Privacy Policy
Last updated: 23 June 2026
This policy explains how Matfy ("we", "us"), the data controller for PDFInvoiceAPI, handles personal data. We are based in the Netherlands and comply with the EU General Data Protection Regulation (GDPR). Contact us at support@pdfinvoiceapi.com.
1. Data we collect
- Account data — your name and email address.
- Usage data — API request metadata (render counts, timestamps, status, IP address) used for billing, rate-limiting, and abuse prevention.
- Billing data — handled by Stripe. We store your Stripe customer and subscription identifiers; we never see or store your card details.
- Communications — messages you send us for support.
2. Your document content
The HTML, templates, and data you submit to render a PDF are processed transiently to produce your document. Rendered PDFs are streamed back and not stored (unless you explicitly enable optional document hosting). We do not use your content to train any model.
3. How we use data & legal bases
| Purpose | Legal basis |
|---|---|
| Provide and operate the Service | Performance of a contract |
| Billing and subscriptions | Performance of a contract |
| Security, rate-limiting, abuse prevention | Legitimate interests |
| Service and transactional emails | Performance of a contract |
| Legal and tax compliance | Legal obligation |
4. Subprocessors
We share data only with processors that help us run the Service:
- Cloudflare — hosting, edge compute, and PDF rendering (EU & US regions).
- Stripe — payment processing.
- Resend — transactional email delivery.
5. Data retention
We keep account data for as long as your account is active. When you delete your account, we delete or anonymise your personal data within a reasonable period, except where we must retain records (e.g. invoices) to meet legal obligations. Operational logs are kept for a limited period.
6. International transfers
Our edge infrastructure may process data in the EU and the United States. Where data leaves the EU, we rely on appropriate safeguards such as the EU Standard Contractual Clauses.
7. Your rights
Under the GDPR you may access, correct, delete, restrict, or port your data, object to certain processing, and withdraw consent. To exercise these rights, email support@pdfinvoiceapi.com. You also have the right to lodge a complaint with a supervisory authority — in the Netherlands, the Autoriteit Persoonsgegevens.
8. Cookies
We use only essential cookies required for authentication and session management. We do not use third-party advertising or cross-site tracking cookies.
9. Security
Data is encrypted in transit (TLS). API keys are stored only as salted hashes. We apply access controls and least-privilege practices. No system is perfectly secure, but we work to protect your data and will notify you of a breach affecting your personal data as required by law.
10. Children
The Service is not directed to anyone under 18, and we do not knowingly collect their data.
11. Changes
We may update this policy and will post the revised version with a new date; material changes will be communicated where practical.
12. Contact
Matfy — support@pdfinvoiceapi.com.