Data Security & Privacy

We are committed to international compliance with data protection and processing laws. Legally speaking, PDF Generator API is a data processor that processes data on behalf of the Customer. The Customer is the data controller. PDF Generator API agrees to process Personal Data received under the Data Processing Agreement only for the purposes set forth in the Data Processing Agreement. All user data is deleted as soon as possible.

The Data Processing Agreement ensures an adequate level of data protection as prescribed by relevant legal frameworks, including in countries that do not yet have adequate data protection laws. A separate Data Processing Agreement may be signed for Enterprise Deployments to cover customers’ specific data processing requirements.

We are committed to GDPR compliance across our services. Our infrastructure provider, Amazon Web Services, complies with the European Union’s General Data Protection Regulations and is part of the EU-US Data Privacy Framework. We also provide custom deployments in European regions provided by Amazon Web Services to help you achieve even higher standards of security.

All connections are established through secure and encrypted SSL channels (HTTPS protocol). Our SSL Certificates use the strong signature algorithm SHA256withRSA, and we support only TLS 1.2 connection. Qualys SSL Labs rates our infrastructure setup with grade A.

The Data at rest is either stored in Amazon Relational Database Service (RDS) or Amazon Web Services Simple Storage Service (S3). PDF Generator API takes advantage of data security solutions provided by Amazon RDS and S3 to provide data security at rest. RDS and S3 provide data encryption with automated backups, read replicas, and snapshots.

We don’t store any data used to generate the document or the generated document itself. PDF Generator API only stores the document template structure and any static content added to the template. The log files never contain the data you send via API to generate your documents.

We provide an option to authenticate using with username and password, Google or GitHub account. All options offer multi-factor authentication to add an extra security layer to your account. The authentication service layer is provided by Auth0 and complies with the highest security standards.

We use JSON Web Tokens (JWT) to offer a method to establish secure server-to-server authentication by transferring a compact JSON object with a signed payload of your account’s API Key and Secret. JSON Web Tokens are an open, industry-standard RFC 7519 method for representing claims securely between two parties. The JSON Web Token should be generated uniquely by a server-side application and included as a Bearer Token in the header of each request to ensure that malicious parties do not re-use tokens.

We use declarative continuous delivery and ArgoCD, Kubernetes and Docker Images to deploy and manage the application in the Amazon Web Services infrastructure. PDF Generator API is deployed at least in two different Amazon Web Services Availability Zones and uses autoscaling to ensure that problematic instances are shut down and new instances are automatically provisioned when application load increases.

We use Terraform and infrastructure as code to manage and provision data centres which allow us quickly take action in disaster situations. This means that it is possible to deploy the entire infrastructure in another Amazon Web Services region within 4 hours.