Saltar al contenido

Privacy Policy

Last updated: 2026-05-20 · Effective immediately

ℹ️ Disponible solo en inglés. Esta es la versión jurídicamente vinculante.

This Privacy Policy explains how Pluma ("we", "us", "our") collects, uses, and protects personal data when you use our service. We are based in the European Union and Pluma is operated under EU and German law (BDSG).

1. Who we are

Controller: The data controller is the operator of this Pluma instance. Their full legal name, registered address and (where applicable) VAT identification number are listed in the Impressum.

Contact: [email protected] — for any data-protection question or to exercise your rights under GDPR.

2. What we collect

You give us

  • Account data: email, first and last name, salutation (optional), encrypted password (when not using OAuth), OAuth provider IDs (Google / Facebook), preferred language.
  • Workspace data: workspace name + slug, members, roles, API key labels, support ticket content.
  • Template data: PDFs you upload, field positions you draw, and the JSON inputs you send to the render API. This is your data — we treat it as confidential and process it only to provide the service.
  • Billing data: when you start a paid subscription or top up your render balance, our payment processor Stripe collects your billing address and, optionally, your VAT identification number — we are legally required to capture these to issue tax-compliant invoices (§14 UStG, EU VAT Directive). Card details are entered directly into Stripe and never reach our servers; we hold your Stripe customer ID, billing address, VAT ID and invoice metadata.

We collect automatically

  • Server logs (IP, user agent, request path) for security and debugging. Retained 30 days.
  • Render usage counts (per workspace, per month) for billing and quotas.
  • Audit logs for admin actions performed on your workspace.

3. Why we use it (legal basis)

  • Performance of contract (Art. 6(1)(b) GDPR): rendering PDFs, hosting templates, processing payments.
  • Legitimate interest (Art. 6(1)(f)): security logging, fraud prevention, product analytics if you consent.
  • Consent (Art. 6(1)(a)): non-essential cookies, marketing emails.
  • Legal obligation (Art. 6(1)(c)): keeping invoices for the tax-mandated retention period.

4. Where data lives

All Pluma application data — Postgres database and S3-compatible object storage — is hosted in the European Union (Frankfurt region). We use Stripe for payments; Stripe processes data globally and is bound by Standard Contractual Clauses where applicable.

5. Sub-processors

We use the following sub-processors. Each is contractually bound to GDPR-compliant processing.

  • Stripe Payments Europe, Ltd. (Dublin, Ireland) — payment processing, billing-address and VAT-ID collection, invoicing.
  • Hetzner Online GmbH — hosting (server, Postgres, object storage). EU only.
  • The transactional email provider the operator connects (Postmark, Mailgun, etc.) — email delivery. Configurable; defaults to direct SMTP in self-hosted deployments.
  • Sentry — error monitoring, used only when the operator enables it. Captures diagnostic data (stack traces, request context) when an error occurs.
  • Plausible Analytics — privacy-friendly, cookie-free usage statistics, used only when the operator enables it. No personal data, no cross-site tracking.

The current sub-processor list is available at any time on request.

6. How long we keep data

  • Account + workspace data: until you delete the workspace or your account.
  • Generated PDFs: streamed and not retained. Bulk job results: 7 days then deleted from object storage.
  • Audit logs: 12 months.
  • Server logs: 30 days.
  • Invoices: 10 years (German tax law).

7. Your rights under GDPR

  • Access (Art. 15): export everything we hold about you from the in-app Account page.
  • Rectification (Art. 16): edit your profile from the same page.
  • Erasure (Art. 17): request deletion from the Account page. We initiate a 30-day grace period (so you can cancel) then hard-delete the user and all dependent data.
  • Restriction (Art. 18) and Objection (Art. 21): contact [email protected].
  • Portability (Art. 20): the export is structured JSON.
  • Complaint (Art. 77): you may lodge a complaint with the supervisory authority in your EU member state.

8. Security

Data in transit is encrypted with TLS 1.2+. Passwords are hashed with bcrypt (12 rounds). API keys are stored as SHA-256 hashes (we cannot recover them; revocation only). Tenant data is partitioned with Postgres row-level security so cross-tenant reads are impossible at the database layer.

9. Cookies

See the dedicated Cookie Policy.

10. Changes

We will notify registered users by email when this policy materially changes. The "Last updated" date at the top reflects the most recent revision.