Privacy Policy

Last updated: April 18, 2026

HTML2DocHub (operated as an individual proprietorship in India) is committed to protecting your personal data. This Privacy Policy explains what we collect, why, who we share it with, and what rights you have under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and equivalent laws in your jurisdiction.

1. What we collect

  • Account data: email address, full name (optional), hashed password, 2FA secret (if enabled).
  • Usage data: job metadata (type, status, page count, render duration, cost), API key usage statistics, IP address of API callers, timestamps.
  • Payment data: Razorpay order IDs and payment IDs. We never see or store card numbers, CVVs, or UPI IDs — those live only inside Razorpay.
  • Render input: the HTML or URL you submit. Processed in memory and not written to persistent storage beyond the duration of the render. The rendered output (PDF or image) is stored in Amazon S3 as described below.
  • Error telemetry: if Sentry is enabled, unhandled errors may include your user ID and email alongside the stack trace.

2. Why we collect it

  • To operate the Service (authenticate, route API calls, bill accurately).
  • To send transactional emails (verification, password reset, payment receipts, low-balance alerts).
  • To comply with Indian accounting and tax obligations.
  • To detect and prevent abuse (rate limiting, anomaly detection).
  • To improve the Service with aggregated usage statistics — never personal profiles sold or shared.

We never sell your data. We do not use your data for advertising, profile building, or training third-party AI models.

3. Who has access

Only the HTML2DocHub proprietor. We engage the following subprocessors to operate the Service:

  • Razorpay Software Private Limited — payment processing. Receives your email, name, IP address, and billing details.
  • Resend Inc. — transactional email delivery. Receives your email address and the email content.
  • Amazon Web Services — S3 object storage for rendered outputs. Receives the output file and an object key that includes your user UUID.
  • Functional Software, Inc. (Sentry) — error tracking, when enabled. May receive user IDs, email addresses, and stack traces containing request paths.
  • Hetzner Online GmbH — infrastructure hosting in the European Union. All server-side data passes through Hetzner facilities.
  • UptimeRobot — external uptime monitoring. Receives only our public health-check URLs, no user data.

Each subprocessor is contractually bound to handle data only for the purposes we engage them for.

4. International transfers

Your data may be transferred to and processed in the European Union (Hetzner) and the United States (AWS, Sentry, Resend). We rely on each provider's standard contractual clauses and data-processing agreements for cross-border transfers permitted under Indian law.

5. Data retention

  • Account PII — until you delete your account. Zeroed on deletion (see section 7).
  • Wallet transactions — retained for 7 years to comply with Indian accounting and tax laws. Personal identifiers are zeroed on account deletion; the transaction row survives for audit purposes.
  • Job metadata — retained 12 months for billing audit, then purged.
  • Rendered outputs — stored in S3 for the signed-URL expiry configured on your account (default 1 hour); the file itself may persist in S3 for up to 90 days for cache efficiency, then removed.
  • Source HTML — not persisted beyond the lifetime of the render.
  • Error telemetry — Sentry retains events for 90 days by default.

6. Security

  • All traffic is served over TLS 1.3.
  • Passwords hashed with bcrypt (cost factor 12).
  • API keys stored as SHA-256 hashes. The full key is shown only once, at creation.
  • Wallet operations protected by Redis distributed locks to prevent race conditions.
  • URL rendering includes SSRF protection (private/internal IPs blocked) and a URL scheme allowlist (only http/https).
  • Razorpay webhook signatures verified via HMAC-SHA256 with constant-time comparison.
  • 2FA (TOTP) available for account login.

7. Your rights

Under the DPDP Act and equivalent laws, you can:

  • Access your data — download wallet transactions and job history as CSV from your dashboard at any time.
  • Correct your account data — update name and spending limits in the dashboard; email us for anything else.
  • Delete your account — use the self-service Delete My Account control in the dashboard, or call DELETE /v1/auth/me from your API client. We will zero personal fields immediately; wallet transactions are retained in anonymised form per section 5.
  • Withdraw consent — by deleting your account. Consent is also renewable when you re-accept updated Terms.
  • Complain — if you believe we are mishandling your data, you may lodge a complaint with the Data Protection Board of India (meity.gov.in).

8. Cookies

We store a single authentication cookie (the JWT access token) to keep you signed in. We do not use third-party analytics, advertising cookies, or fingerprinting. If we add analytics we will update this policy and surface a consent banner first.

9. Children

The Service is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has created an account, email us and we will delete it.

10. Breach notification

If we become aware of a personal-data breach likely to affect your rights, we will notify you without undue delay — and in any event within 72 hours — by email, and notify the Data Protection Board of India as required by the DPDP Act.

11. Changes to this policy

We may update this policy. Material changes will be announced by email at least 30 days before taking effect.

12. Contact / grievance officer

Data-protection and privacy questions — or to exercise any of the rights in section 7 by email rather than self-service — contact the grievance officer:

Email: html2dochub@mindzdev.com
We acknowledge requests within 72 hours and resolve them within 30 days.