Privacy Policy

1. Who We Are

Modus Squared Limited, trading as CobaltPDF ("we", "us", "our") provides an HTML-to-PDF rendering library for .NET developers. This Privacy Policy explains how we handle personal data collected through cobaltpdf.com and related services.

For any privacy-related enquiries, contact us at privacy@cobaltpdf.com.

2. Data We Collect

We collect the minimum data necessary to run the service:

• Purchase data — name, email address, and billing country when you buy a licence. Payment card details are handled entirely by our payment processor (Stripe) and never touch our servers.
• Licence usage — your licence key may make anonymous validation requests to our licence server to verify activation status. No render content is transmitted.
• Support communications — if you contact us by email or via our live chat widget, we retain the correspondence to resolve your query.
• Live chat — if you use the live chat widget, we collect the name and email address you provide via the pre-chat form, along with your chat transcript. This data is processed by tawk.to on our behalf.
• Website analytics — we use Google Analytics 4 in cookieless mode (no analytics cookies are set) to understand aggregate page traffic. No personally identifiable information is collected via analytics and no cross-site tracking or fingerprinting is used.

3. How We Use Your Data

• To fulfil your licence purchase and deliver your licence key
• To respond to support requests
• To send transactional emails (receipt, licence delivery, critical security notices)
• To detect and prevent fraud or abuse of the licence system
• To improve the website and documentation based on aggregate usage patterns

We do not use your data for advertising, profiling, or sell it to third parties under any circumstances.

4. Legal Basis for Processing (UK/EEA)

Where GDPR or UK GDPR applies, we rely on the following lawful bases:

• Contract — processing your purchase and delivering the licence key
• Legitimate interests — fraud prevention, security monitoring, and aggregate analytics
• Legal obligation — retaining transaction records as required by UK tax law

5. Cookies

We use strictly necessary cookies required for the website to function (session management, CSRF protection). Google Analytics is loaded in cookieless mode and does not set any analytics cookies on your device.

Our live chat widget (tawk.to) sets cookies to manage your chat session and remember your preferences. These cookies are only set after you consent via the chat widget's consent form. tawk.to may set the following cookies:

• TawkConnectionTime — tracks connection time for the chat session
• __tawk_* — session and preference cookies used to maintain your chat state
• ss / _s_* — session storage identifiers for the chat widget

We do not use advertising, social-media, or non-essential tracking cookies beyond those described above.

For full details, see our Cookies Policy.

6. Third-Party Services

• Google Analytics — aggregate website analytics in cookieless mode. No analytics cookies are set and no personally identifiable information is collected. Data is processed under Google's Privacy Policy.
• Stripe — payment processing. Stripe acts as a data processor under their own Privacy Policy. Your card details go directly to Stripe and are never stored by us.
• Email delivery — transactional emails are sent via a reputable email service provider solely for the purpose of delivering your licence and receipts.
• tawk.to — live chat and support widget. tawk.to processes your name, email, and chat messages on our behalf to provide real-time support. Cookies are set only after you provide consent via the widget. Data is processed under tawk.to's Privacy Policy.

We do not integrate Facebook Pixel, Google Ads, or any third-party advertising trackers.

7. Data Retention

• Purchase records — retained for 7 years to comply with UK tax legislation.
• Licence key metadata — retained for the duration of the licence, plus 1 year.
• Support emails — retained for 2 years after the last interaction.
• Analytics data — aggregate only; individual sessions are not retained beyond 90 days.

8. Your Rights

If you are based in the UK or EEA, you have the following rights under UK GDPR / GDPR:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate data
• Erasure — request deletion of your data where it is no longer necessary (subject to our legal retention obligations)
• Restriction — ask us to restrict processing in certain circumstances
• Portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interests
• Complaints — lodge a complaint with the ICO (UK) or your local supervisory authority

To exercise any of these rights, email privacy@cobaltpdf.com. We will respond within 30 days.

9. Data Security

We use industry-standard security practices including TLS encryption in transit, limited access controls, and regular security reviews. In the event of a data breach that poses a risk to your rights, we will notify affected users and the relevant supervisory authority within 72 hours.

10. International Transfers

Our services are hosted in the UK and EEA. If any data is processed outside these regions (for example by a third-party processor), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms.

11. Children

CobaltPDF is a developer tool intended for adults. We do not knowingly collect data from anyone under the age of 16. If you believe a minor has submitted personal data to us, contact us and we will delete it promptly.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be notified by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

13. Contact

For all privacy enquiries, write to us at privacy@cobaltpdf.com.