Privacy Policy
Last updated: 25 April 2026
1. Introduction
This Privacy Policy explains how Mods Software ("we", "us", "our"), a company registered in England and Wales (Company Number 3257262), collects, uses, and protects your personal data when you use gitmd2pdf ("the Service").
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data Controller
Mods Software is the data controller for personal data collected through the Service. For data protection enquiries, contact us at support@mods-software.com.
3. Personal Data We Collect
| Data Category | Examples | Purpose |
|---|---|---|
| Account Data | Email address, name, password hash | Account creation and authentication |
| Billing Data | Stripe customer ID, subscription status | Payment processing and subscription management |
| Usage Data | Conversion history, API usage logs | Service delivery and fair use monitoring |
| Technical Data | IP address, browser type, device info | Security, troubleshooting, analytics |
4. Legal Basis for Processing
We process your personal data under the following legal bases:
- Contract Performance: To provide the Service you have requested.
- Legitimate Interests: To protect the Service, prevent fraud, and improve our offerings.
- Legal Obligation: To comply with applicable laws and regulations.
- Consent: Where you have given explicit consent (e.g., marketing communications).
5. How We Use Your Data
- To create and manage your account.
- To process conversions and deliver PDF documents.
- To process payments and manage subscriptions.
- To provide customer support.
- To send service-related communications.
- To detect and prevent fraud or abuse.
- To improve the Service through analytics.
6. Data Sharing and Third Parties
We may share your data with:
- Stripe: Payment processing. We do not store card details.
- Auth0: Authentication services for social login.
- Cloudflare: Security and CAPTCHA verification.
- Email providers: Transactional email delivery.
- Google Analytics: Anonymous usage analytics.
We do not sell your personal data to third parties.
7. Data Retention
- Account data: Retained while your account is active and for 30 days after deletion.
- Conversion files: Temporarily stored for delivery, then deleted within 24 hours.
- Usage logs: Retained for up to 12 months for operational and audit purposes.
- Billing records: Retained for 7 years as required by UK tax law.
8. International Transfers
Some of our service providers operate outside the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office.
9. Your Rights
Under UK GDPR, you have the right to:
- Access: Request a copy of your personal data.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your data ("right to be forgotten").
- Restriction: Request limitation of processing.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdraw Consent: Where processing is based on consent.
To exercise these rights, contact support@mods-software.com. We will respond within one month.
10. Cookies and Local Storage
The Service uses a small number of cookies, plus your browser's local storage, to keep you signed in and to enable payments. We do not use cookies to track you across other websites, and we do not sell or share cookie data with advertising networks.
Cookies set by Mods Software (first-party):
| Name | Purpose | Lifetime |
|---|---|---|
mods_login_prefill |
Remembers the last email you signed in with so the login form can pre-fill it. Set only after a successful login. Essential. | 30 days |
Cookies set by third parties embedded in the Service:
| Cookie(s) | Set by | Purpose | Lifetime |
|---|---|---|---|
__stripe_mid, __stripe_sid (and related __Secure-* Stripe cookies during checkout) |
Stripe (stripe.com/cookies-policy) | Fraud prevention, machine identification, and to power the secure checkout flow. Set automatically when any page loads Stripe.js. | __stripe_mid: ~1 year. __stripe_sid: 30 minutes. |
Auth0 session cookies (e.g. auth0.*) |
Auth0 / Okta (okta.com/privacy-policy) | Manage social-login (Google / GitHub / GitLab) sessions. Set only when you initiate a social login. | Session-only or up to the social provider's session length. |
Cloudflare Turnstile cookies (e.g. cf_*) |
Cloudflare (cloudflare.com/privacypolicy) | Bot detection on the contact form CAPTCHA. Set only when the contact form challenge is rendered. | Up to 30 minutes. |
Google Analytics cookies (e.g. _ga, _gid) |
Google (policies.google.com/privacy) | Anonymous usage analytics. Set only on production deployments where Google Analytics is configured (not on every environment). | _ga: 2 years. _gid: 24 hours. |
Local storage and session storage: in addition to the cookies above, the Service uses your browser's localStorage to keep you signed in (a JSON Web Token under the key token) and to remember UI preferences (selected currency, dashboard tab, output options). These are not cookies and are not transmitted to third parties; they live entirely on your device until you sign out or clear browser data.
Your choices: you can clear or block cookies through your browser settings. Blocking the Stripe cookies will prevent checkout from working. Blocking mods_login_prefill only removes the email-prefill convenience and does not affect your ability to sign in. Blocking Google Analytics cookies has no functional impact on the Service.
11. Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption in transit (HTTPS/TLS)
- Secure password hashing
- Access controls and authentication
- Regular security reviews
12. Children's Privacy
The Service is not intended for children under 16. We chose 16 as our threshold because it is the highest age of digital consent across the jurisdictions we serve (e.g. Germany under EU GDPR Article 8); the UK Data Protection Act 2018 sets the age at 13, but we apply the stricter standard universally.
We do not knowingly collect personal data from children under 16. We do not currently age-verify at signup; for paid tiers, a valid payment method (which is itself age-gated by the card issuer) is required. If you become aware that a child under 16 has provided personal data through the Service, please contact support@mods-software.com and we will delete the account and any associated data within 30 days.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service.
14. Complaints
If you have concerns about how we handle your data, please contact us first. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
15. Contact
For privacy enquiries, contact us at support@mods-software.com.