Privacy Policy

1. Data controller

The data controller for your personal data is:

2. What data do we collect?

ZeusPDF collects only the data strictly necessary to provide the service:

2.1 When registering or purchasing

• Full name: to identify you in emails and in the customer portal.
• Email address: to send you activation serials, purchase confirmations and licence-related communications.
• Company (optional): if provided, to personalise invoicing.
• Password (hashed): stored in encrypted form using bcrypt; never in plain text.

2.2 During payment

Payment is processed entirely through Stripe. ZeusPDF never stores credit or debit card data. We only receive payment confirmation and the amount from Stripe.

2.3 Licence data

• Assigned activation serial.
• Anonymous device identifier where the licence is activated (hash of hardware characteristics, cannot identify the user personally).
• Device name (Windows hostname, visible in the portal).
• Activation and expiry dates.

2.4 Technical data (API logs)

For system security, we log the IP address, date and time, and result of each call to the licence API. This data is retained for 90 days and used exclusively to detect abuse (mass activation attempts).

2.5 The desktop application

ZeusPDF (the Windows app) processes your documents 100% locally. The application never sends the contents of your PDFs to any server. The only data the application communicates with our servers is what is needed to verify the licence (serial and anonymous device identifier).

3. Purpose of processing

• Purchase management and product delivery: sending serials, activating licences, managing renewals.
• Customer portal management: access to your personal area, viewing licences and devices.
• Customer service and technical support: responding to enquiries or issues.
• Legal obligations: retention of invoices and accounting records in accordance with Spanish regulations.
• System security: detection and prevention of fraudulent use.
• Licence communications: expiry notices. We do not send marketing communications without explicit consent.

4. Legal basis

• Contract performance (Art. 6(1)(b) GDPR): to process your purchase, send the serial and manage your licence.
• Legal obligation (Art. 6(1)(c) GDPR): retention of invoices and tax records (Spanish Commercial Code: 6 years; General Tax Act: 4 years).
• Legitimate interests (Art. 6(1)(f) GDPR): system security, fraud prevention.

5. Retention periods

• Account data: while the account is active. Upon deletion, anonymised within 30 days.
• Purchase and billing data: 6 years (Commercial Code) or 4 years (tax obligations), whichever is longer.
• API logs: 90 days.
• Renewal tokens: 15 minutes (automatic expiry).

6. Third-party transfers

We share data with the following third parties, only to the extent necessary:

• Stripe, Inc. (USA) — payment processor. Covered by the EU-US Data Privacy Framework. View Stripe's privacy policy.
• Hosting provider — servers where the web application is hosted. Located in the EU.

We do not sell, rent or pass your data to third parties for commercial or advertising purposes.

7. Your rights

Under the GDPR, you have the right to:

• Access: request what data we hold about you.
• Rectification: correct inaccurate or incomplete data.
• Erasure ("right to be forgotten"): request deletion of your data when it is no longer necessary.
• Restriction: request that we restrict processing in certain circumstances.
• Data portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests.

You may exercise these rights by emailing privacidad@zeuspdf.com with a copy of your ID and a description of your request. We will respond within 30 days.

If you believe processing does not comply with the GDPR, you have the right to lodge a complaint with your national supervisory authority. In Spain: Agencia Española de Protección de Datos (AEPD) — www.aepd.es.

8. Security

We implement appropriate technical and organisational measures to protect your data:

• All connections encrypted with TLS/HTTPS.
• Passwords stored with bcrypt (not plain text).
• Licence data encrypted with AES-256-CBC in the Windows Registry.
• Rate limiting on activation attempts to prevent brute-force attacks.
• Single-use renewal tokens with 15-minute expiry.
• Database access restricted to the application only.

9. Contact

For any privacy or data protection enquiries: