PDF Generator API

Your trust is our priority

Your Data, Protected and Secure

We are committed to delivering a top-of-the-class service by making security the core of our operations. PDF Generator API follows the best security practices to ensure your data is always protected. We empower our customers to build with confidence, backed by our ISO 27001 certification, full HIPAA compliance for healthcare applications, and strict adherence to GDPR regulations.

  • ISO 27001 Certification: Our Information Security Management System (ISMS) is certified against this globally recognized gold standard.

  • HIPAA Compliance: We meet the stringent data privacy and security requirements of the Health Insurance Portability and Accountability Act.

  • GDPR Compliance: We are fully compliant with the EU's General Data Protection Regulation, safeguarding the data rights of users across Europe.

Data Protection

All connections are established through secure and encrypted SSL channels (using the HTTPS protocol). Our SSL certificates utilise the strong signature algorithm SHA256withRSA, and we support only TLS 1.2 and 1.3 connections. Qualys SSL Labs rates our infrastructure setup with an A grade.

The Data at rest is either stored in Amazon Relational Database Service (RDS) or Amazon Web Services Simple Storage Service (S3). The PDF Generator API leverages data security solutions provided by Amazon RDS and S3 to ensure data security at rest. RDS and S3 provide data encryption with automated backups, read replicas, and snapshots.

We don’t store any data used to generate the document or the generated document itself. The PDF Generator API only stores the document template structure and any static content added to the template. The log files never contain the data you send via API to generate your documents.

data protection

Data Processing

We are committed to international compliance with data protection and processing laws. Legally speaking, PDF Generator API is a data processor that processes data on behalf of the Customer. The Customer is the data controller. PDF Generator API agrees to process Personal Data received under the Data Processing Agreement only for the purposes outlined in the Data Processing Agreement. All user data is deleted as soon as possible.

The Data Processing Agreement ensures an adequate level of data protection as prescribed by relevant legal frameworks, including in countries that do not yet have adequate data protection laws. A separate Data Processing Agreement may be signed for Enterprise Deployments to cover customers’ specific data processing requirements.

We are committed to GDPR compliance across our services. Our infrastructure provider, Amazon Web Services, complies with the European Union’s General Data Protection Regulations and is part of the EU-US Data Privacy Framework. We also provide custom deployments in European regions provided by Amazon Web Services to help you achieve even higher standards of security.

data processing

Authentication

We provide an option to authenticate using a username and password, as well as a Google or GitHub account. All options offer multi-factor authentication to add an extra layer of security to your account. We use JSON Web Tokens (JWT) to provide a method to establish secure server-to-server authentication by transferring a compact JSON object with a signed payload of your account’s API Key and Secret. JSON Web Tokens (JWTs) are an open, industry-standard method, as defined in RFC 7519, for securely representing claims between two parties. The JSON Web Token should be generated uniquely by a server-side application and included as a Bearer Token in the header of each request to ensure that malicious parties do not reuse tokens.

authentication

Disaster Recovery

We utilise declarative continuous delivery and ArgoCD, along with Kubernetes and Docker Images, to deploy and manage the application within the Amazon Web Services infrastructure. The PDF Generator API is deployed in at least two different Amazon Web Services Availability Zones. It uses autoscaling to ensure that problematic instances are shut down and new instances are automatically provisioned when application load increases.

We use Terraform and infrastructure as code to manage and provision data centres, which allows us to take action quickly in disaster situations. This means that it is possible to deploy the entire infrastructure in another Amazon Web Services region within 4 hours.

disaster recovery

Why did Bigbank decide to implement PDF Generator API?

“As a bank, we operate in a highly regulated environment with especially high attention to customer data protection. As an example, it was a requirement for us not to have the service process customer data outside of the European Economic Area, which the PDF Generator API was able to meet by setting up a dedicated deployment for us.”

Keit Adamson, Head of Architecture, Bigbank
How Bigbank automated their document generation ›

Bigbank-Keit-Adamson-PDF-Generator-API

We are here to help you automate your Document Generation

Meet Michal Líška. He is our pre-sales engineer and knows our service inside out. He can answer any questions that you might have about implementing the PDF Generator API or document automation in general.
Michal Liska