Last updated: December 11, 2023
Effective from: December 12, 2023
Readdle Limited (“Readdle” or “we”) welcomes you. We provide you with our application “Documents” (“App” or “Documents”), available on iOS and iPadOS, subject to the terms and conditions of our Terms of Service.
This Privacy Notice describes which of your personal data the App collects, how stores, processes, and uses it, and what happens when you use the App.
When you use our website by following the link (“Website”), your personal data is processed in accordance with the Privacy Notice for the Readdle Website.
We understand you care about your privacy, and we appreciate the trust you place in us. To justify that trust, we embed the latest data security standards, improve our awareness of privacy matters, and comply with the General Data Protection Regulation and other privacy laws.
If you have any questions or comments about this Privacy Notice, visit our Support page for more information about the App or contact us.
| Name | Readdle Limited |
|---|---|
| Registration number | 630281 |
| VAT | IE 3560869EH |
| Address | Glandore Business Centre, Grand Canal House, 1 Grand Canal Street Upper, Dublin 4, D04 Y7R5, Ireland. |
| rdsupport@readdle.com – for general inquiries dpo@readdle.com – for privacy inquiries |
Our support team is happy to assist you in any matter. We kindly ask you to be polite and calm in your communication with us. Otherwise, we may not respond to offensive emails/messages.
When you use Documents, you become our user ("User").
We divide the Users into categories so you can easily find details about the processing of your personal data. Pay attention that you can fall into several categories depending on your actions.
| Data subject | Description |
|---|---|
| Free User | User that uses the App for free |
| Paying User | User that uses the App on a paid basis or via a trial of the paid version. |
| Support Requester | User who contacts customer support via the App |
| Feedback Provider | User who provides feedback about the App to us directly or via a third-party platform |
| Please note! We do not knowingly process the personal data of Users under the age of 18. If you are such a User or you are a legal representative of such a User, please, contact us. | |
We receive data about you when you download our App and interact with it, depending on your actions in the App. Please read carefully the details below.
You can change your personal data in the App by exercising your right to rectification or by the App functionality. Please note that the same lawful bases and storage terms apply to the changed data.
We may also, although we do not necessarily do so, receive data from third parties. It depends on your settings and the features you use.
To process your personal data, we rely on the following lawful bases:
We collect your personal data according to this Privacy Notice when you use the App. Some of the data we collect automatically, such as the country the App is used in: we get this data based on the IP address or from the AppStore (we receive this information in a generalized form).
Generally, all the data provided to us can either be linked to you or not (i.e., anonymized data).
When you use our App, we may collect some technical data. Pay attention to the fact that we collect your device’s name for security purposes.
| Data | Reasons for Processing | Lawful Basis |
|---|---|---|
| Device info (device ID, IP address, phone settings, name, local time, other characteristics) | Improvement of our App. | Legitimate interest. |
| Device's name | Security purposes | Legitimate interest |
| Data Storage | ||
| We store the data during your use of the App and 1 year after the termination of the agreement between Readdle and you. | ||
Before using the App’s features, we may ask you for some information about yourself to help us choose how to improve the App.
| Data | Reasons for Processing | Lawful Basis |
|---|---|---|
| Field of activity | Improvement of the App | Legitimate interest |
| Files preferences | ||
| Necessary functions | ||
| Data Storage | ||
| We store the data until you delete your account | ||
We may ask you for your email to send you some useful information according to your answers.
| Data | Reasons for Processing | Lawful Basis |
|---|---|---|
| To send you tips about the usage of the App | Consent | |
| Data Storage | ||
| We store the data until you withdraw your consent | ||
We provide you with the possibility to link accounts from third-party services (Apple or Google) for integration and synchronization of data.
| Data | Reasons for Processing | Lawful Basis |
|---|---|---|
| Files on the cloud of the third-party service | Providing you with the functionality of the App | Performance of the contract |
| Data Storage | ||
| We do not store your files | ||
For greater security and anonymity when using the Internet, we have added a VPN. With VPN enabled, your IP address will be changed. A connection server can be random, or you can choose some specific one.
| Data | Reasons for Processing | Lawful Basis |
|---|---|---|
| Phone settings | Providing you with the functionality of the App | Performance of the contract |
| IP address | ||
| Data Storage | ||
| We store the data during your use of the App | ||
You may upload, create or edit different kinds of documents or content.
| Data | Reasons for Processing | Lawful Basis |
|---|---|---|
| Files | Providing you with the free functionality of the App | Performance of the contract |
| Data Storage | ||
| We do not store your files | ||
We provide you with the functionality for data transfer. With Wi-Fi, you can transfer files and photos from a computer to your iPhone or iPad and vice versa. Please note! All user data is transmitted exclusively over the local network and never gets to our or any other server.
