Privacy policy

Last updated: 2026-05-08.

This document explains in detail what PDF Watermark does with your information when you use the tool. It is written in plain language, without unnecessary jargon, so you can understand it even if you are not an expert in privacy or digital law.

If you only have thirty seconds to read it, take this away: your files never leave your computer. The tool runs inside your browser; it does not send your PDFs or images to any server. The page may measure visits with Google Analytics, but only if you explicitly accept it in the cookie banner.

1. Quick summary

PDF Watermark is a static web page. That means that, when you open the address in your browser, your browser downloads a few text files (HTML, CSS and JavaScript) and, from that moment on, all the work happens on your own device. The watermark is applied with your computer's processor and memory, just like opening a spreadsheet locally.

In practice, this means three things:

Your files do not travel across the Internet to anywhere.
No one on the other side can see what you are processing.
You could even disconnect from the Internet after loading the page and the tool would keep working.

2. Data controller

The project is published as open source software and offered as is, without commercial warranties. The page is served via a professional hosting provider (Cloudflare Pages or an equivalent with European infrastructure), which is responsible for the delivery of the site.

If you need to contact us to exercise data protection rights, the usual channels are the project's public GitHub repository (via an issue or a message to the maintainers) and the supervisory authority cited below. As you will see in the following sections, under normal circumstances we do not have identifiable information about you that we could consult, modify or delete.

3. What data we process

In the context of this page, the only data that exists and is relevant to data protection regulations is as follows:

Hosting operational logs. When your browser requests the page, the hosting provider technically records the request: your IP address, the user-agent (the string identifying your browser and operating system), the path you requested and the timestamp. These records are what allow the page to be served, attacks to be detected, abuse to be mitigated and the availability of the service to be maintained. They are common to any website served over the Internet.
Configuration saved on your own device. If you allow it, the tool saves your latest watermark configuration in your browser's localStorage: text, size, color, opacity, rotation, pattern and typeface. That configuration never reaches any server; it stays on your device and you can delete it at any time using the «Clear saved configuration» button in the interface, or from your browser's storage tools.
Aggregated visit metrics if you accept cookies. If you click «Accept» on the cookie banner, Google Analytics 4 is loaded, recording aggregated information about the visit. The specific details are developed in section 5.

4. What data we DO NOT process

Due to the static nature of the site and explicit design choice, there is a series of data that is not collected, not stored and not shared with anyone. In particular:

The PDF, PNG, JPG or WebP files you load into the tool. They are never uploaded.
The visible or textual content of those files.
File names, sizes or metadata.
Advertising or third-party cookies to cross-track your activity across sites.
Advertising identifiers or browser fingerprints.
Biometric data, precise geolocation or any connected device data.
Heatmaps, session recordings or screen replays.

5. Google Analytics and consent

This page uses Google Analytics 4 to understand how the tool is used and improve it: which pages are visited, which browsers are common, where traffic comes from. Only that way can we know whether the changes we make help anyone or whether some areas are broken.

The Google Analytics script is loaded as soon as you enter the page, but configured in «consent denied» mode by default following the Google Consent Mode v2 standard. That means that, until you accept the banner, Google receives no identifiers, installs no persistent cookies and only emits minimal anonymous signals (called cookieless pings) that do not allow your activity to be reconstructed or linked to a previous visit. When you click «Accept», consent is updated to «granted» and from then on Google records the full visit with cookies and events. If you decline, the script is still there but sends nothing relevant.

This way of loading Google Analytics is the one Google itself recommends and the one that European regulators accept as a basis for site verification in Google Search Console and Consent Mode integrity to work without penalising those who say no.

If you accept, Google Analytics collects:

Visits and page views (relative URL, without sensitive parameters).
Approximate country, derived from your IP (the full IP is not stored).
Device type and browser.
Time on site and aggregated interaction events with the interface.

What is never sent to Google Analytics, even if you accept:

The content of your files.
Names, sizes or metadata of the files you process.
The text you type as a watermark.
Any other data that could personally identify you.

If you accept, Google installs two cookies in your browser, _ga and _ga_<ID>, with a typical lifespan of 24 months. They are measurement cookies, not advertising: they distinguish unique visitors, not profile or target you.

International transfer. Google Analytics is operated by Google LLC, headquartered in the United States. This implies a transfer of your measurement data to a country outside the European Economic Area. The transfer relies on the standard contractual clauses approved by the European Commission (Implementing Decision 2021/914) and, additionally, the EU-U.S. Data Privacy Framework, of which Google is a participating entity.

