BackPDFBase

Compliance

GDPR & Data Processing

Last updated: 10 June 2026

PDFBase is operated by The Verified Group Ltd and is designed for compliance with the UK GDPR and the EU GDPR. This page summarises how we handle personal data and the rights of data subjects.

1. Roles

For customer business data uploaded to the Service, you are the data controller and PDFBase is the data processor. For account information (e.g. your name, email, billing details) we act as controller.

2. Lawful basis

  • Contract: processing required to deliver the Service.
  • Legitimate interests: securing the Service, fraud prevention, product improvement using aggregated, non-identifiable data.
  • Consent: marketing communications and non-essential cookies.

3. Data we process

  • Account data: name, email, organisation, billing details.
  • Uploaded content: images, documents and extracted records.
  • Operational telemetry: log data, request metadata, error reports.

4. Sub-processors

We use a small number of vetted infrastructure providers (cloud hosting, database, AI inference, email). A current list is available on request to hello@snaptobase.com.

5. International transfers

Where personal data is transferred outside the UK or EEA, transfers are protected by Standard Contractual Clauses and the UK International Data Transfer Addendum where applicable.

6. Retention

We retain uploaded content for as long as your account is active or as required to provide the Service. You can export and delete content at any time. Backups are rotated on a 30-day cycle.

7. Data subject rights

You have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase data ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability — export your records.
  • Lodge a complaint with the UK ICO at ico.org.uk.

8. Data Processing Agreement

A signed DPA is available for business customers. Email hello@snaptobase.com to request one.

9. Security

Data in transit is encrypted (TLS 1.2+). Data at rest is encrypted at the infrastructure level. Database access is restricted to server-side service roles; the public API requires authentication and is governed by row-level security policies.

10. Contact

Privacy enquiries: hello@snaptobase.com.

The Verified Group Ltd trading as PDFBase. Registered in England & Wales. Contact: hello@snaptobase.com.