Privacy Policy

Flint PDF is a General Software product, operated by Workshop Operations Ltd, a company registered in England and Wales (Company No. 14842982). We are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains what information we collect when you use Flint PDF, how we use it, and the rights you have in relation to it.

By using Flint PDF (the website at flintpdf.com, the web application, and any related services), you acknowledge that you have read and understood this Privacy Policy. We act as the data controller for the personal data described in this policy, except where Paddle acts as the merchant of record for payment processing (see Section 3).

1. Information We Collect

We collect minimal personal data and only where necessary. The categories of information we may collect include:

Information you provide directly

• Contact information — such as your email address, when you create a Flint account, request a sign-in link, or contact us for support.
• Documents you upload — when you upload a PDF for editing, conversion, signing, or storage, we hold the file in encrypted object storage so you can return to it in your account. Only you and people you explicitly share with (such as recipients of a signature request) can access your documents.
• eSignature data — when you send or sign a document via Flint eSign, we capture the recipients you address it to, their typed or drawn signatures, and an audit log of timestamp, IP address, browser, and device class at the time of signing.
• Purchase information — when you upgrade to Flint Pro, the transaction is processed by Paddle (see Section 3). We receive limited order information such as your name, email address, country, and plan entitlement, but we do not receive or store your payment card details.

Information collected automatically

• Website + app analytics data — we may collect anonymised or pseudonymised usage data when you visit flintpdf.com or use the app, such as pages visited, referring site, browser type, and general geographic region. See Section 4 for details.
• Server logs — standard request logs (IP, user agent, timestamp, URL) are kept on a short rolling window for security and abuse detection.

Information we do not collect

Many of Flint's editing tools (compress, merge, split, annotate, redact, edit text) run entirely in your browser. The bytes of the PDF you're working on are processed locally on your device, not sent to our servers, unless you choose to save the document to your account or use a feature that requires server-side processing (such as conversion to Word/Excel or the eSign request flow).

2. How We Use Your Information

We process personal data only where we have a lawful basis to do so. The purposes for which we use your information, and the corresponding legal bases under UK GDPR, are:

• Providing the Flint PDF service — storing your documents, delivering sign-in links, holding your editing history, and routing signature requests to recipients, to perform our contract with you.
• Providing customer support — to respond to your enquiries and resolve issues, based on our contractual obligations or your consent.
• Sending product updates or important notices — to inform you of critical updates, security patches, or changes to our terms, based on our legitimate interests in keeping customers informed.
• Improving Flint PDF — to understand how the product is used and to enhance the experience, based on our legitimate interests.
• Complying with legal obligations — to meet regulatory, tax, or legal reporting requirements.

We do not sell, rent, or trade your personal data to third parties for marketing purposes. We do not use the contents of your PDFs or signatures to train machine-learning models.

3. Payment Processing

All payments for Flint Pro are processed by Paddle.com Market Limited, which acts as the merchant of record for our transactions. This means Paddle — not Flint PDF or Workshop Operations Ltd — is responsible for processing your payment and handling associated billing data.

When you upgrade, Paddle collects and processes your payment information (such as credit card details, billing address, and transaction data) in accordance with their own privacy policy. We do not have access to your full payment card details at any time.

Paddle may share limited information with us to fulfil your order, including your name, email address, country, and transaction details. Paddle's handling of your data is governed by Paddle's Privacy Policy.

For questions about payment data, VAT, invoices, or refunds, you may contact Paddle directly or reach out to us and we will assist where possible.

4. Cookies & Analytics

Flint PDF uses cookies for the following purposes:

• Essential cookies — required for the app to function correctly, such as keeping you signed in and remembering your in-progress documents. These do not require consent.
• Analytics — we may use privacy-focused analytics tools to understand aggregate website and app usage patterns. Where analytics are used, we prefer tools that do not use personal identifiers or cross-site tracking, and we minimise data collection to what is necessary.

We do not use advertising cookies or tracking pixels. We do not participate in cross-site tracking or behavioural advertising networks.

You can control cookie preferences through your browser settings. Disabling essential cookies will sign you out of Flint PDF.

5. Data Storage & Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Use of encrypted connections (HTTPS/TLS) for all website and app traffic.
• Documents are stored in encrypted object storage with server-side encryption at rest.
• Restricted access to personal data on a need-to-know basis.
• Regular review of our data handling practices and security measures.

While we implement industry-standard protections, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security, but we are committed to protecting your data to the best of our ability.

6. Third-Party Services

We share limited personal data with the following categories of third-party service providers, solely to operate Flint PDF and deliver our services:

• Paddle — payment processing and merchant of record services (see Section 3).
• Resend — transactional email delivery for sign-in links, signature requests, and notifications.
• Cloudflare R2 — encrypted object storage for your uploaded PDFs and saved signatures.
• PlanetScale — managed MySQL database for account and document metadata.
• Vercel — hosting and CDN for the website and application.
• Analytics providers — to collect anonymised website usage data (see Section 4).

We require all third-party processors to handle your data in accordance with applicable data protection law and only for the purposes we specify. We do not sell or share personal data with third parties for their own marketing purposes.

Where data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions recognised by the UK government.

7. Your Rights

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights in relation to your personal data:

• Right of access — you can request a copy of the personal data we hold about you.
• Right to rectification — you can ask us to correct any inaccurate or incomplete data.
• Right to erasure — you can request that we delete your personal data, subject to any legal obligations requiring us to retain it.
• Right to restrict processing — you can ask us to limit how we use your data in certain circumstances.
• Right to data portability — you can request that we provide your data in a structured, commonly used, machine-readable format.
• Right to object — you can object to our processing of your data where we rely on legitimate interests as the legal basis.
• Right to withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at hello@general.software. We will respond to your request within one month, as required by law.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. You can contact the ICO at ico.org.uk.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention practices are:

• Account and document data — retained for as long as your account is active. If you delete a document or your account, we remove the associated bytes and metadata within 30 days, subject to any legal obligations requiring us to retain certain records.
• Signature request audit logs — retained for the duration of the signed document's lifetime in your account, so the audit trail stays attached to the signed PDF.
• Purchase records — retained for up to 7 years after the transaction, as may be required for tax and accounting purposes.
• Support correspondence — retained for up to 2 years after the last interaction, unless a longer period is required to resolve an ongoing matter.
• Analytics data — aggregated and anonymised data may be retained indefinitely. Any identifiable analytics data is deleted or anonymised within 26 months.

When personal data is no longer needed, we securely delete or anonymise it.

9. Children's Privacy

Flint PDF is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us at hello@general.software and we will take steps to delete such information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the “Last updated” date at the top of this page.

We encourage you to review this page periodically. Continued use of Flint PDF after changes are posted constitutes your acceptance of the revised policy.

11. Contact

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

• Email: hello@general.software
• Entity: Workshop Operations Ltd, trading as General Software
• Product: Flint PDF
• Company No.: 14842982 (England and Wales)