How to revoke consent. You can change your mind at any time. Click the «Cookie settings» link in the footer and decline. From that moment on, Google Analytics will stop recording your activity in this and future sessions. You can also delete the _ga and _ga_<ID> cookies from your browser tools to remove the visitor identifier.

6. How it works technically

The full flow, step by step, is as follows:

You visit the page address. The hosting provider sends you the HTML, CSS and JavaScript needed for the tool to work. That request remains in the operational logs described in section 3.
Your browser renders the page and loads the libraries that run locally. From there, no further requests are made to our servers or third parties, except to Google Analytics if you accepted the cookie banner.
When you drag a file or select it from your disk, that file is loaded directly into your browser's memory as a Blob. It is not uploaded anywhere.
The watermark is computed and applied using standard browser APIs (Canvas for images and the pdf-lib library, executed locally, for PDFs). All processing happens inside the tab.
The resulting file is downloaded directly to your disk via a browser download. The tool does not send or keep a copy.

Two completely separate flows. The file never crosses the boundary of your browser. Analytics do, but only if you have accepted.

If you open your browser's developer tools on the «Network» tab and process a file, you will see that after the initial page load, no network request is made to process your documents. If you accepted the cookie banner, you will see occasional requests to www.google-analytics.com with the aggregated information from section 5.

7. Legal basis for processing

The processing of operational logs described in section 3 relies on the legitimate interest of the hosting provider and the project, set out in article 6.1.f of Regulation (EU) 2016/679 (GDPR), to ensure secure operation of the service, prevent abuse and allow content delivery to the people who request it.

Processing through Google Analytics is based on your express consent (article 6.1.a of GDPR and article 22.2 of the Spanish LSSI) provided when clicking «Accept» on the cookie banner. Without that consent, there is no processing.

Storage of the configuration in your browser's localStorage does not require additional legal basis because it occurs entirely on your device and under your control.

8. Retention periods

The hosting provider's operational logs are retained according to the provider's internal policies, which typically range from a few days to a few weeks. They are then automatically deleted.

Data sent to Google Analytics is retained according to service configuration (by default, 14 months for event-level data). The _ga cookies have a lifetime of 24 months unless you delete them earlier.

Configuration saved in localStorage remains in your browser until you decide to delete it.

9. International transfers

The hosting provider used operates on infrastructure with a presence in Europe. Content delivery is performed from nodes near your location, minimising data transfer to third countries with respect to hosting.

If you accept Google Analytics, measurement data is transferred to Google LLC in the United States. That transfer relies on the standard contractual clauses of the European Commission and the EU-U.S. Data Privacy Framework, as detailed in section 5.

10. Cookies and similar technologies

What this page stores in your browser, grouped by technology:

pdf-watermark-consent (localStorage). Stores your banner choice («accepted» or «rejected»). It is not strictly a cookie but a local storage entry. It remains indefinitely until you or your browser clear it. It is never sent to any server.
watermark.config.v1 (localStorage). Stores the latest watermark configuration you used. Never leaves your device.
Google Analytics cookies. Only if you accepted.
- _ga: distinguishes unique visitors. Lifetime: 24 months.
- _ga_<ID>: GA4 session state. Lifetime: 24 months.
These are measurement cookies, not advertising.

If you decline the banner, no Google cookies are installed and the Google Analytics script is not loaded at all.

11. Minors

The tool is not specifically directed at minors, nor does it deliberately collect data from minors. Since no personal data is requested to use it, its use by minors does not entail collection of identifying information on our part.

12. Rights as a data subject

As with any processing covered by the GDPR, you have the rights of access, rectification, deletion, opposition, restriction of processing and portability. You can exercise them in relation to the data we actually process.

For data sent to Google Analytics, you can also exercise your rights directly with Google, which acts as processor or co-controller depending on service configuration. The fastest way to stop processing is to revoke consent from the «Cookie settings» button in the footer.

13. Supervisory authority

If, after reading this policy, you believe that any processing does not comply with the GDPR or Spanish data protection legislation, you can lodge a complaint with the Spanish Data Protection Agency (AEPD): aepd.es. It is the competent authority in Spain and provides public procedures for filing complaints free of charge.

14. Changes to this policy

Any substantive change to this policy will be published on this same page, with the new version date in the document header. The policy in force at any given time is the one published here. Since the project's source code is open, the change history can also be reviewed in the public repository.

Back to home