Privacy Policy
Last updated: 9 February 2025
Curble Pty Ltd, trading as LunarPDF (“we”, “us”, or “our”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our web-based PDF editing service at lunarpdf.com (“the Service”).
1. Information We Collect
1.1 Information You Provide
- Account information — Name, email address, and password when you register for an account.
- OAuth data — If you sign in with Google or GitHub, we receive your name, email address, and profile picture from those providers. We do not receive or store your passwords from these services.
- Payment information — When you make a purchase, your payment details are processed directly by Stripe. We do not store your credit card number, CVC, or full card details on our servers. We receive a Stripe customer ID and basic transaction metadata (amount, date, status).
- Documents — PDF files and other documents you upload to the Service for editing, signing, or conversion.
- Signatures — Digital signatures you create (drawn, typed, or uploaded) for use in the Service.
1.2 Information Collected Automatically
- Usage data — Pages visited, features used, and actions taken within the Service.
- Device information — Browser type, operating system, and screen resolution.
- IP address — Collected for security, fraud prevention, and audit logging purposes.
- Cookies — We use essential cookies to maintain your session and authentication state. We do not use third-party advertising or tracking cookies.
2. How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service.
- Process payments and manage your subscription.
- Send transactional emails (account verification, password reset, payment receipts).
- Store and process your documents as instructed by you.
- Detect and prevent fraud, abuse, and security incidents.
- Comply with legal obligations.
We will never use your uploaded documents to train machine learning models, sell to third parties, or use for any purpose beyond providing the Service to you.
3. How We Share Your Information
We do not sell your personal information. We share data only with the following service providers, strictly for the purposes of operating the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, payment details |
| Amazon Web Services (S3) | Document storage | Uploaded documents |
| Neon | Database hosting | Account data, metadata |
| Upstash | Rate limiting and caching | Anonymous usage counts |
| Resend | Transactional email | Email address, name |
| Vercel | Application hosting | Request logs, IP address |
We may also disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4. Document Security
Your documents are important to us. We protect them with the following measures:
- All documents are stored in AWS S3 with server-side encryption (AES-256) at rest.
- All data transmitted between your browser and our servers is encrypted using TLS 1.2+.
- Documents are isolated per user — no other user can access your files without an explicit share link.
- Presigned URLs for file access expire after a short period and cannot be reused.
- We do not read, analyse, or process your document contents for any purpose beyond providing the specific feature you requested.
5. Data Retention
- Account data — Retained while your account is active. Deleted within 30 days of account closure.
- Documents — Retained while your account is active. If your account is inactive for 12 months, we will notify you before deletion.
- Payment records — Retained for 7 years as required by tax and financial regulations.
- Audit logs — Retained for 12 months for security purposes.
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — Request a copy of the personal data we hold about you.
- Correction — Request correction of inaccurate or incomplete data.
- Deletion — Request deletion of your personal data. You can delete your account at any time from your settings page.
- Export — Download your documents at any time from the Service.
- Objection — Object to certain types of processing of your personal data.
To exercise any of these rights, contact us at support@lunarpdf.com. We will respond within 30 days.
7. Cookies
We use only essential cookies required for the Service to function:
- Session cookie — Maintains your authenticated session. Expires when you sign out or after 30 days.
- CSRF token — Prevents cross-site request forgery attacks. Expires per session.
We do not use advertising cookies, analytics cookies, or third-party tracking cookies.
8. International Data Transfers
Our infrastructure is hosted in the Asia-Pacific region (Sydney, Australia) via AWS and Vercel. Some of our service providers (Stripe, Resend) may process data in the United States. Where data is transferred internationally, we ensure appropriate safeguards are in place, including the use of Standard Contractual Clauses where applicable.
9. Children's Privacy
The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service at least 14 days before the changes take effect. The “Last updated” date at the top of this page indicates when the policy was last revised.
11. Contact Us
If you have questions about this Privacy Policy or how we handle your data, please contact us at:
Curble Pty Ltd (trading as LunarPDF)
Victoria, Australia
Email: support@lunarpdf.com
Related Policies