PDF Lock

1. Data controller

HiveIntel GmbH
Rosenthaler Str. 72A
10119 Berlin, Germany
Email: contact@hiveintel.de
Impressum (legal notice)

2. Who may use this service

Access is restricted to Microsoft accounts belonging to HiveIntel only (single-tenant sign-in). We do not offer public registration.

3. What data we process

• Account data (from Microsoft Entra ID): display name, work email address, and an internal Microsoft user identifier. We use this only to confirm your identity and show who is signed in.
• PDF files: uploaded temporarily in server memory to apply password protection. Content is not stored, indexed, or used for any purpose other than producing your download.
• Technical data: our web server may record IP address, browser type, and request timestamps in access logs for security and troubleshooting (typically retained according to server log rotation).
• Cookies: see Section 6 below.

We do not use analytics, advertising, profiling, or sell personal data.

4. Purposes and legal bases (GDPR Art. 6)

• Provide the PDF lock service — performance of a service you request (Art. 6(1)(b)).
• Authentication — performance of the service and legitimate interest in securing access to organization-only tooling (Art. 6(1)(b) and Art. 6(1)(f)).
• Essential cookies — your consent where required by ePrivacy rules (Art. 6(1)(a)); strictly necessary session cookies may also rely on Art. 6(1)(b) where they are required to deliver the service you request.
• Security & abuse prevention — legitimate interest in protecting our systems (Art. 6(1)(f)), including rate limiting.

5. Retention & log policy

• PDF uploads: deleted immediately after your download is sent (seconds). Not written to disk persistently.
• Session cookie: until you sign out or close your browser (max. 8 hours).
• cookie_consent: 12 months, or until you reset your choice via cookie settings.
• Apache web server logs (access and error logs, including IP address, request URL, timestamp, User-Agent): rotated daily and retained for up to 14 days, then deleted or compressed per server logrotate policy. Purpose: security, abuse prevention, and troubleshooting (Art. 6(1)(f) GDPR).
• Application logs (Docker container stdout/stderr, e.g. failed login or qpdf errors without PDF content): retained for up to 14 days on the hosting server, then rotated. No PDF file content or passwords are logged.
• Rate-limit counters: held in application memory only; not persisted to disk; reset on container restart.

We do not maintain a separate database of user activity or uploaded documents.

6. Cookies

Name	Purpose	Duration
cookie_consent	Stores your accept/reject choice	12 months
session	Keeps you signed in after Microsoft authentication	Session / max. 8 h

No third-party marketing or tracking cookies are used. You may withdraw cookie consent at any time via cookie settings; rejecting cookies means you cannot sign in.

7. Processors & international transfers

We use Microsoft Entra ID (Microsoft Corporation) for authentication. Microsoft processes sign-in data under its own terms and may transfer data outside the EEA. See Microsoft’s privacy documentation and your organization’s Microsoft agreement.

Hosting is on our infrastructure. PDF content is not sent to third parties except as required to operate Microsoft sign-in.

8. Your rights (GDPR)

If you are in the UK or EEA, you may have the right to:

• Access personal data we hold about you
• Rectification of inaccurate data
• Erasure (“right to be forgotten”) where applicable
• Restrict or object to certain processing
• Data portability where applicable
• Withdraw consent at any time (without affecting prior lawful processing)
• Lodge a complaint with your local data protection supervisory authority — in Berlin, typically the Berliner Beauftragte für Datenschutz und Informationsfreiheit

Because we store very little data, signing out clears your session. For other requests, contact contact@hiveintel.de. We will respond within one month as required by GDPR.

9. Security

We use HTTPS encryption, organization-only authentication, non-persistent PDF handling, rate limiting, and access controls. No method of transmission over the Internet is 100% secure.

10. Children

This service is intended for organization members and is not directed at children under 16.

11. Changes

We may update this policy. The “Last updated” date at the top will change when we do. Continued use after changes constitutes notice of the updated policy where permitted by law.