RotateMyPDF

Free & Secure

Privacy Policy

Last Updated: July 29, 2025

Effective Date: July 29, 2025

1. Controller and Data Protection Officer

Data Controller: RotateMyPDF

Website: www.rotatemypdf.com

We do not maintain a Data Protection Officer as we primarily process data through third-party services (Google). For data protection inquiries related to Google services, please contact Google directly through their privacy channels.

2. Legal Basis for Processing

We process personal data under the following legal bases:

  • Legitimate Interest: Website analytics and improvement (Article 6(1)(f) GDPR)
  • Consent: Advertising cookies and personalized ads (Article 6(1)(a) GDPR)
  • Legal Obligation: Compliance with applicable laws (Article 6(1)(c) GDPR)

3. Data We Collect

3.1 PDF Files - NO COLLECTION

IMPORTANT: Your PDF files are NEVER collected, stored, transmitted, or processed by our servers:

  • All PDF operations occur entirely within your browser
  • Files remain in your device's memory only during processing
  • Files are automatically deleted when you close the browser tab
  • We have no technical ability to access your PDF content
  • No file metadata, names, or content is transmitted to our servers

3.2 Analytics Data via Google Analytics 4

Data Collected:

  • IP address (anonymized to remove last octet)
  • Browser type, version, and language settings
  • Operating system and device information
  • Screen resolution and viewport size
  • Pages visited, time spent, and user interactions
  • Referrer URL and traffic source
  • Geographic location (country/region level only)
  • User engagement metrics and conversion events

Retention Period: 26 months (Google Analytics default)

Legal Basis: Legitimate interest for website improvement

3.3 Advertising Data via Google Ads

Data Collected:

  • Advertising identifiers and cookie IDs
  • Ad interaction data (clicks, views, conversions)
  • Device and browser information for ad delivery
  • Interest categories for targeted advertising
  • Previous website visits for remarketing

Retention Period: Varies by Google's policies (typically 18 months)

Legal Basis: Consent (where required) and legitimate interest

3.4 Technical Data

Automatically Collected:

  • HTTP request logs (IP address, timestamp, request type)
  • Error logs for debugging purposes
  • Performance monitoring data
  • Security monitoring data

Retention Period: 12 months maximum

Legal Basis: Legitimate interest for security and performance

4. Cookies and Tracking Technologies

4.1 Essential Cookies (No Consent Required)

  • Session management cookies
  • Security cookies
  • User preference cookies (theme, language)
  • Load balancing cookies

4.2 Analytics Cookies (Google Analytics)

Purpose: Website analytics and user behavior analysis

Duration: Up to 2 years

Third Party: Google LLC

4.3 Advertising Cookies (Google Ads)

Purpose: Ad targeting, personalization, and conversion tracking

Duration: Up to 18 months

Third Party: Google LLC

4.4 Cookie Consent Management

Users can:

  • Accept or reject non-essential cookies via our cookie banner
  • Modify preferences at any time through browser settings
  • Use opt-out tools provided by Google
  • Use browser "Do Not Track" settings (honored where technically feasible)

5. Data Sharing and Third Parties

5.1 Google Services

We share anonymized data with:

  • Google Analytics: For website performance and user behavior analysis
  • Google Ads: For advertising delivery and optimization
  • Google Tag Manager: For managing tracking codes

Google's Data Processing: Governed by Google's Privacy Policy and Data Processing Terms

5.2 Other Third Parties

We may share data with:

  • Legal Authorities: When required by law, court order, or government request
  • Service Providers: Technical service providers under strict data processing agreements
  • Business Transfers: In case of merger, acquisition, or sale (with notice)

5.3 Data Never Shared

  • PDF file content or metadata
  • Personally identifiable information (beyond what's automatically collected by Google services)
  • Individual user profiles or behavior patterns

6. International Data Transfers

Google Services: Data may be transferred to and processed in the United States and other countries where Google operates. These transfers are protected by:

  • Google's compliance with EU-US Data Privacy Framework
  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions where applicable

Safeguards: All international transfers include appropriate safeguards as required by GDPR Article 46.

7. Data Retention

  • Analytics Data: 26 months (Google Analytics)
  • Advertising Data: 18 months (Google Ads)
  • Technical Logs: 12 months maximum
  • PDF Files: 0 seconds (never stored)
  • Cookie Consent Records: 12 months

Data is automatically deleted after retention periods expire.

8. Your Rights (GDPR, CCPA, PIPEDA Compliance)

8.1 EU/UK Users (GDPR/UK GDPR)

  • Right of Access (Article 15): Request information about your personal data
  • Right to Rectification (Article 16): Correct inaccurate data
  • Right to Erasure (Article 17): Request deletion of your data
  • Right to Restrict Processing (Article 18): Limit how we process your data
  • Right to Data Portability (Article 20): Receive your data in machine-readable format
  • Right to Object (Article 21): Object to processing based on legitimate interest
  • Right to Withdraw Consent (Article 7): Withdraw consent for cookies/advertising

8.2 California Users (CCPA/CPRA)

  • Right to Know: Categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Request correction of inaccurate information
  • Right to Opt-Out: Opt out of sale/sharing of personal information
  • Right to Limit: Limit use of sensitive personal information
  • Right to Non-Discrimination: No discrimination for exercising rights

8.3 Canadian Users (PIPEDA)

  • Right to Access: Access personal information we hold about you
  • Right to Correction: Correct inaccurate personal information
  • Right to Withdraw Consent: Withdraw consent where applicable

8.4 Exercising Your Rights

For Google Services Data:

  • Google Analytics: Google Privacy Controls
  • Google Ads: Google Ad Settings
  • Data Subject Requests: Google Privacy Policy

Response Time: We will respond to valid requests within 30 days (GDPR) or as required by applicable law.

