Compliance

Compliance overview

GDPR posture, PDF standard conformance, licensing terms, and audit status — in one place.

GDPR

No telemetry

PDFluent collects no usage data, crash reports, or analytics. There are no tracking libraries in the SDK.

Data stays on your machine

PDFs are processed entirely within your own process. Document content is never sent to an external server.

Minimal license validation

License key validation sends only a key hash to a validation endpoint — no document metadata, no file paths, no user data.

No sub-processors for document data

PDFluent has no sub-processors that receive document content. Your data processing agreements cover only your own infrastructure.

PDF standard compliance

PDFluent validates and converts to the following ISO-standardised PDF profiles.

StandardDescriptionStatus
PDF/A-1bISO 19005-1 Level B conformance. Long-term archiving baseline.Supported
PDF/A-2bISO 19005-2 Level B. Adds JPEG 2000, transparency, and attachments.Supported
PDF/A-3bISO 19005-3 Level B. Allows arbitrary embedded files.Supported
PDF/UA-1ISO 14289-1. Universal accessibility — tagged PDF, reading order, alt text.Supported
PDF/X-3ISO 15930-3. Graphic exchange for print production.Roadmap
PDF/A-4ISO 19005-4. Latest archiving standard.Roadmap

Licensing

Commercial license

PDFluent requires a commercial license for production use. The license is per-developer and grants unlimited deployments within the licensed entity. No per-document or per-API-call fees.

Full license terms

No GPL dependencies

PDFluent has no GPL or LGPL dependencies. Embedding it in a proprietary product does not trigger copyleft requirements. All dependencies are MIT or Apache-2.0 licensed.

SOC 2

Not yet audited

A SOC 2 Type II audit is on the PDFluent roadmap. Given that PDFluent processes documents locally with no cloud data pipeline, the audit scope is limited. Enterprise customers with specific compliance requirements can find more information on the pricing page or reach out via email.