Built EU-first, secured by default
pdf.xhub is built by a German company for European developers and their customers. Frankfurt + Paris render fleet, GDPR-compliant out-of-the-box, no US data transfer — ever.
Data residency
Render workers run exclusively in Frankfurt and Paris. Your documents never leave the EU. No fallback to US infrastructure under load — by design.
Encryption
TLS 1.3 in-transit, AES-256 at-rest. Document blobs are encrypted with per-workspace keys; metadata is encrypted with HSM-backed keys.
Authentication & access
API keys are scoped per-workspace. Production / test keys separate. Rotate keys without downtime. SSO (SAML, OIDC) on Business + Enterprise tiers.
Compliance
GDPR-compliant by default — DPA + SCCs included with every account. Schrems II-safe: zero US data transfer. EU VAT-compliant invoicing.
Document handling
Render outputs are stored for 24 hours by default, configurable down to 0 minutes (instant delete after download). Bring-your-own-bucket for indefinite retention.
Audit & roadmap
ISO 27001 audit scoped for 2026. SOC 2 Type II for Enterprise customers. Pen-test reports available under NDA. Public security.txt at /security.txt.
Frequently asked
- Where exactly is my data processed?
- Render workers run on infrastructure operated in Frankfurt (FRA) and Paris (CDG). No US fallback regions, no global CDN routing of your render payloads. Static marketing assets (this page) are served from a global edge — but render API calls are EU-only.
- What happens to a rendered PDF?
- By default, output PDFs live for 24 hours in EU object storage with a signed download URL. After 24 hours, they're cryptographically deleted. You can configure 0-minute retention (instant delete on download) or bring-your-own S3-compatible bucket for permanent storage we don't see.
- Is the source HTML / URL / Markdown stored?
- No. Render input payloads are processed in-memory by render workers and never written to disk. We retain only render-job metadata (timestamp, status, output hash) for billing and audit purposes — not the source content.
- Are the SDKs / API keys open source?
- The OpenAPI 3.1 spec is published. SDKs are not currently open-source. API keys are scoped to a workspace and can be rotated via dashboard or API.
- Do you have a public security.txt or vulnerability disclosure?
- Yes — security.txt at https://pdf.xhub.io/.well-known/security.txt with our PGP key, contact email, and a coordinated disclosure window of 90 days. Bug bounty currently scoped privately to invited researchers.
Need a custom DPA, SOC 2 report, or pen-test results?
Enterprise customers get bespoke compliance documentation under NDA.