Privacy Policy

Last updated: February 2026

1. Introduction

LightningPDF ("we", "our", "us") operates the lightningpdf.dev website and API service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information: When you create an account, we collect your email address and a hashed version of your password. We never store plaintext passwords.

Usage Data: We collect information about your API usage, including the number of PDFs generated, file sizes, generation times, and which engine was used. This data is used to enforce plan limits and improve service quality.

PDF Content: When you use our API to generate PDFs, the HTML/Markdown content you submit is processed in memory to render the PDF. Content is not stored after generation unless you explicitly enable storage. Stored PDFs are automatically deleted according to your plan's retention period (1 hour for free, 7 days for Starter, 30 days for Pro/Business).

Payment Information: Payments are processed through Gumroad. We receive your subscription status and plan level from Gumroad but do not store credit card numbers or payment details on our servers.

Log Data: Our servers automatically log standard request information including IP addresses, request timestamps, HTTP methods, URLs, and response codes. Logs are retained for 30 days for security and debugging purposes.

3. How We Use Your Information

  • To provide and maintain the PDF generation service
  • To process your transactions and manage your subscription
  • To enforce usage limits and prevent abuse
  • To send essential service communications (billing, security alerts)
  • To improve our service performance and reliability

4. Third-Party Services

We use the following third-party services:

  • Turso (SQLite) — Database hosting for account and usage data
  • Garage (S3-compatible) — Object storage for stored PDF files
  • Gumroad — Payment processing for subscriptions
  • Redis — Job queue processing (self-hosted)

5. Data Retention

Account data is retained for the lifetime of your account. When you delete your account, all associated data (templates, API keys, generation history, stored PDFs) is permanently deleted. PDF content submitted for generation is processed in memory and discarded immediately after the PDF is returned, unless storage is explicitly enabled.

6. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (account deletion)
  • Export your data in a portable format
  • Object to or restrict processing of your data

To exercise these rights, contact us at privacy@lightningpdf.dev.

7. Cookies

We use essential cookies only: an HTTP-only access token cookie and a refresh token cookie for authentication, and a CSRF protection cookie. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

8. Security

We implement industry-standard security measures including HTTPS encryption, bcrypt password hashing, CSRF protection, rate limiting, and strict Content Security Policy headers. API keys are stored as SHA-256 hashes.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or by posting a notice on our website.

10. Contact

For privacy-related questions, contact us at privacy@lightningpdf.dev.