Privacy Policy

1. Introduction

Maharaja Trading LLC ("Maharaja Trading," "we," "us," or "our") operates the website maharajatrading.com and provides the Maharaja PDF Editor platform (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our Services, or interact with us in any way.

We are committed to protecting your privacy and ensuring transparency in how your data is handled. This Privacy Policy is designed to comply with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and the European Union General Data Protection Regulation (GDPR).

By accessing our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Services.

2. Information We Collect

2.1. Information You Provide Directly

We collect personal information that you voluntarily provide to us when you:

• Register for an account or start a free trial
• Subscribe to a paid plan (Starter, Logistics Pro, or Global Enterprise)
• Submit a contact form, sales inquiry, or support request
• Upload documents to the Maharaja PDF Editor for processing
• Use the e-signature feature or shared document links
• Participate in surveys, promotions, or webinars

This information may include:

• Identity Data: First name, last name, job title, company name
• Contact Data: Email address, phone number, mailing address
• Account Data: Username, password (hashed), account preferences
• Financial Data: Payment card details (processed by our PCI-DSS compliant payment processor Stripe; we do not store full card numbers)
• Document Data: PDF files you upload for processing through our Services
• Communication Data: Messages sent via contact forms, emails to our support team, and live chat transcripts

2.2. Information Collected Automatically

When you visit our website or use our Services, we automatically collect certain technical information, including:

• Device Data: IP address, browser type and version, operating system, device identifiers, screen resolution
• Usage Data: Pages visited, features used, time spent on pages, click patterns, referral source, session duration
• Location Data: Approximate geographic location derived from IP address (city/region level only)
• Cookie Data: Information stored and retrieved via cookies and similar technologies (see Section 11)

2.3. Information from Third Parties

We may receive information about you from third-party sources, including:

• Social login providers (Google, LinkedIn) if you choose to authenticate via these services
• Cloud storage providers (Google Drive, SharePoint, Dropbox) when you connect your accounts to import documents
• Analytics providers (Google Analytics) that provide aggregated website usage data
• Payment processors (Stripe) that provide transaction confirmation data

3. How We Use Your Information

We use your personal information for the following purposes:

• Service Delivery: To provide, operate, and maintain the Maharaja PDF Editor platform, including processing your PDF documents, executing e-signatures, and delivering merged/stamped/compressed output files
• Account Management: To create and manage your user account, process subscription payments, and provide billing and invoicing services
• Customer Support: To respond to your sales inquiries, technical support requests, and feedback submissions
• Service Improvement: To analyze usage patterns and improve the functionality, performance, and user experience of our Services
• Security: To detect, prevent, and respond to fraud, unauthorized access, and other security threats
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Communications: To send you service-related notifications, billing alerts, and — with your consent — marketing communications about new features or plan upgrades

Important Note on Document Data: PDF files you upload to the Maharaja PDF Editor are processed solely for the purpose of delivering the requested service (merge, stamp, sign, compress, OCR). We do not read, analyze, or mine the content of your documents for advertising, profiling, or any purpose other than delivering the specific service you requested. Processed documents are encrypted at rest with AES-256 and automatically purged per the retention schedule described in Section 6.

4. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA) and the United Kingdom, we process your personal data under the following legal bases as defined by the GDPR:

5. How We Share Your Information

We do not sell your personal information. We may share your information with the following categories of recipients:

• Service Providers: Third-party companies that perform services on our behalf, including cloud hosting (AWS), payment processing (Stripe), email delivery (SendGrid), customer support tools (Zendesk), and analytics (Google Analytics). These providers are contractually obligated to use your data only for the purpose of providing services to us.
• Legal and Regulatory: Government authorities, law enforcement, or other parties when required by law, subpoena, or court order, or to protect the rights, property, or safety of Maharaja Trading LLC, our users, or others.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of all or a portion of our assets, subject to applicable data protection laws.
• With Your Consent: When you explicitly authorize us to share your data with a specified third party.

