Vexifa PDF Suite
Privacy Policy

1. Scope of This Policy

This Privacy Policy applies exclusively to the Vexifa PDF Suite desktop application ("the App") for Windows. It describes every network call the App makes, every piece of data it collects or processes, and how that data is handled. It does not apply to other Vexifa products, which have separate policies.

This policy is written with the needs of healthcare professionals, legal professionals, and regulated-industry users in mind. Where relevant, we address the specific compliance frameworks that govern your use of the App.

2. What Vexifa PDF Suite Does Not Do

The following is an explicit list of what the App never does — not by policy alone, but by architectural design. There is no server-side infrastructure to which these operations could be routed:

• Does not upload document content. No page of any PDF you open is transmitted to Vexifa or any Vexifa-operated server.
• Does not transmit AI conversations to Vexifa. When you use the local AI sidebar via Ollama, all prompts and responses stay on your machine. The App communicates with localhost (127.0.0.1) for local AI, never with a Vexifa AI endpoint.
• Does not send OCR results to Vexifa. Tesseract OCR runs locally. The extracted text is never transmitted to Vexifa.
• Does not upload redaction content. When you redact text or apply pattern-based redaction, the content being removed is processed entirely on-device and never seen by Vexifa.
• Does not transmit PII scan findings. The PII scanner operates locally on your document's text. Findings — including any SSNs, credit card numbers, or other sensitive data it detects — are displayed only to you and never sent externally.
• Does not send audit log data to Vexifa. Audit logs are stored as encrypted local files on your device. They are never transmitted to Vexifa.
• Does not collect personally identifiable information. The App does not collect your name, email, document filenames, document paths, Microsoft account, or any identifier linked to your real-world identity. The anonymous Install ID described in section 3 is a randomly generated UUID with no connection to who you are.

3. Data Vexifa PDF Suite Does Collect

The App collects a small set of anonymous diagnostic and usage data to help us detect crashes, identify regressions, and understand which features are most used. All of this data is sent to buggy.vexifa.com, a Cloudflare-hosted service operated by Vexifa.

3.1 Crash Reports (automatic, anonymous)

When the App crashes, the following data is sent to buggy.vexifa.com on the next launch:

• Error type and message
• Source file location (file path within the application binary and line number)
• Application version
• Windows version (for example, "Windows 11 23H2")
• The currently active behavioral Mode (Pro, Healthcare, or Legal)
• The anonymous Install ID described in section 3.3

No document content, document paths, filenames, user data, or personal information is included in crash reports. Crash reporting can be disabled entirely by an enterprise policy file (see section 11).

3.2 Anonymous Usage Events

The App sends anonymous usage events to buggy.vexifa.com to help us understand which features are most used and to detect regressions. Each event contains:

• Feature name (for example, feature:redaction or app-launch)
• The anonymous Install ID described in section 3.3
• Approximate country, derived from your IP address by Cloudflare. The IP address itself is not stored.

No document content, document paths, or personal information is included. Usage event tracking can be disabled entirely by an enterprise policy file (see section 11).

3.3 The Install ID

The Install ID is a random UUID generated on first launch and stored locally on your device. It is included in crash reports and usage events to let us correlate signals from the same install — for example, to know whether a crash is recurring on one device or occurring across many. It is not linked to your Microsoft account, your name, your email, or any other identity. Uninstalling the App removes the Install ID; reinstalling generates a new one.

You can stop further collection at any time by uninstalling the App. To request deletion of historical data already linked to your Install ID, see section 10.

4. Every Network Call the App Makes

The table below is a complete, exhaustive list of all network communication initiated by the App. No calls are made beyond those listed.

5. Protected Health Information (PHI) and HIPAA

Healthcare mode in Vexifa PDF Suite is a runtime setting (Settings → Mode → Healthcare) designed for environments where HIPAA compliance is required. When active, it enforces a set of compliance controls described below. The following architectural properties are relevant to your compliance obligations:

5.1 Data Location

All documents — including those containing PHI — remain on the device running the App. The App does not move PHI to Vexifa servers at any stage of processing. AI analysis, OCR, PII scanning, redaction, and audit logging all execute on-device.

5.2 Encryption at Rest

When Healthcare mode is active, the audit log is encrypted at rest using AES-256-GCM with a key derived from the device's Windows Machine GUID and an application-specific salt. This satisfies the addressable implementation specification at HIPAA §164.312(a)(2)(iv) for encryption of data at rest.

5.3 Audit Controls

When Healthcare mode is active, the App maintains an append-only audit log recording every operation that touches document content: opens, saves, exports, prints, redactions, signatures, password changes, and annotation modifications. The log includes timestamp, hostname, Windows username, event type, document identifier, and a detail record. Logs are retained for a minimum of 7 years (configurable; 7 years is the HIPAA-required retention floor). The log cannot be cleared without a deliberate multi-step confirmation that itself generates an audit event.