While using a scanning or photo feature, we can request access to your camera to take a photo or scan of the document or signature and connect to a computer via a QR code. We also can request access to your microphone to enable sound annotations in PDF files.
While using Photo Actions on iOS, we can request access to your Photos to help you arrange your Photo library.
Air Gestures
The App offers an Air Gestures mode within its video player, allowing you to control the player solely through hand gestures, without requiring touch input. It is important to note that upon closing the App, the Air Gestures mode will deactivate automatically. You will need to manually re-enable this feature in the video player’s settings after reopening the App.
For this feature to function, we will request access to your device’s camera. The camera will be active while the Air Gestures mode is enabled within the video player. Upon exiting the video player, the Air Gestures mode will be temporarily paused.
The Air Gestures utilizes Apple's Vision framework technology to facilitate hand gesture recognition. This involves the processing of images from your device’s camera by Apple Inc. in accordance with Apple’s Terms and Conditions and Privacy Policy. The technology functions by detecting hand-raising gestures and analyzing the hand poses and the fingers coordinates within the captured images. Apple then provides the coordinates of your fingers to the App, which processes this data to execute specific commands, such as pausing a video, etc.
Our App does not utilize your data for learning purposes. Additionally, we do not retain or back up any finger coordinates, hand gestures, or other images when the feature is on. The coordinates are processed solely within your device and are automatically deleted afterwards.
| Data | Reasons for Processing | Lawful Basis |
|---|---|---|
| Permission for access to your device's camera | Providing you with the additional functionality of the app | Performance of the contract |
| Images from your device's camera | ||
| Hand pose and gestures, fingers coordinates in the space | ||
| Data Storage | ||
| We do not store your data. | ||
We also collect some analytics on how you use our App to assess the features and the App’s functionality.
| Data | Reasons for Processing | Lawful Basis |
|---|---|---|
| Permission for access to your device's camera | To analyse the features and the App's functionality | Legitimate interest |
| Activation of Air Gestures mode | ||
| Commands used in the Air Gestures mode | ||
| Data Storage | ||
| We store the data during the performance of the contract or until you object the processing | ||
If you are a Paying User, we collect the same data as the Free Users’ Data and some additional data to process your payments.
We charge you for premium subscriptions and paid features through the App Store.
We also keep the history of payments, as this is a legal requirement, and we cannot delete this information until the filing of the annual accounts expires.
| Data | Reasons for Processing | Lawful Basis |
|---|---|---|
Subscription and payment information:
| Confirming the payment for compliance with the applicable law. | Legal oblication |
| Confirming the payment for providing you with the paid features of the App | Performance of the contract | |
| Data Storage | ||
| We store the data during your use of the App and 6 years after the termination of the agreement between Readdle and you | ||
We also collect some information to provide you with the subscription features of the App.
| Data | Reasons for Processing | Lawful Basis |
|---|---|---|
| Files | Providing you with the subscription features of the App | Performance of the contract |
| Signature | To sign a document with a legally binding signature | |
| Password for PDFs | To protect your PDF file | |
| Metadata of music files | To edit your music files | |
| Data Storage | ||
| We do not store such type of data | ||
Pay attention, that we use Convert API to convert your files. The Convert API does not read or collect file content, metadata, or other data from the uploaded files.
When you address your request to support in the App, we collect some information to help you.
We may collect your detailed log files to help you with your problem. These log files may contain sensitive personal information and are connected to you.