We do not share, sell, or rent your uploaded PDF documents or their content with any third party under any circumstances.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

• Account Data: Retained for the duration of your account plus 24 months after account closure for audit and legal compliance purposes.
• Uploaded Documents: Processed documents are retained in your secure workspace for 30 calendar days after processing, after which they are permanently and irreversibly deleted from our servers. You may request immediate deletion at any time.
• Billing Data: Transaction records are retained for 7 years as required by US federal tax regulations (26 U.S.C. § 6501).
• Contact Form Submissions: Retained for up to 24 months from the date of submission.
• Server Logs: Automatically deleted after 90 days.

7. Your Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose (a) the categories of personal information we have collected about you, (b) the categories of sources from which we collected the information, (c) the business or commercial purpose for collecting the information, (d) the categories of third parties with whom we share the information, and (e) the specific pieces of personal information we have collected about you.
• Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain legal exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information we hold about you.
• Right to Opt-Out of Sale/Sharing: We do not sell or share (for cross-context behavioral advertising) your personal information. However, you may still exercise this right by contacting us.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit how we use sensitive personal information, if applicable.

To exercise any of these rights, please email saas-sales@maharajatrading.com with the subject line "CCPA Request" or call us at +1 (562) 555-0199. We will verify your identity and respond within 45 days as required by law.

Authorized Agents: You may designate an authorized agent to submit a request on your behalf. We may verify the authorized agent's authority and your identity before processing the request.

8. Your Rights Under GDPR (EEA/UK)

If you are a resident of the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation:

• Right of Access (Art. 15): You have the right to obtain confirmation as to whether personal data concerning you is being processed, and access to that data.
• Right to Rectification (Art. 16): You have the right to have inaccurate personal data corrected without undue delay.
• Right to Erasure (Art. 17): You have the right to have your personal data deleted ("right to be forgotten") under certain conditions.
• Right to Restriction (Art. 18): You have the right to restrict the processing of your personal data in certain circumstances.
• Right to Data Portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object (Art. 21): You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing.
• Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please email saas-sales@maharajatrading.com with the subject line "GDPR Request." We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection supervisory authority.

9. International Data Transfers

Your information may be transferred to and processed in the United States, where our primary data centers are located. If you are accessing our Services from outside the United States, please be aware that your data may be transferred to, stored, and processed in the US.

For EEA/UK users: We ensure that international data transfers comply with GDPR requirements through the use of Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.

10. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information, including:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (256-bit SSL).
• Encryption at Rest: All uploaded documents and personal data are encrypted at rest using AES-256 encryption.
• Infrastructure Security: Our cloud infrastructure is hosted in SOC 2 Type II certified data centers with 24/7 physical security, biometric access controls, and redundant power systems.
• Access Controls: Role-based access controls (RBAC), multi-factor authentication for administrative access, and least-privilege access policies.
• Regular Audits: We conduct regular security assessments, penetration testing, and code reviews.
• Incident Response: We maintain a documented incident response plan and will notify affected users and relevant authorities within 72 hours of a confirmed data breach, as required by GDPR.

While we take data security seriously and implement comprehensive safeguards, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to taking all reasonable measures to protect your data.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and use certain information about your usage of our Services. These include:

• Strictly Necessary Cookies: Essential for the operation of our website, such as session management and security tokens. These cookies cannot be disabled.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and plan selection.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymized usage data (e.g., Google Analytics with IP anonymization enabled).
• Marketing Cookies: Used to deliver relevant advertisements and measure advertising campaign effectiveness. These are only set with your explicit consent.

You can control cookie settings through your browser preferences. Please note that disabling certain cookies may affect the functionality of our Services.

12. Children's Privacy

The Maharaja PDF Editor is a B2B enterprise platform designed for business use. Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal data from a child under 16, we will take immediate steps to delete that information. If you believe a child under 16 has provided us with personal information, please contact us at saas-sales@maharajatrading.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Post a notice on our website for 30 days
• Send an email notification to registered users

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after the updated Privacy Policy becomes effective constitutes acceptance of the changes.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For CCPA-specific requests, email with subject "CCPA Request."
For GDPR-specific requests, email with subject "GDPR Request."