vercel — global edge network, with origin servers in the US
- Google Gemini API — US-based processing
Where data is transferred outside Australia or the EEA, we ensure that appropriate safeguards are in place. All third-party services listed above maintain standard contractual clauses (SCCs) or equivalent protections for international transfers.
11. Children's privacy
SanctumPDF is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at privacy@sanctumpdf.com and we will delete it promptly.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the “Last updated” date at the top of this page
- Notify registered users via email for significant changes
- Post a notice on the website
Your continued use of SanctumPDF after changes are posted constitutes acceptance of the updated policy.
13. Contact
For any privacy-related questions, concerns, or requests:
Email: privacy@sanctumpdf.com
Location: Melbourne, Victoria, Australia
This privacy policy was last reviewed and updated on 12 March 2026.