5.4 Access Controls

Healthcare mode supports a PIN lock screen and forces session timeout enforcement — the app cannot be left indefinitely unlocked. The Windows identity of the current user is logged in every audit event. The recent-files list is also disabled by default in Healthcare mode. An enterprise policy file (see section 11) can additionally lock the app permanently into Healthcare mode so users cannot switch out.

5.5 Cloud AI in Healthcare Mode

When Healthcare mode is active, all external cloud AI providers (OpenAI, Anthropic, Google Gemini, OpenRouter, and any OpenAI-compatible endpoint) are blocked at the licensing layer. The local Ollama instance is the only permitted AI provider. If no local model is configured, AI features are unavailable rather than routing to a cloud provider. Switching back to Pro mode restores cloud AI access.

5.6 Business Associate Agreement

Vexifa never receives, stores, or has access to PHI processed through the App. Because of this architectural reality, the standard click-through End User Licence Agreement contains the BAA-relevant terms — Vexifa's obligations are limited to software vulnerability disclosure rather than data breach notification, because Vexifa cannot observe instance-level breaches when it never receives the data. Enterprise customers requiring a separately executed BAA may contact contact@vexifa.com.

5.7 Subcontractors That Touch No PHI

The following third-party subcontractors are used by Vexifa in connection with Vexifa PDF Suite. None of them receive, process, or store PHI:

• Microsoft (Microsoft Store) — distribution platform for the free app download. Does not receive document content, PHI, or audit log data.
• PayPal — payment processor for the optional support subscription. Receives your payment information if you subscribe (Vexifa is the merchant of record but does not store your full card details). Does not receive document content, PHI, or audit log data.
• Cloudflare — hosts buggy.vexifa.com, which receives anonymous crash reports and feature-usage events as described in section 3. The data sent contains no document content, no filenames, no Windows username, and nothing connected to your identity — only the anonymous Install ID, app version, Windows version, error details, and feature names. PHI is never transmitted. Both crash reports and usage events can be disabled by enterprise policy.
• Ollama — local AI inference runtime. Runs entirely on your device. No data is sent to Ollama's servers.

6. Legal Professional Privilege and Confidentiality

Legal mode in Vexifa PDF Suite is a runtime setting (Settings → Mode → Legal) designed for attorney and paralegal workflows. When active, it surfaces privilege-aware behaviors described below. The following is relevant to your professional obligations:

6.1 Document Confidentiality

Client documents, privileged communications, and work product processed through the App are never transmitted to Vexifa. The local-first architecture means that using the App — including AI analysis, PII scanning, and redaction — does not constitute a disclosure of confidential information to a third party.

6.2 E-Discovery and Legal Hold

Vexifa PDF Suite preserves document metadata (creation date, modification history, author data) through standard PDF operations. The audit log records access and modification events for each document, which may support chain-of-custody documentation. Bates numbering is available as a Tools menu item in any mode.

6.3 Digital Signatures and eIDAS

Vexifa PDF Suite supports PAdES-B-LT digital signatures with OCSP and RFC 3161 timestamp embedding. A hash of the document is transmitted to the configured RFC 3161 Timestamp Authority (TSA) for timestamping — this is a standard cryptographic operation and transmits no document content. The signing certificate and private key remain in your Windows OS keystore; they are never transmitted to Vexifa.

6.4 Third-Party E-Signature Services

When you use "Send for E-Signature" via DocuSign or Dropbox Sign, you are uploading the document to that provider under the terms of your own agreement with them. This upload is a deliberate user action requiring explicit confirmation in the App. Vexifa does not intermediate the upload — it goes directly from your device to the provider's API. Review the relevant provider's privacy policy and BAA before sending confidential legal documents through these services.

6.5 Privilege-Aware AI Guardrails

When Legal mode is active, the App surfaces an acknowledgment dialog before any cloud AI call, reminding the user that submitting document content to an external AI provider may have privilege and confidentiality implications. The acknowledgment can be turned into a per-document or per-session decision in Settings. Switching to Healthcare mode blocks cloud AI entirely; switching to Pro mode removes the acknowledgment prompt. An enterprise policy file (see section 11) can lock the app permanently into Legal mode or disable cloud AI as a separate feature flag.

7. Data Stored Locally by the App

The following data is written to your device's app data directory (%APPDATA%\Vexifa PDF Suite\) and remains entirely under your control:

• Install ID — the anonymous UUID described in section 3.3. Generated on first launch, used in crash reports and usage events, never linked to your identity.
• First-install date — used to determine when the 60-day grace period has elapsed.
• Mode setting (mode.json) — your selected behavioral Mode (Pro, Healthcare, or Legal). Defaults to Pro.
• AI configuration (ai_config.json) — your configured AI providers, model selections, and API keys. API keys are stored in the Windows Credential Manager, not in plain-text config files.
• Subscription license (paypal_license.json) — the PayPal subscription or transaction ID you entered to activate your optional support subscription, stored locally and treated as active for one year. It is not transmitted off your device.
• Security settings — session timeout duration, PIN hash (bcrypt), disable-recents flag.
• Audit log (audit.log or audit.log.enc) — the append-only operation log. Encrypted at rest when Healthcare mode is active.
• Semantic search indices (.vxidx sidecar files) — embedding vectors only. These files contain no document text. They are stored alongside the source document.
• Recent files list — disabled by default when Healthcare mode is active. Can be disabled in any mode via Settings → Security & Compliance.

