Security and data protection

This page is dedicated to outlining our comprehensive measures and protocols designed to ensure the confidentiality, integrity, and safety of your files. Learn about the robust security practices we employ to protect your data.

Data Privacy and Security

Discover how we prioritize your privacy. Explore the summary of our approach to data handling in this section

iLovePDF's Privacy Policy

We want to be transparent about how we handle your data. In this brief overview, we'll provide key insights into our approach. For more details, check the complete Privacy Policy.

In our commitment to ensuring your privacy, we adhere to the following principles:

  • Data Collection: We collect only the information necessary for providing our services.
  • Data Security: Your data is securely stored and protected.
  • Data Sharing: We do not sell your data to third parties.
  • Cookies: We use cookies to enhance your experience. Learn more in the full policy.
  • Your Rights: You have the right to control your data and its usage.

Security Policy Overview

The iLovePDF Security Policy focuses on preventing, detecting, and responding to security incidents to safeguard confidential data and ensure uninterrupted service. It applies to all individuals interacting with iLovePDF services. For more details, see the complete Security Policy Overview.

Key Responsibilities

Responsibilities include resource allocation by executive management, policy oversight by the Security Committee, adherence to security measures, and reporting incidents by employees and authorized users.

Key Security Measures

Critical security measures encompass access control, security training, regular system updates, and essential risk mitigation strategies. Additionally, iLovePDF emphasizes data encryption, security audits, and a robust Continuous Improvement Plan to maintain information security and resilience.

Ongoing Evaluation and Improvement

We manage and protect information security with a Continuous Improvement Plan. We regularly review our policies to ensure their effectiveness and relevance in a changing landscape. Additionally, we actively seek opportunities for improvement in our information security processes. This commitment allows us to stay ahead of emerging threats and continuously enhance our safeguards for user data.

Certifications and compliance

Security, privacy, and trust in focus: Our adherence to standards and regulations

iLovePDF proudly holds ISO/IEC 27001:2017 certification, recently renewed in November-March 2023. This certification assures rigorous adherence to global information security standards. Access our ISO 27001 certificate.
As a Europe-based company, iLovePDF is fully GDPR compliant, ensuring utmost respect for data privacy. We guarantee your rights, including access, rectification, and erasure of personal data, with diligence.
We integrate services provided by Qualified Trust Service Providers (QTSP) under eIDAS, which allows us to offer electronic signatures and seals that adhere to the highest standards of security and authenticity. This ensures the legal validity and integrity of your signed documents.

Product Security

Find details on how we secure and protect user data and document processing

Cloud infrastructure
iLovePDF utilizes robust cloud infrastructure partnerships for a secure and adaptable environment, ensuring resilience to meet user demands effectively.
Network communications
We rely on a global content delivery and DDoS protection service, guaranteeing rapid access worldwide and robust security against online threats.
iLovePDF's cloud infrastructure is bolstered by a leading data storage provider. It's important to emphasize that iLovePDF does not retain user documents.

Data Encryption

Data encryption is a fundamental pillar of our product security. We implement robust encryption protocols, including the use of the HTTPS (Hypertext Transfer Protocol Secure) protocol, to protect your data, both in transit and at rest. This stringent encryption guarantees the confidentiality and integrity of your data, offering peace of mind when using our services.

Additionally, we employ end-to-end encryption to ensure the highest level of security for your data from the moment you upload it until it's processed and delivered back to you.

Data Retention and Removal

Respecting your privacy and adhering to applicable regulations are core principles of our data retention and removal policies. At iLovePDF, all files processed within our platform are automatically and permanently deleted within two hours of being processed. We also provide users with the option to manually delete files from the download screen, giving you even more control over your data's lifecycle. For transparency, it's important to note that we retain signed documents for a maximum of 5 years in compliance with legal requirements.

User Protection

At iLovePDF, we prioritize user protection. As part of our commitment to enhancing security, we offer Two-Factor Authentication (2FA). With 2FA, your account is fortified with an additional layer of security, ensuring that only authorized users can access it. Your data remains protected, and your user experience is more secure than ever.

Payment Information (Powered by Stripe)

For seamless and secure transactions, iLovePDF is powered by Stripe, a renowned and trusted payment gateway. Stripe offers top-tier security for your payment information and is certified as a PCI Level 1 Service Provider.

We do not collect any payment information and are therefore not subject to PCI obligations.

Internal Security

Discover the comprehensive measures and protocols implemented to secure iLovePDF's internal operations and data

Centralized Account Management
We employ a centralized account management system, streamlining the control and oversight of user accounts to enhance security.
Password Management System
We maintain the integrity and security of your login credentials through a robust password management system. We also implement password rotation, requiring password changes every 90 days to reduce the risk of unauthorized access.
Two-Factor Authentication (2FA)
We enforce Two-Factor Authentication (2FA) for all nominal accounts, which adds an additional layer of protection to your user accounts, enhancing security and further safeguarding your data and login credentials.
Controlled Physical Access
Implementing security measures such as alarms, fingerprint authentication, fire protection, and anti-robbery safeguards to ensure stringent control over physical access to our facilities.
Employee Onboarding and Offboarding
Our onboarding and offboarding procedures include a checklist that prioritizes security best practices, ensuring that employees' access aligns with our security standards.
Principle of Least Privilege
Access privileges are meticulously managed, adhering to the principle of least privilege. This means that users are granted only the minimum level of access required to perform their tasks, minimizing potential security risks.
iLovePDF Information Security Policy
At iLovePDF, we strengthen data security with ISO/IEC 27001 standards. Our system ensures confidentiality, integrity, and availability, backed by ongoing improvement and resource allocation for compliance.

iLovePDF is formed of a team of experienced professionals in the Information Technology sector, whose mission is to develop products that facilitate the conversion, editing, and management of files.

The Information Security Management System (ISMS) preserves the confidentiality, integrity, and availability of information through the application of a risk management process for these products.

The Information Security Policy establishes the main principles for the ISMS, defining the following security objectives:

  • Guarantee the confidentiality of the information that iLovePDF receives/sends/processes through its platforms
  • Ensure the integrity, accuracy, and veracity of information to guarantee it does not suffer unauthorized alterations or modifications
  • Protect access to information, allowing it to be available when requested
  • Ensure maximum system availability
  • Establish the necessary measures to keep the team constantly aware of adapting compliance and security policies
  • Establish evaluation and monitoring measures to ensure that supplier security is aligned with the organization's ISMS

Additionally, iLovePDF is committed to compliance with all national and international regulations that apply to it, defining specific resources for competent management.

iLovePDF's Management provides all staff with the necessary resources to maintain these objectives, and there is a dedicated team that manages information security which regularly meets to discuss issues related to the ISMS.

With an established ISMS infrastructure in place, iLovePDF will regularly evaluate the actions necessary to protect the ISO/IEC 27001 certification and its continuous improvement.

Furthermore, Management commits to actively participating in the ISMS process and plays a key role in making the decisions that relate to system and information security.

Marco Grossi

January 1th, 2024

Woops! Something is wrong with your Internet connection...