Privacy Policy

Last updated: December 18th, 2025

1. Introduction

TailPDF ("we", "us", or "our") is operated by Warm Energy Labs Limited, a company registered in England and Wales (Company No. 14120157). We are committed to protecting your privacy and handling your data in an open and transparent manner.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our HTML to PDF generation service ("Service"). Please read this policy carefully to understand our practices regarding your personal data.

2. Data Controller

Warm Energy Labs Limited is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at:

  • Email: [email protected]
  • Address: Dencora Court, 2 Meridian Way, Meridian Business Park, Norwich NR7 0TA, UK

3. Information We Collect

3.1 Account Information

When you register for an account, we collect:

  • Name
  • Email address
  • Password (stored securely using industry-standard hashing)
  • Company name (optional)
  • Billing information (processed securely by our payment provider)

3.2 Usage Data

We automatically collect certain information when you use our Service:

  • API request logs (timestamps, endpoints called, response codes)
  • PDF generation statistics (page counts, file sizes)
  • IP addresses
  • Browser type and version
  • Device information

3.3 Content Data

When you use our PDF generation API, you submit HTML, CSS, and other content. This content is:

  • Processed transiently for PDF generation
  • Not stored after the PDF is generated and delivered
  • Not used for any purpose other than generating your requested PDF

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process your transactions and manage your subscription
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyse usage patterns to improve user experience
  • Detect, prevent, and address technical issues and abuse
  • Comply with legal obligations

5. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

  • Contract: Processing necessary for the performance of our contract with you (providing the Service)
  • Legitimate Interests: Processing necessary for our legitimate interests (improving the Service, security, fraud prevention)
  • Legal Obligation: Processing necessary to comply with our legal obligations
  • Consent: Where you have given consent for specific processing activities (e.g., marketing communications)

6. Data Retention

6.1 Account Data

We retain your account information for as long as your account is active. If you close your account, we will delete your personal data within 30 days, except where we need to retain it for legal or legitimate business purposes.

6.2 API Logs

API request logs are retained for 90 days for debugging and support purposes, after which they are automatically deleted.

6.3 Content Data

HTML and CSS content submitted for PDF generation is processed in memory and is not persisted to disk. Generated PDFs are available for download for a maximum of 1 hour before being automatically deleted.

7. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Service Providers: Third-party companies that help us operate our Service (hosting, payment processing, analytics)
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Protection of Rights: When necessary to protect our rights, privacy, safety, or property

7.1 Sub-processors

We use the following sub-processors:

  • Stripe: Payment processing (USA, EU)
  • Amazon Web Services: Cloud hosting and infrastructure (EU)
  • Cloudflare: CDN, DNS, and security services (USA, EU)
  • Fathom Analytics: Privacy-focused website analytics (EU)
  • Postmark: Transactional email delivery (USA)

8. International Data Transfers

Your information may be transferred to and processed in countries outside the UK and European Economic Area. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Other legally approved transfer mechanisms

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS 1.3) and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication requirements
  • Employee security training
  • Incident response procedures

10. Your Rights

Under UK GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data
  • Restriction: Request restriction of processing
  • Portability: Request transfer of your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

11. Cookies

We use minimal cookies necessary for the operation of our Service:

  • Session Cookies: Essential for authentication and security
  • Preference Cookies: Remember your settings and preferences

We use Fathom Analytics for website analytics, which is privacy-focused and does not use cookies or collect personal data.

12. Children's Privacy

Our Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Complaints

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Warm Energy Labs Limited
Company No. 14120157 (England and Wales)
VAT GB482750081
Dencora Court, 2 Meridian Way, Meridian Business Park, Norwich NR7 0TA, UK