Uninstalling the App does not automatically delete these files. They can be removed manually from the app data directory at any time.

8. Distribution and the Optional Subscription

Vexifa PDF Suite is distributed through the Microsoft Store as a free Windows app. An optional annual subscription ($19/year) is available via PayPal; you subscribe on a PayPal page and activate it in-app from Settings → License by pasting your PayPal subscription or transaction ID. Subscribing removes a brief launch reminder shown after a 60-day grace period and helps fund continued development. Subscribing does not unlock any additional features — the app is fully functional either way.

• If you subscribe: your payment information (card number, billing address) is collected and processed by PayPal, not by Vexifa. Vexifa is the merchant of record but never sees your full card details. Review the PayPal Privacy Statement for how PayPal handles purchase data.
• As the merchant of record, Vexifa receives your subscription and transaction details from PayPal when you subscribe (so it can support and refund the subscription). The ID you paste into the app to activate it is stored locally on your device — the app does not transmit it to Vexifa or PayPal.
• On each app launch, the App checks the PayPal subscription or transaction ID stored locally on your device to decide whether to show the brief launch reminder. This check happens entirely on your device — no network request, no separate license key, and no document content is involved. The stored ID is treated as active for one year from activation.
• Your subscription is tied to your PayPal subscription, not to a specific machine. It applies on any Windows device where you activate it with your subscription ID.
• No document content, file paths, audit log data, or PHI is sent to PayPal or Vexifa as part of the subscription check.

9. Data Retention

The table below describes how long each category of data is retained, and where.

10. Your Rights

10.1 EU / UK Residents (GDPR / UK GDPR)

If you reside in the European Union or United Kingdom, you have the following rights with respect to data we hold about you:

• Right of access — request a copy of the data we hold (limited to your Install ID and associated crash reports / usage events)
• Right to rectification — request correction of inaccurate data
• Right to erasure ("right to be forgotten") — request deletion of all data associated with your Install ID
• Right to data portability — receive your data in a machine-readable format
• Right to object — object to anonymous usage event collection (in which case we will delete existing events and prevent future collection for your Install ID)
• Right to lodge a complaint with your local supervisory authority

To exercise any of these rights, email contact@vexifa.com with your Install ID (found in Settings → About → Install ID). Because crash reports and usage events are anonymous, we can only locate your data with the Install ID.

10.2 California Residents (CCPA / CPRA)

California residents have the right to:

• Know what personal information we collect (described above)
• Request deletion of personal information
• Opt out of the sale or sharing of personal information — Vexifa does not sell or share personal information
• Be free from retaliation for exercising your rights

To exercise these rights, email contact@vexifa.com with your Install ID.

10.3 All Users

You can opt out of crash reporting and usage events at any time by uninstalling the App. The Settings → Security & Compliance panel offers in-app toggles for the recent files list, session timeout, PIN lock, and cloud AI providers.

11. Enterprise Policy Overrides

System administrators can deploy a JSON policy file at C:\ProgramData\Vexifa\policy.json on managed machines. This file can:

• Lock the application into a specific Mode (Pro, Healthcare, or Legal) — users cannot switch out
• Disable specific features by name:
  • cloud_ai — blocks all external AI providers
  • cloud_storage — blocks Google Drive, OneDrive, Dropbox, WebDAV
  • telemetry — disables crash reporting and usage events to buggy.vexifa.com
  • browser_extension — disables the local WebSocket bridge on port 47231
  • lan_review — disables LAN-based document review
  • e_signature — disables electronic signature workflows
  • external_updates — disables external update checks

When a policy file is active, the user sees a "Managed by your organization" badge in Settings → About along with the contact information specified in the policy. Users cannot override policy-set features from within the application.

Template policy files for healthcare workstations, law firms, and government / air-gapped environments are available at github.com/dav7612r/Vexifa-PDF-Suite-Policies. IT admins deploy them to C:\ProgramData\Vexifa\policy.json via SCCM, Intune, or GPO.

12. Children's Privacy

Vexifa PDF Suite is a professional productivity application intended for use by individuals 18 years of age or older. We do not knowingly collect any personal information from children under 13 (or under 16 in the European Union).

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in the App's functionality or applicable law. When we do, we will update the "Last updated" date at the top of this page. The in-app End User Licence Agreement may require re-acceptance for material changes.

14. Contact

If you have questions about this Privacy Policy or require documentation for a compliance audit, contact us at contact@vexifa.com.

Vexifa LLC
contact@vexifa.com