Privacy Policy¶
Last updated: April 17, 2026
Overview¶
PDF Accessibility Tagger is an API service that processes customer-submitted PDF documents and returns semantically tagged PDFs plus review-oriented workflow metadata intended to support accessibility remediation workflows.
Geographic scope¶
The service is offered solely to users located in the United States. We do not target or actively market the service to users in the European Union, the United Kingdom, or other jurisdictions outside the United States, and this policy is not designed to satisfy the requirements of the EU General Data Protection Regulation (GDPR), UK GDPR, or equivalent non-U.S. privacy regimes. If you are located outside the United States, please do not use the service.
Service model¶
The service uses an asynchronous staged-processing model. Documents are uploaded to temporary cloud storage, processed by the service, and made available for bounded retrieval. All staged artifacts are automatically deleted after a defined retention period.
Information we process¶
When you use the API, we process:
- the PDF file you submit
- the source IP address of the incoming request (typically the RapidAPI proxy when the service is accessed through the marketplace, rather than the end user's IP)
- the API key identifier used for authentication (used to distinguish requests; API key values are not written to persistent logs)
- basic request metadata: timestamp, request ID, outcome, HTTP status, latency, file size, page count
- job lifecycle metadata: job ID, status transitions, timestamps, error category
How we use submitted documents¶
Submitted PDFs are processed solely for:
- analyzing the source PDF structure
- generating a tagged output PDF
- generating workflow metadata and review guidance associated with the job
- returning the output to you
- operating, debugging, and securing the service
We do not use document content to train, tune, or evaluate machine-learning models, and we do not use document content to improve the service beyond the specific job the document was submitted for. Any product improvement work uses only the operational metadata listed above.
Temporary staging¶
The service requires temporary storage of submitted and processed documents to bridge the gap between submission and retrieval. In practical terms, the customer first requests an upload slot from the API, uploads the document through a presigned URL, and then finalizes the staged upload for processing. This staging is:
- bounded: all staged artifacts are automatically deleted after 3 days, enforced by infrastructure lifecycle rules rather than application logic
- encrypted: all stored artifacts use server-side encryption (AES-256)
- access-restricted: the S3 bucket blocks all public access; only the service's own IAM roles can read or write artifacts
- not a document repository: the service does not retain documents beyond the retention window, and does not provide long-term storage or archival
What is staged¶
| Artifact | Storage | Retention | Purpose |
|---|---|---|---|
| Submitted PDF | S3 (inputs/) |
3 days (lifecycle rule) | Input for worker processing |
| Tagged PDF | S3 (outputs/) |
3 days (lifecycle rule) | Result available for retrieval |
| Job record | DynamoDB | 3 days (TTL attribute) | Job status and metadata |
| Queue message | SQS | 1 day (message retention) | Processing trigger (contains job reference, not document content) |
Training and model use¶
Customer documents are not used for model training.
If that policy changes in the future, this document will be updated explicitly before such use begins.
Storage and retention¶
Retention windows for document content and job metadata are listed in the staging table above. Operational logs (API Gateway access logs, Lambda logs, worker logs) are retained in CloudWatch for 30 days and then automatically deleted. This is longer than the 3-day document-retention window because logs contain no document content — only the operational metadata described above.
All retention enforcement is infrastructure-level (S3 lifecycle rules, DynamoDB TTL, SQS retention policies, CloudWatch log-group retention), not application-level. This makes accidental circumvention harder.
See the companion Data Handling document for the complete operational retention schedule.
Logging¶
The service logs limited operational metadata:
- request timestamp and request ID
- success/failure outcome
- latency
- file size and page count
- error category
The service does not intentionally log:
- document contents or extracted text
- sensitive excerpts from submitted PDFs
Third-party services¶
Requests are processed using AWS cloud infrastructure services (compute, storage, queuing, and logging). Customer document content is not sent to third-party AI or OCR providers. All structural analysis runs inside the service's own AWS infrastructure using locally hosted models.
Sensitive and regulated documents¶
You represent and warrant that you have all necessary rights to submit each document you upload, including any rights of authors, subjects, copyright holders, and any individuals whose personal data appears in the document.
The service is not configured to handle the following categories of regulated data, and you must not submit them:
- Protected Health Information (PHI) as defined by the U.S. Health Insurance Portability and Accountability Act (HIPAA). The service does not offer a Business Associate Agreement.
- Cardholder data subject to the Payment Card Industry Data Security Standard (PCI DSS).
- Classified or controlled-unclassified government information (e.g., U.S. CUI, FOUO, or equivalents in other jurisdictions).
- Data subject to export controls (e.g., ITAR, EAR) that would require a specific licensing regime.
For other categories of personal or confidential data (for example, educational records subject to FERPA, or legal-professional privileged content), you remain solely responsible for determining whether submission is appropriate under your own compliance regime.
Security¶
The service uses:
- TLS transport encryption for all API communication
- server-side encryption (AES-256) for all stored artifacts
- IAM-scoped access controls for all infrastructure resources
- API key authentication for all document submissions
- infrastructure-enforced lifecycle rules for automatic artifact deletion
California privacy notice¶
This section applies to California residents and supplements the information above. It is provided with reference to the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
Categories of personal information collected¶
Over the preceding twelve months, the service has collected only the following categories of personal information as defined by the CCPA:
- Identifiers: source IP address (typically a RapidAPI proxy IP), API key identifier, request ID, and job ID.
- Internet or other electronic network activity information: operational metadata about interactions with the service, such as HTTP method, route, response status, latency, and timestamps.
The service does not collect:
- precise geolocation data
- biometric information
- sensitive personal information as defined by the CPRA (e.g., account credentials, government ID numbers, racial or ethnic origin, religious beliefs, genetic or health data, or contents of non-service communications)
- inferences used to create consumer profiles
Sources of personal information¶
Personal information is collected directly from you when you interact with the service, and from the RapidAPI marketplace when requests are routed through it.
Purposes¶
Personal information is used only for the operational purposes described in the How we use submitted documents and Logging sections above. Personal information is not sold, rented, or shared with third parties for cross-context behavioral advertising.
Your rights¶
Subject to applicable exceptions, California residents have the right to request:
- to know what personal information is collected, used, disclosed, or sold
- to delete personal information collected about them
- to correct inaccurate personal information
- to opt out of the sale or sharing of personal information (not applicable — the service does not sell or share personal information)
- to limit the use of sensitive personal information (not applicable — the service does not collect sensitive personal information)
- to not be discriminated against for exercising these rights
To exercise any of these rights, contact us through the channels listed in the Contact section below. We will verify your request using reasonable means proportionate to the sensitivity of the information requested.
Small-business posture¶
The service is operated by a sole proprietor and at current scale may fall below CCPA's applicability thresholds. We nonetheless describe these rights and honor verifiable requests as a matter of product policy.
Deletion requests¶
All artifacts are automatically deleted within the retention windows described above, without any action required from you. Because document content is never retained beyond the 3-day staging window, there is typically no document-level data to delete on request. For questions about handling of operational metadata or logs associated with your use of the service, contact us using the channels described in the Contact section below.
Changes¶
This policy may be updated as the product evolves. Material changes will be reflected by updating the "Last updated" date at the top of this document.
Contact¶
For support or privacy inquiries, use the contact channels listed on the service's RapidAPI marketplace listing.