Vault PDF
Get started
Last updated June 2026

Data Processing Agreement

How Vault PDF processes team member and account data on behalf of your organization, and how to request a signed DPA.

Controller and processor roles

Not Another Software Company acts as the data controller for Vault PDF account data: team member emails, workspace settings, billing metadata, activity logs, and audit records. Vault PDF is offered to business teams in the United States, the EU/UK, and other international markets. We do not currently market or tailor the service to customers in India.

When your agency uses Vault PDF to process client PDFs in the browser, your agency remains the controller for client document data. Vault PDF does not receive PDF contents for core tools.

For a signed DPA covering our processing of your team's account data, email divya@vault-pdf.com with your organization name and billing contact.

Subject matter and duration

Processing covers provision of the Vault PDF SaaS application for the duration of your subscription and up to 90 days after termination for security and billing reconciliation, except where longer retention is required by law.

Categories of data processed
  • Identity and contact data (email, display name)
  • Workspace and role data (organization name, memberships)
  • Billing metadata (plan, subscription status, payment provider IDs)
  • Privacy-safe usage metadata (tool ID, file count, timestamps — no filenames or PDF content)
  • Audit and security logs (administrative actions, hashed IP)
  • Optional integration tokens when Slack is connected by an admin
Sub-processors

We engage sub-processors to deliver the service. The current list, including purpose and location, is maintained in our Privacy Policy and summarized on our GDPR page.

We will notify account owners of material sub-processor changes with reasonable notice. Objections may be sent to divya@vault-pdf.com.

Security measures

Technical and organizational measures include TLS encryption in transit, database row-level security, encrypted integration tokens, HMAC-hashed IP logging, browser-only PDF processing for core tools, and scrubbed operational logs before export to monitoring providers.

See also our GDPR page for transfer mechanisms and data subject rights.

Personal data breaches

If we become aware of a personal data breach affecting your account data, we will notify affected account owners without undue delay and within 72 hours where required by GDPR, including the nature of the breach and mitigation steps taken.

Request a signed DPA

Compliance-plan customers and enterprise teams may request a countersigned DPA. Email divya@vault-pdf.com with:

  • Legal entity name and registered address
  • Organization name in Vault PDF
  • Billing contact and signatory details

Our registered address: 150, Greenfields Soc., Palodia, Gandhinagar, India 382115

Contact

Not Another Software Company

For privacy, legal, DPA, billing, and general support inquiries, email divya@vault-pdf.com.

Document version 2026-06. Added registered address, expanded sub-processors, signup consent, data-rights settings, retention automation, DPA page, GDPR Art. 13 disclosures, US state privacy rights, and US/international market framing.

This information is provided for transparency and is not legal advice. Consult qualified counsel for jurisdiction-specific requirements.