Pay attention to our practice on the log files:
| Data | Reasons for Processing | Lawful Basis |
|---|---|---|
| To fulfill your support request | Performance of the contract | |
| Name | ||
| Type of device | ||
| Text of the request | ||
| Attached files | ||
| Logs | ||
| Privacy requests | ||
| If you contact us through our DPO mailbox, we will process your request with the help of Spark Mail. | ||
| Data Storage | ||
| We store the data during your use of the App and 3 years after the termination of the agreement between Readdle and you | ||
When you submit your feedback about the App to us directly or via third-party platforms, we process personal data in your feedback, which may include data listed below:
| Feedback Provided to us Directly | ||
|---|---|---|
| Data | Reasons for Processing | Lawful Basis |
| To respond to your feedback and ask for your consent | Consent | |
| First and last name or username | To use your feedback in our marketing activities | |
| Text of the feedback | To use your feedback in our marketing activities | |
| Submission date | To use your feedback in our marketing activities | |
| Assigned rating | To use your feedback in our marketing activities | |
| Data Storage | ||
| We store the data for 6 years from feedback or the last communication on feedback | ||
| Feedback Provided via a Third-party Platform | ||
|---|---|---|
| Data | Reasons for Processing | Lawful Basis |
| First and last name or username | To use your feedback in our marketing activities | Legitimate interest |
| Text of the feedback | To use your feedback in our marketing activities | |
| Data Storage | ||
| We store the data for 2 years from feedback or the last communication on feedback | ||
We may receive some personal data from third parties.
The amount of data collected, the purposes, and the lawful bases for processing are determined by the respective privacy documents of these parties.
| Third Party | Privacy Documents |
|---|---|
| Hotspot Shield | Privacy Notice |
| Convert API | Terms and Privacy |
| Amplitude | Privacy Notice |
| Typeform | Privacy Policy |
| Dropbox | Privacy Policy |
| Google Drive | Privacy Policy |
| OneDrive | Privacy |
| Box | Privacy Notice |
| Spark | Privacy Policy |
| Apple | Privacy Policy |
We can share your personal data with third parties without any harm to you and in full compliance with applicable law. In addition, we have implemented organizational and technical measures to ensure the security of personal data during data transfer to third parties.
To share your data, we rely on the following lawful bases, depending on the case: consent, compliance with the law, and performance of a contract.
| Third Party | Description |
|---|---|
| Analytics tools | We use analytics tools to understand and promote our business. |
| Contractors | We cooperate with contractors to operate, develop, and improve the features and functionality of the App, fulfill your support requests, etc. We sign data processing agreements with them and impose various security measures to ensure your data is safe. |
| Services Documents uses | We use third-party services to provide you with the functionality of the App. |
| Services our team uses | We use CRM systems, messengers, and other services in our organization to provide you with our services. To manage and fulfill privacy requests we use: |
| State authorities, courts, law enforcement agencies, etc | We may be obliged to transfer some of your data to tax authorities, courts, law enforcement agencies, and other governmental bodies:
|
| To get a detailed list of the third-party recipients of your personal data, contact us | |
The personal data we collect is stored on the US servers, which participate in the Data Privacy Framework and European Economic Area (“EEA”) servers, which fall under the General Data Protection Regulation.
We may share personal data with the recipients in the USA and other countries, including non-EEA ones, ensuring that your data is protected and processed in accordance with the General Data Protection Regulation. For example, we share some data with our contractors in Ukraine.
To share the data outside the EEA, we rely on the adequacy decision by the European Commission or the Data Privacy Framework participation of the recipient. If the recipient does not participate in the Data Privacy Framework and its country is not deemed to provide an adequate level of protection for your personal data, we adopt Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.
You can read more detailed measures to protect your personal data here.
We systematically perform Data Protection Impact Assessments to ensure that we use an appropriate level of technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of or access to personal data transmitted, stored, or otherwise processed.
To be more specific, to protect your personal data, we use HTTPS and encryption, divided group and individual access (where appropriate), an alarm system, corporate VPN, and written approved internal policies (like password policy and physical access policy).
Moreover, we systematically monitor our technologies’ state of the art and never forget about the backups. All our contractors are under contractual obligations compliant with the GDPR requirements.
You can contact us in case of any questions regarding security issues.
