Data Retention Policy
Last Updated and Effective Date: February 2026
Operated By: Fikirizma Media (Antalya, TĂĽrkiye)
Website: www.freepdf.co
Contact Email: [email protected]
This Data Retention Policy outlines the specific operational timeframes and protocols Fikirizma Media (“Company”, “we”, “us”, or “our”) follows regarding the retention, archiving, and deletion of personal data and digital files collected through the www.freepdf.co website and its document processing tools (the “Service”).
This Policy is designed to comply with international data minimization principles, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Turkish Personal Data Protection Law (KVKK). Our core philosophy is to retain data only for as long as is strictly necessary to provide the Service, ensure system security, and comply with legal obligations.
1. User Content (Uploaded Files & Processed Outputs)
Retention Period: Maximum 24 Hours.
Security and absolute privacy are the foundations of FreePDF. We operate a strict ephemeral storage architecture.
- The 24-Hour Rule: Any document, image, or file you upload to our servers for processing (as well as the resulting converted, merged, or edited output file) is stored temporarily in highly secure, encrypted cloud buckets (Cloudflare R2). These files are automatically, permanently, and irreversibly deleted no later than 24 hours after the initial upload.
- No Backups: Due to this strict automated purge cycle, we do not create, maintain, or store historical backups of your files. Once the 24-hour window expires (or if you manually delete the file via the UI before expiration), the document cannot be recovered under any circumstances.
2. Account and Profile Data
Retention Period: For the duration of the active account, plus 30 days upon deletion.
If you register for a Free or Pro account, we retain your basic profile information (e.g., email address, hashed password, name, language preference) to authenticate you and provide continuous access to your dashboard.
- Account Deletion: If you choose to delete your account via your account settings, your profile data will be permanently purged from our active PostgreSQL databases within thirty (30) days.
- Inactive Accounts: We reserve the right to delete free accounts that have been completely inactive (no logins) for a continuous period of twenty-four (24) months.
3. Billing and Financial Records
Retention Period: Up to 10 Years (as required by law).
Our Merchant of Record, Paddle.com, handles all actual payment processing and stores your sensitive credit card data. Fikirizma Media only retains billing metadata (e.g., subscription status, order IDs, date of purchase, amount paid, and country of residence) necessary to grant you Pro access and respond to support tickets.
Legal Obligation: Even if you delete your FreePDF account, we (and Paddle) are legally mandated by international tax, accounting, and anti-money laundering (AML) laws to retain transactional metadata and invoices for a period ranging from seven (7) to ten (10) years. This data is kept strictly for audit and compliance purposes and cannot be erased upon request.
4. Server Logs and Security Data
Retention Period: 30 to 90 Days.
To ensure the security, stability, and performance of our Hetzner servers and Cloudflare network, we collect automated system logs (including IP addresses, browser user agents, and request timestamps).
- Purpose: This data is used exclusively to track API rate limits, prevent DDoS attacks, identify bugs, and detect fraudulent attempts to bypass our daily free-tier limits.
- Deletion: Routine server logs are automatically rotated and permanently overwritten or deleted every 30 to 90 days, unless a specific log is required as evidence for an ongoing security investigation or legal dispute.
5. Analytics Data (Google Analytics)
Retention Period: 14 Months.
We use Google Analytics 4 (GA4) to understand aggregated user behavior and improve our UI/UX. The data collected by GA4 is anonymized. We have configured our Google Analytics data retention settings to automatically delete user-level and event-level data after fourteen (14) months.
6. Exceptions and Legal Holds
Notwithstanding the retention periods outlined above, Fikirizma Media reserves the right to preserve and retain any User Content, Account Data, or Server Logs indefinitely under the following exceptional circumstances:
- Law Enforcement Requests: Upon receipt of a valid subpoena, court order, or official request from recognized law enforcement agencies (e.g., Interpol, FBI, Turkish National Police).
- CSAM Detection: If our automated systems detect the upload of Child Sexual Abuse Material (CSAM), the associated files and IP metadata will be preserved in an isolated, secure vault and immediately forwarded to the National Center for Missing & Exploited Children (NCMEC) and relevant authorities.
- Legal Disputes: To defend Fikirizma Media against legal claims, enforce our Terms of Service, or investigate severe violations of our Acceptable Use Policy (e.g., massive bot attacks or payment fraud).
7. Exercising Your Right to Erasure
If you wish to exercise your “Right to be Forgotten” under the GDPR or CCPA, you may delete your account directly from your dashboard or submit a formal request to [email protected]. We will process your deletion request within 30 days, applying the rules and legal exceptions detailed in this Policy.