Summary: CobaltPDF is a developer tool. We collect only what we need to operate the service — your email when you purchase a licence, and basic analytics. We do not sell your data. We do not display ads.
1. Who We Are
Modus Squared Limited, trading as CobaltPDF ("we", "us", "our") provides an HTML-to-PDF rendering library for .NET developers. This Privacy Policy explains how we handle personal data collected through cobaltpdf.com and related services.
For any privacy-related enquiries, contact us at privacy@cobaltpdf.com.
2. Data We Collect
We collect the minimum data necessary to run the service:
- Purchase data — name, email address, and billing country when you buy a licence. Payment card details are handled entirely by our payment processor (Stripe) and never touch our servers.
- Licence usage — your licence key may make anonymous validation requests to our licence server to verify activation status. No render content is transmitted.
- Support communications — if you contact us by email, we retain the correspondence to resolve your query.
- Website analytics — we use privacy-respecting analytics (no cross-site tracking, no fingerprinting) to understand aggregate page traffic. No personally identifiable information is collected via analytics.
3. How We Use Your Data
- To fulfil your licence purchase and deliver your licence key
- To respond to support requests
- To send transactional emails (receipt, licence delivery, critical security notices)
- To detect and prevent fraud or abuse of the licence system
- To improve the website and documentation based on aggregate usage patterns
We do not use your data for advertising, profiling, or sell it to third parties under any circumstances.
4. Legal Basis for Processing (UK/EEA)
Where GDPR or UK GDPR applies, we rely on the following lawful bases:
- Contract — processing your purchase and delivering the licence key
- Legitimate interests — fraud prevention, security monitoring, and aggregate analytics
- Legal obligation — retaining transaction records as required by UK tax law
5. Cookies
We use only strictly necessary cookies required for the website to function (session management, CSRF protection). We do not use advertising, social-media, or non-essential tracking cookies.
If we add optional cookies in the future, we will request your consent beforehand.
6. Third-Party Services
- Stripe — payment processing. Stripe acts as a data processor under their own Privacy Policy. Your card details go directly to Stripe and are never stored by us.
- Email delivery — transactional emails are sent via a reputable email service provider solely for the purpose of delivering your licence and receipts.
We do not integrate Facebook Pixel, Google Ads, or any third-party advertising trackers.
7. Data Retention
- Purchase records — retained for 7 years to comply with UK tax legislation.
- Licence key metadata — retained for the duration of the licence, plus 1 year.
- Support emails — retained for 2 years after the last interaction.
- Analytics data — aggregate only; individual sessions are not retained beyond 90 days.
8. Your Rights
If you are based in the UK or EEA, you have the following rights under UK GDPR / GDPR:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — request deletion of your data where it is no longer necessary (subject to our legal retention obligations)
- Restriction — ask us to restrict processing in certain circumstances
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Complaints — lodge a complaint with the ICO (UK) or your local supervisory authority
To exercise any of these rights, email privacy@cobaltpdf.com. We will respond within 30 days.
9. Data Security
We use industry-standard security practices including TLS encryption in transit, limited access controls, and regular security reviews. In the event of a data breach that poses a risk to your rights, we will notify affected users and the relevant supervisory authority within 72 hours.
10. International Transfers
Our services are hosted in the UK and EEA. If any data is processed outside these regions (for example by a third-party processor), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms.
11. Children
CobaltPDF is a developer tool intended for adults. We do not knowingly collect data from anyone under the age of 16. If you believe a minor has submitted personal data to us, contact us and we will delete it promptly.
12. Changes to This Policy
We may update this policy from time to time. Material changes will be notified by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
13. Contact
For all privacy enquiries, write to us at privacy@cobaltpdf.com.