Privacy Policy

Effective Date: 10 April 2026

Your Markdown content and generated PDF file contents are processed locally in your browser during standard editing and export and are not stored on our servers.

This statement applies to the document content itself. Other account, payment, security, support, and usage records may still be processed as described below.

This Privacy Policy explains how MD2FILE processes personal data when you use the website, editor, PDF export tools, AI features, account features, payments, feedback tools, and optional third-party integrations.

1. Controller and Contact

If you have questions about this Privacy Policy or want to exercise your privacy rights, contact us at [email protected].

2. Data We Process

Account, authentication, and session data

If you create an account or sign in, we process data such as your email address, name, hashed password or OAuth account details, verification status, session records, session IP address, and user-agent data.

Security, rate-limiting, and abuse-prevention data

To protect the service, we process authenticated usage counters and rate-limit records. For guest users, we generate a pseudonymous fingerprint from request metadata to detect abuse and enforce limits. Although hashed, we treat this as personal data rather than fully anonymous data.

AI usage analytics

When AI features are used, we log service analytics such as request type, guest vs. registered status, user tier, token counts, error flags, and timestamps. These logs are designed not to include direct identifiers such as your name or email, but we still disclose them for transparency.

AI prompts and outputs when you enable sync or use AI tools

If you explicitly enable AI history sync, we store synced AI prompts, outputs, token counts, timestamps, and content hashes in your account history. Separately, when you use AI features, the relevant text or prompt content is sent to OpenAI to generate a response.

PDF export metadata

We log PDF export metadata such as file size, page count, character count, whether images, Mermaid diagrams, or LaTeX were present, processing time, and error codes. This metadata does not include the Markdown or PDF file contents themselves.

Feedback and support data

If you submit feedback, we process your name, email address if provided, message, optional file attachments, and related support records. The feedback form also uses Google reCAPTCHA v3 to reduce spam. We may retain submitted files and content for service improvement, troubleshooting, and internal analysis.

Payment and subscription data

If you subscribe to a paid plan, we process payment and subscription data through Stripe, including customer identifiers, subscription identifiers, status, billing period dates, and related invoice or payment metadata.

3. What We Do Not Store on Our Servers

During standard editor use and PDF export, we do not upload or store the contents of your Markdown document or the contents of the generated PDF on our servers.

This local-processing statement does not cover optional features that inherently involve remote processing, such as AI requests you submit, feedback submissions, account creation, payments, or third-party cloud integrations.

4. Legal Bases

  • Performance of a contract: to provide accounts, login, PDF export features, subscription services, and customer support.
  • Legitimate interests: to secure the service, prevent abuse, enforce rate limits, maintain service reliability, investigate incidents, and measure product usage at a service level.
  • Consent where required: for non-essential tracking technologies or similar tools where applicable law requires prior consent.
  • Legal obligations: where we must keep records for tax, accounting, fraud-prevention, or regulatory reasons.

5. Third-Party Recipients and Services

Depending on the features you use, we may share data with the following categories of third parties:

  • OpenAI: to process prompts and related content for AI features you choose to use.
  • Stripe: to process payments, subscriptions, invoices, and related billing events.
  • Google: for Google sign-in, reCAPTCHA, optional Google Drive integrations, and analytics or tag management where enabled.
  • GitHub: for GitHub sign-in and optional GitHub export integrations you configure.
  • Dropbox: for optional Dropbox export integrations you configure.
  • Resend: to send account, verification, password reset, and support-related emails.

6. International Transfers

Some of the providers listed above may process personal data outside your country, including outside the EEA or UK. Where this happens, we rely on the transfer mechanisms offered by those providers and applicable law, such as contractual safeguards or adequacy mechanisms where available.

7. Retention

  • Anonymous guest rate-limit records are currently kept for up to 7 days.
  • Authenticated AI usage counters and rate-limit logs are currently kept for up to 30 days where automatic cleanup applies.
  • Synced AI history is kept until you delete it, disable the feature and clear the history, delete your account, or we apply a shorter retention policy.
  • Feedback, account, payment, and PDF export metadata may be retained for as long as reasonably necessary for support, billing, security, product-improvement, legal, or record-keeping purposes unless a shorter retention period is stated or required by law.

8. Your Rights

Subject to applicable law, you may have the right to:

  • request access to your personal data;
  • request correction of inaccurate data;
  • request deletion of your personal data;
  • request portability of data you provided to us;
  • object to certain processing based on legitimate interests;
  • request restriction of processing in some situations; and
  • withdraw consent where processing is based on consent.

To make a privacy request, contact [email protected]. You may also have the right to lodge a complaint with your local data protection authority.

9. Security

We use reasonable technical and organizational measures to protect the data we process. No system can be guaranteed completely secure, but we aim to limit access, reduce unnecessary data collection, and keep sensitive document contents local to your device during standard editing and export.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date on this page.