Documents for procurement and security review
What B2B buyers, security teams and DPOs typically need to clear gPdf for production: the security posture, the privacy policy, a signable DPA, and the SLA. Each document includes a one-paragraph summary above the prose so reviewers can decide quickly whether they need the full text.
-
Security at gPdf
gPdf renders PDFs inside Cloudflare Workers V8 isolates with no document persistence after the request. All API traffic is TLS 1.3. SOC 2 Type II audit is scheduled for Q3 2026. Vulnerability reports go via the contact form on this page.
-
Privacy policy
gPdf collects the minimum personal data needed to operate the service — account email, API key activity logs, billing details. We do not store the contents of PDFs you generate or the JSON you submit. We do not sell or share customer data. EU data subjects can exercise their GDPR rights via the contact form on this page.
-
Data Processing Addendum
gPdf acts as a data processor on behalf of customers under GDPR Article 28. The customer is the controller. The DPA covers SCCs for international transfers, breach notification within 72 hours, sub-processor flow-down terms, and end-of-engagement data deletion.
-
Service Level Agreement
Paid gPdf plans have a 99.9 % monthly uptime target; Enterprise plans have 99.95 %. Downtime that breaches the target generates service credits per the table on this page. Critical-severity tickets are responded to within 1 hour on Enterprise, 4 hours on Pro.