Here you can find information about the steps we mentioned above:
| Physical measures | |
|---|---|
| Limited access to premises | |
| Organizational measures | |
Policies and instructions
| Transfer protection
|
| Contractor and Staff Training | Agreements
|
| Regular Access and Policy Review | Privacy Protection
|
| Code Review | |
| Technical measures | |
Encryption technologies:
| Backup:
|
| Two-factor authentication | Stress Tests |
| Static Analysis | Quality Assurance |
| Regular Patch Management | Dependency and Supply Chain Vulnerability Check |
You, as a data subject, have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them depending on your residency.
| Right | Description |
|---|---|
| Right to access | You can request an explanation of the processing of your personal data. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
| Right to restrict the processing | You may partially or completely prohibit us from processing your personal data. |
| Right to data portability | You can request all the data that you provided to us, as well as request to transfer data to another controller. |
| Right to object | You may object to the processing of your personal data. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right to file a complaint | If your request was not satisfied, you can file a complaint to the regulatory body. |
| To exercise your rights, contact us. | |
| For EEA residents: we will answer your request within one month. If your request is not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here. | |
| For UK residents: we will answer your request within one month. If your request is not satisfied, you can submit a complaint at the Information Commissioner’s Office via number 0303-123-1113 or go online at www.ico.org.uk/concerns. | |
Your rights vary depending on the state of your residency, as indicated below.
| Right | Description | Area | |
|---|---|---|---|
| Right to access | You can request an explanation of the processing of your personal data. |
|
|
| Right to correct | You can change the data if it is inaccurate or incomplete. |
|
|
| Right to delete | You can send us a request to delete your personal data from our systems. |
|
|
| Right to portability | You can request all the data you provided to us and request to transfer data to another controller. |
|
|
| Right to opt out of sales | The right to opt out of the sale of personal data to third parties. |
|
|
| Right to opt out of certain purposes | The right to opt out of processing for profiling/targeted advertising purposes. |
|
|
| Right to opt out of the processing of sensitive data | The right to opt out of the processing of sensitive data. |
| |
| Right to opt in for sensitive data processing | The right to opt in before the processing of sensitive data |
|
|
| Right against automated decision-making | A prohibition against a business making decisions about a consumer based solely on an automated process without human input. |
|
|
| Private right of action | The right to seek civil damages from a controller for violations of a statute. |
| |
| To exercise your rights, contact us | |||
| We will answer your request within 30 to 60 days, depending on the state and legislative requirements. If your complaint is not satisfied, you can submit a complaint with the Federal Trade Commission. | |||
| Note: Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please contact us. | |||
California residents have the right under the California Consumer Privacy Act (“CCPA”) to opt out of the “sale” of their personal information by a company governed by CCPA.
We neither sell your personal information to anyone nor use your data as a business model. Your privacy is our top priority and we are committed to protecting it.
However, we support the CCPA by allowing California residents to opt out of any future sale of their personal information. If you would like to record your preference that we will not sell your data in the future, please contact us via dpo@readdle.com.
California residents visiting our App may request that we do not automatically gather and track information pertaining to their online browsing movements across the Internet.
Such requests are typically made through web browser settings that control signals or other mechanisms that allow consumers to exercise choice regarding collecting personal data about an individual consumer’s online activities over time and across third-party websites or online services.
We currently do not have the ability to honor these requests. We may modify this Privacy Notice as our abilities change.
| Right | Description |
|---|---|
| Right to access | You can request an explanation of the processing of your personal data. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to delete | You can send us a request to delete your personal data from our systems. We will remove all data except of what we are obliged to store in compliance with the law requirements. |
| Right to data portability | You can request all the data you provided to us and request to transfer data to another controller. |
| Right to object opt-out | You may object to the processing of your personal data. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right not to be subject to automated decision-making | You can object to being subject to automated-based processing to know if there are consequences concerning them due to such processing. |
| Right to lodge a complaint | If your request is not satisfied, you can file a complaint to the regulatory body. |
| To exercise your rights, contact us | |
| We will answer your request within 30 days. If your complaint is not satisfied, you can submit a complaint to the Office of the Privacy Commissioner of Canada. | |
The Privacy Notice and the relationships falling under its effect are regulated by the General Data Protection Regulation. Existing laws and requirements for processing personal data are subject to change. Should this be the case, we will publish a new version of the Privacy Notice addressing such changes in our App.
If we make substantial changes to the Privacy Notice or the App that affect your data privacy rights, we will notify you by email or display information in the App and ask you to read it. We will notify you in advance, and, if you continue using the App after the changes come into effect, it shall be deemed that you have agreed to and accepted the updated Privacy Notice.