// Trust & Security Report

    AskYourPDF Ltd. logo

    AskYourPDF Ltd.

    AI-powered PDF document interaction platform with chat, summarization, form filling, and document library features; available as web app, Chrome extension, mobile app, ChatGPT plugin, and Zotero integration.

    Certifications held

    1

    Maturity

    Startup

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR
    HELD

    From privacy policy: 'For EU/UK residents, AskYourPDF relies on multiple legal bases including consent, contract performance, legitimate interests, legal obligations, and vital interests. Users can exercise data subject access requests and file complaints with relevant authorities.' Platform is 'GDPR compliant, ensuring the highest standards of data security and privacy.' Data hosted in United Kingdom per terms.

    Verify on askyourpdf.com
    > Show 10 unconfirmed / not-held certifications
    SOC 2 Type II
    NOT CONFIRMED

    No vendor-domain evidence found. Security page (https://askyourpdf.com/security-and-compliance) returns 404; blog post 'is-askyourpdf-safe' does not mention SOC 2 certification despite discussing security practices.

    source: askyourpdf.com
    ISO 27001
    NOT CONFIRMED

    No vendor-domain evidence found. Third-party sources claim this, but official AskYourPDF pages do not substantiate the claim.

    source: askyourpdf.com
    HIPAA
    NOT CONFIRMED

    From AskYourPDF Terms & Conditions: 'The platform is not tailored to comply with industry-specific regulations (Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), etc.). If subject to such laws, users may not use the Services.' This is an explicit disclaimer of HIPAA compliance, contradicting third-party claims.

    source: askyourpdf.com
    PCI DSS
    NOT CONFIRMED

    No vendor-domain evidence found. Payment processing delegated to Stripe; PCI responsibility unclear. No specific PCI claim on vendor site.

    source: askyourpdf.com
    FedRAMP
    NOT CONFIRMED

    No vendor-domain evidence found. FedRAMP certification for a 15-person startup without funding is implausible. No documentation on official site.

    source: askyourpdf.com
    CSA STAR
    NOT CONFIRMED

    No vendor-domain evidence found. CSA STAR certification not substantiated on official AskYourPDF pages.

    source: askyourpdf.com
    ISO 27017
    NOT CONFIRMED

    No vendor-domain evidence found.

    source: askyourpdf.com
    ISO 27018
    NOT CONFIRMED

    No vendor-domain evidence found.

    source: askyourpdf.com
    ISO 27701
    NOT CONFIRMED

    No vendor-domain evidence found.

    source: askyourpdf.com
    ISO 42001
    NOT CONFIRMED

    No vendor-domain evidence found. ISO 42001 (AI governance) unlikely for early-stage startup.

    source: askyourpdf.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    United Kingdom (stated in terms: 'Services are hosted in the United Kingdom')

    Privacy policy does NOT explicitly state whether customer data is used for model training. Policy states: 'User input and output are shared with and processed by AI Service Providers (Anthropic and OpenAI) to enable your use of our AI Products' but does not clarify if this enables their model training. Terms state users 'assign to us all intellectual property rights' in user submissions, allowing the company 'unrestricted use and dissemination for any lawful purpose' - this could include training data, but is not explicitly stated.

    // Security controls

    Encryption in Transit

    SSL encryption

    askyourpdf.com

    Encryption at Rest

    Mentioned in general terms but no specific encryption algorithm disclosed

    askyourpdf.com

    Data Deletion

    Users can request deletion of uploaded documents from servers; data is deleted when no longer needed for business purposes

    askyourpdf.com

    Third-Party Data Sharing

    Data shared with: Anthropic (Claude), OpenAI, Stripe (payments), Google Analytics; disclosed in privacy policy

    askyourpdf.com

    Security Audits

    Company claims to conduct regular security audits

    askyourpdf.com

    // Products & data scope

    Web ApplicationSaaS

    data: User uploads PDFs/documents; conversations with AI models; data shared with Anthropic and OpenAI

    Primary product; requires user login; free tier available

    Chrome ExtensionBrowser Extension

    data: Documents accessed in browser context; processed via cloud backend

    Allows in-browser document interaction without separate platform login

    Mobile Apps (iOS/Android)Mobile

    data: Same data scope as web application

    Native apps for smartphone access

    ChatGPT PluginLLM Plugin

    data: Documents processed through ChatGPT/AskYourPDF integration

    Enables PDF interaction within ChatGPT interface

    Zotero IntegrationIntegration

    data: Zotero library documents processed via AskYourPDF

    For academic research workflow integration

    APIDeveloper API

    data: Documents and queries submitted via API

    Developer-focused product for integrations

    // What to watch

    • CRITICAL: Over-claiming on certifications. Third-party vendor risk platforms (Nudge Security) claim HIPAA, FedRAMP, CSA STAR, and other certifications, but AskYourPDF's own terms explicitly disclaim HIPAA compliance and their official security pages do not substantiate other claims.
    • CRITICAL: Unreachable security/compliance page. https://askyourpdf.com/security-and-compliance returns 404, making it impossible to verify claimed certifications.
    • Red flag: Early-stage startup (founded 2023, 15 employees, no funding) claiming enterprise-grade certifications (FedRAMP, SOC 2 Type II) without public documentation.
    • Data training unclear. Terms grant the company 'unrestricted use and dissemination for any lawful purpose' of user submissions, which could include AI training, but this is not explicitly stated in the AI training section of the privacy policy.
    • Data sharing scope. Customer data is processed by and shared with Anthropic and OpenAI; unclear if this includes model training or solely inference processing.
    • HIPAA contradiction: Nudge Security lists AskYourPDF as 'HIPAA Compliant,' but the vendor's own Terms & Conditions explicitly state the platform is 'not tailored to comply with HIPAA' and users subject to HIPAA 'may not use the Services.'
    • No public SOC 2 report available. Despite third-party claims, no SOC 2 Type II report or audit evidence is publicly accessible.
    • Mobile app security posture not documented. Security measures for iOS/Android apps not detailed.

    // At a glance

    Pricing model

    Freemium with paid tiers (Premium, Professional, etc.)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on AskYourPDF Ltd.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    askyourpdf.com

    > Browse all vendor trust reports