Last updated: Apr 12, 2026
This policy explains what data pdrive collects, how it's used, and your rights regarding that data.
What we collect
Account information. Your name, email address, and OAuth provider details (GitHub or Google) when you sign up.
Content. The markdown documents and files you upload to pdrive.
Usage logs. Server access logs, API request metadata, and audit logs of actions taken within your account. These include timestamps, IP addresses, URL paths, response status, and the action performed.
Marketing attribution. When you arrive at pdrive via a UTM-tagged link (e.g. ?utm_source=hn) or an external website, we record that source alongside a pseudonymous visitor identifier, a truncated IP address (only the first three octets of IPv4 or first 48 bits of IPv6, enough for bot/abuse analysis but not to identify you individually), the landing page, and the HTTP Referer. Lawful basis: legitimate interest in understanding where our users come from. Orphan records (for visitors who never sign up) are deleted after 90 days.
Signup source. After you register, we ask "How did you hear about us?" as a single-question onboarding step. The answer is stored on your user record for internal marketing analysis only, not shared with third parties.
Product-usage milestones. We record internal counters for first-time events on your account (first document created, first project created, first API call, etc.) so we can measure product activation. These live in a separate internal table, are not shown in your audit log, and are not sold or shared.
Close-account feedback. When you close your account, we ask for a reason (from a short list) and an optional free-text note. Lawful basis: legitimate interest in service improvement.
Support submissions. When you submit feedback, an idea, or a help request via the in-app form, the subject and body are retained on our server (alongside your user ID, if logged in) so our support reps can see your history on subsequent requests. Lawful basis: contract performance.
How we use it
Your data is used to provide the service. Specifically:
- Storing and serving your documents to authorized users
- Authenticating you and managing account access
- Maintaining audit logs for your account's security
- Diagnosing and fixing technical issues
We do not sell your data to third parties. We do not use your content to train machine learning models. We do not share your data with advertisers.
Analytics and tracking
We do not track you. pdrive does not use browser-based analytics tools, no third-party tracking scripts, no cookies for analytics, and no browser fingerprinting. Nothing on our pages phones home to an external service to tell them you visited.
For operational visibility we analyze our own server access logs on our own server. This tells us which pages are popular and whether things are breaking. It does not follow you across the web, link to a marketing profile, or get shared with anyone else.
Cookies
pdrive sets a single session cookie that keeps you logged in, carries the CSRF token that protects form submissions, and stitches your anonymous-then-authenticated activity for marketing-attribution purposes (via a visitor_id stored inside the session cookie, not a separate cookie). Classified as functional under cookie-consent rules.
No analytics cookies, no tracking cookies, no advertising cookies, no third-party cookies.
Third-party processors
Some of the data you submit passes through third-party service providers:
- Discord. When you submit feedback through the in-app form, the body of your message is posted to a Discord webhook so our team sees it quickly. The message is also stored on our own servers. Discord is a notification channel, not the system of record.
We do not share account or content data with any other third parties.
Data retention
Your content is stored as long as your account is active. When you delete a document, it's removed from our systems. When you delete your account, all associated data is deleted.
Server access logs are retained for 14 days, then deleted automatically. Audit logs (which record security-relevant actions on your account) are retained per your plan's retention policy.
Your rights
Export. You can export all your documents at any time through the API.
Deletion. You can delete individual documents, projects, or your entire account. Deleted items are kept for a retention period (configurable per plan) and can be restored during that window. After the retention period, deletion is permanent.
Access. You can request a copy of all data we hold about you. Contact us and we'll provide it within 30 days.
Where your data is stored
pdrive runs on infrastructure in the United States. If you're accessing the service from outside the US, your data will be transferred to and processed in the US.
Changes to this policy
If we make significant changes to this policy, we'll notify you via email. Minor clarifications may be made without notice.
Contact
If you have questions about this policy or your data, reach out to us through the contact information on our website.