1. Who we are
   PDSigner (the "Service") is operated by the publisher of the PD Signer desktop application and the "PD Signer Bridge" browser extension. For privacy questions, contact info@pdsigner.com.
2. Scope
   This policy covers three components:

The PD Signer desktop app for Windows.
The PD Signer Bridge browser extension for Chrome, Edge and Firefox.
The pdsigner.com website, including the download and license-server endpoints.
3. PD Signer Bridge browser extension
3.1 What the extension does
The extension is a thin bridge between web pages and the PD Signer desktop app. It detects links to .pdf, .xml and .json files on the page, adds a "Sign" button next to them, and lets you sign a downloaded file by sending it to the local desktop app on http://127.0.0.1:51720. The signed result is delivered back to your browser as a download.

3.2 What the extension does NOT collect
We do not collect, transmit or store the content of any page you visit.
We do not collect your browsing history, search queries, URLs, cookies, form data, keystrokes or mouse activity.
We do not collect your name, email address, IP address or device identifiers through the extension.
We do not collect your smart-card PIN, your certificate, your private key or the documents you sign.
We do not use analytics, advertising trackers, fingerprinting or remote logging in the extension.
We do not sell or transfer any user data to third parties.
3.3 What the extension stores locally
The extension uses chrome.storage.local on your own device to remember:

Your preferred interface language (English or Turkish).
Your local extension settings (such as default signature profile).
This data never leaves your browser. Uninstalling the extension removes it.

3.4 What the extension transmits
When you click "Sign" on a file link, or use the right-click context menu, the extension:

Downloads the target file from the same origin you clicked it on, using your existing browser credentials (the same way a normal click would).
POSTs the file's bytes (base64-encoded) together with your chosen signature profile and PIN to the local URL http://127.0.0.1:51720/sign, which is served by the PD Signer desktop app running on your own computer.
Receives the signed file back from the local desktop app and offers it as a download in your browser.
No data is sent over the public internet by the extension itself. All signing traffic stays on the loopback interface (127.0.0.1) of your own machine.

3.5 Host permissions
The extension requests access to all URLs (<all_urls>) for a single purpose: to scan rendered pages for links to .pdf, .xml and .json files and inject a small "Sign" button next to them, and to fetch the file you click on with your existing session cookies. The extension does not read, modify or transmit other page content, and it does not phone home about which sites you visit.

1. PD Signer desktop application
   The desktop app runs locally on Windows and performs the actual cryptographic signing using your smart card or USB token. The app:

Reads your certificate metadata from the connected PKCS#11 device only when you initiate a signing action.
Never uploads documents, signatures, certificates, PINs or private keys to any remote server.
Contacts pdsigner.com only for license validation, software updates and the trusted-certificate manifest. These requests include your license key and a machine fingerprint (a hash derived from non-personal hardware identifiers) so we can bind the license to your installation. They do not include any documents or signing material.
5. Website (pdsigner.com)
The website serves the documentation, downloads and licensing endpoints. When you visit it or when the desktop app contacts it, our server logs may record:

Your IP address, user agent and the requested URL, for security and abuse-prevention purposes.
For license operations: your license key, the desktop app version and a machine fingerprint, so the license can be issued, validated or revoked.
We do not use third-party advertising, analytics or social trackers on the site. Logs are retained for the minimum period needed for security and license enforcement and are not sold or shared with third parties.

1. Cookies
   The website does not set tracking or advertising cookies. Strictly-necessary session cookies may be used for the admin panel only.
2. Children
   PDSigner is a professional digital-signature tool and is not directed at children under 13. We do not knowingly collect data from children.
3. Security
   Signing happens entirely on your own computer over the loopback interface. License-server traffic is served over HTTPS and responses are additionally signed with HMAC-SHA256 so the desktop app can verify their authenticity. Access to upload endpoints and the admin panel requires authentication.
4. Your rights
   You may at any time:

Uninstall the browser extension to immediately remove all locally stored extension data.
Uninstall the desktop app to remove its local data.
Request deletion of your license record by emailing info@pdsigner.com from the address associated with the license.
10. Changes to this policy
We may update this policy as the product evolves. The "Last updated" date at the top of this page indicates the most recent revision. Material changes will be highlighted on the website.

1. Contact
   Questions, requests or complaints: info@pdsigner.com.