Privacy Policy for the Riedo Rx PDF platform.

1. Scope of This Policy

This Privacy Policy applies to the public website located at riedorxpdf.com, the Riedo PDF Editor software environment, the Secure PDF Signer, business inquiry forms, customer communications, and any related online services that link to or reference this policy.

This policy does not replace customer-specific contractual commitments, including any negotiated data processing addenda, business associate agreements, or enterprise service terms that may apply to a particular account.

2. Categories of Information We Collect

Account and business contact information

• Name, company name, business email address, phone number, industry, and role information provided through sales forms, contact forms, or account setup.
• Billing and subscription administration information necessary to create, maintain, or service business accounts.

Service usage and technical data

• IP address, browser type, device characteristics, operating environment, approximate geolocation derived from network data, and diagnostic logs.
• Authentication events, workspace activity, signer progress, document status changes, and system performance telemetry.

Document and workflow information

• Files uploaded by customers, metadata associated with those files, signer order, field placement, workflow instructions, and audit-related event history.
• Administrative settings, access controls, retention preferences, and export actions configured by authorized customer users.

Support and communications data

• Emails, meeting requests, sales correspondence, implementation notes, and support ticket content submitted to [email protected] or related channels.

3. How We Use Information

Riedo Rx PDF uses collected information for the following business and operational purposes:

• To provide, secure, maintain, and improve the Riedo PDF Editor and related modules.
• To authenticate users, manage access controls, route electronic signature workflows, and preserve audit trail events.
• To respond to contact requests, sales inquiries, support requests, procurement review questions, and implementation discussions.
• To operate subscription administration, billing support, service monitoring, fraud prevention, abuse detection, and compliance review functions.
• To develop analytics regarding service performance, product reliability, and user experience for legitimate business improvement purposes.
• To comply with applicable legal obligations, regulatory inquiries, contract enforcement requirements, and lawful government requests.

4. GDPR Legal Bases for Processing

Where the General Data Protection Regulation applies, Riedo Rx PDF may rely on one or more of the following legal bases, depending on the context:

• Performance of a contract: when processing is necessary to provide the SaaS platform, operate accounts, and deliver requested services.
• Legitimate interests: when processing is reasonably necessary for security, service administration, fraud prevention, internal analytics, or support operations, provided those interests are not overridden by applicable rights.
• Consent: where specific consent is collected, including certain communication or form submission contexts.
• Legal obligation: when processing is required to comply with applicable law, lawful requests, or regulatory obligations.

Individuals subject to GDPR may request access, correction, deletion, restriction, objection, or portability where applicable, subject to legal exceptions and verification requirements.

5. California Privacy Rights and CCPA Notice

If you are a California resident and the California Consumer Privacy Act or California Privacy Rights Act applies to your relationship with us, you may have the right to request the following, subject to verification and applicable exemptions:

• Disclosure regarding categories of personal information collected, sources of information, business purposes for collection, and categories of third parties to whom information may be disclosed.
• Access to specific pieces of personal information maintained about you, where required by law.
• Correction of inaccurate personal information.
• Deletion of personal information, subject to legal, security, fraud-prevention, and contractual retention exceptions.
• Information regarding whether personal information is sold or shared in a manner covered by California law.
• Freedom from unlawful discrimination for exercising privacy rights.

Riedo Rx PDF does not describe its business model as one that sells customer-uploaded document content in the ordinary commercial sense. However, disclosures to vendors, service providers, infrastructure providers, and other operational partners may occur where reasonably necessary to operate the service.

6. Security Measures and HIPAA-Oriented Controls

Riedo Rx PDF applies administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, or destruction. Because the platform was originally developed for HIPAA-sensitive healthcare document workflows, security remains a core operating principle rather than a secondary feature.

• AES-256 encryption: stored document content and protected data repositories are handled using AES-256 encryption standards or equivalent safeguards within the service architecture.
• Secure transport protections: data exchanged between supported user sessions and platform services is expected to move through encrypted transport channels such as TLS.
• Zero-knowledge architecture principles: internal operational design seeks to minimize unnecessary access to customer document contents and reduce broad administrative visibility wherever feasible.
• Access management: role-based permissions, workspace controls, and account-level administration features are used to help customers limit internal access.
• Audit-oriented logging: signer events, status changes, and system-relevant workflow actions may be retained to support accountability, security review, and business operations.

No internet-based service can guarantee absolute security. Customers remain responsible for configuring their environments appropriately, protecting credentials, and using the service in accordance with internal compliance obligations.

7. Data Retention and Deletion

We retain information for as long as reasonably necessary to operate the service, provide support, comply with legal obligations, resolve disputes, enforce agreements, preserve security evidence, or satisfy documented retention requirements connected to the applicable customer relationship.

• Account records, billing information, and support correspondence may be retained for business administration and legal compliance purposes.
• Document content, workflow history, and exported records may be retained according to customer settings, subscription status, operational necessity, and lawful retention obligations.
• Security logs and diagnostic data may be preserved for fraud prevention, troubleshooting, and incident review purposes.

When deletion is requested and legally permitted, information will be removed, anonymized, or de-identified within a commercially reasonable timeframe, subject to technical constraints, backup cycles, and applicable legal exceptions.

8. Sharing, Service Providers, and Third-Party Processing

Riedo Rx PDF may share information with third parties only where reasonably necessary to operate the business, deliver the service, fulfill legal obligations, or support customer-requested functions. Depending on the context, these parties may include:

• Hosting, infrastructure, storage, analytics, communications, or support service providers acting on our behalf.
• Payment, billing, or subscription administration providers.
• Professional advisers, auditors, insurers, regulators, or legal authorities where disclosure is legally required or reasonably necessary.
• Affiliates, successors, or acquirers in connection with a merger, financing, reorganization, asset sale, or business transition, subject to appropriate confidentiality expectations.

We require service providers to handle data in a manner reasonably consistent with their role, contractual obligations, and security expectations. The exact subprocessor or vendor list may change over time as the service evolves.

9. Cookies, Analytics, and Similar Technologies

The website and related service environments may use cookies, local storage, session identifiers, analytics tools, and similar technologies to support authentication, session continuity, security, performance monitoring, and product improvement.

Users may control certain browser-level cookie settings directly through their browsers, but disabling some technologies may affect site or platform functionality.

10. International Data Transfers

Although this site is positioned for the United States market, customer organizations and authorized users may access the service from other regions. Where data is transferred across borders, Riedo Rx PDF may rely on contractual protections, organizational safeguards, and other lawful transfer mechanisms as applicable.

11. Children’s Privacy

The Riedo PDF Editor and related business services are intended for professional and commercial use. They are not directed to children under 13, and we do not knowingly collect personal information from children through the public-facing website for consumer purposes.

12. Policy Updates

We may update this Privacy Policy from time to time to reflect product changes, legal developments, operational adjustments, or security practices. When changes are material, we may revise the effective date and provide additional notice where appropriate.