9. Data Security

9.1 Technical Safeguards

  • Encryption: All data transmission via HTTPS/TLS 1.3
  • Access Controls: Limited access to technical systems
  • Monitoring: Continuous security monitoring and logging
  • Updates: Regular security updates and patches

9.2 Organizational Safeguards

  • Data Minimization: We collect only necessary data
  • Purpose Limitation: Data used only for stated purposes
  • Staff Training: Limited staff access with privacy training
  • Incident Response: Data breach notification procedures in place

9.3 PDF File Security

  • No Storage: Files never stored on servers
  • Local Processing: All operations in browser memory only
  • Automatic Deletion: Files cleared when tab closes
  • No Access: Technical impossibility for us to access file content

10. Children's Privacy (COPPA/GDPR-K Compliance)

10.1 Age Restrictions

  • We do not knowingly collect personal information from children under 13 (US) or 16 (EU)
  • PDF processing is safe for all ages as no data is transmitted
  • Google services have their own child protection measures

10.2 Parental Rights

Parents may:

  • Request deletion of their child's data from Google services
  • Opt their child out of personalized advertising
  • Contact Google directly for child privacy concerns

11. Data Breach Notification

Breach Response:

  • Notification to supervisory authorities within 72 hours (where required)
  • User notification for high-risk breaches
  • Incident documentation and remediation
  • Regular security assessments

Note: Given our minimal data collection and local PDF processing, data breach risk is significantly reduced.

12. Automated Decision Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects. Google services may use automated processing for ad targeting, which is governed by Google's policies.

13. Changes to This Privacy Policy

Notification Methods:

  • Website notice with updated date
  • Prominent banner for material changes
  • Email notification (if we had contact information)
  • Reasonable notice period before changes take effect

Material Changes: Require new consent for new purposes or data types.

14. Supervisory Authority Contacts

  • EU Users: Contact your local data protection authority
  • UK Users: Information Commissioner's Office (ICO)
  • California Users: California Attorney General's Office
  • Canada Users: Office of the Privacy Commissioner of Canada

15. Accessibility and Languages

This Privacy Policy is available in multiple languages. In case of conflicts, the English version prevails. We provide accessible formats upon request through standard web accessibility features.

⚖️ Legal Disclaimers and Limitations

15.1 Service Disclaimers

"AS IS" BASIS: PDF Rotator is provided without warranties of any kind, express or implied, including but not limited to:

  • Merchantability and fitness for particular purpose
  • Non-infringement of third-party rights
  • Uninterrupted or error-free operation
  • Accuracy or reliability of results
  • Security of data processing

15.2 Limitation of Liability

MAXIMUM LIABILITY: To the fullest extent permitted by law, our total liability for any claims relating to this service shall not exceed $100 USD or the equivalent in your local currency.

EXCLUDED DAMAGES: We shall not be liable for:

  • Indirect, incidental, special, or consequential damages
  • Loss of profits, data, or business opportunities
  • Damages arising from third-party services (including Google)
  • Force majeure events beyond our reasonable control

15.3 User Responsibilities

Users are solely responsible for:

  • Ensuring PDF files don't contain sensitive/confidential information
  • Compliance with applicable laws in their jurisdiction
  • Regular review of this Privacy Policy
  • Understanding risks of online services

15.4 Third-Party Services

Google Services Disclaimer: Google Analytics and Google Ads are third-party services governed by Google's own terms and privacy policies. We are not responsible for Google's data handling practices.

15.5 Indemnification

Users agree to indemnify and hold harmless PDF Rotator from any claims, damages, or expenses arising from:

  • Misuse of the service
  • Violation of applicable laws
  • Infringement of third-party rights
  • User-uploaded content

15.6 Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of [Your Jurisdiction]. Any disputes shall be resolved in the courts of [Your Jurisdiction], except where consumer protection laws mandate otherwise.

15.7 Severability

If any provision of this Privacy Policy is found unenforceable, the remaining provisions shall remain in full force and effect.

15.8 Entire Agreement

This Privacy Policy, together with our Terms of Service, constitutes the entire agreement regarding privacy practices for this service.

This Privacy Policy was last reviewed by legal counsel on [Date] and complies with GDPR, CCPA, PIPEDA, and other applicable privacy laws as of the effective date.

RotateMyPDF

Free & Secure

Rotate your PDF pages for free, securely in your browser. No uploads, no registration required. Your files never leave your device.

Useful Links

100% Browser-based
Secure & Private
Always Free

© 2025 RotateMyPDF. Made with

for privacy.