Product Info

Everything you need to know about Nitro Products - from product updates and downloads, to user guides and release notes.

Nitro Terms of Service

Revised: June 12th, 2018


1. Your Agreement with Nitro.

You are agreeing to use one or more of Nitro’s cloud-based document management services, which may be referred to individually or collectively herein as the "Service(s)", and/or Nitro’s document management software ("Software"). The Service and the Software may not be error free.  Therefore, You are advised to safeguard important data, to use caution and not to rely on the correct functioning or performance of the Service or Software.  Although Nitro will use reasonable efforts to provide technical support (assuming you have paid any applicable fees), it provides no assurance that any specific errors in the Service or Software will be corrected.

2. License Grant and Restrictions

Subject to the terms and conditions of this Agreement and depending upon whether during sign-up and/or purchase process you have agreed to use the Service and/or the Software on a subscription basis or to receive a perpetual license to use the Software, Nitro grants to You:

  • a non-exclusive, non-transferable license (without right to sublicense) to use the Service and/or Software for the term of this Agreement; and/or
  • a non-exclusive, non-transferable, perpetual license (without right to sublicense) to use the Software.

Except as otherwise specifically permitted in this Agreement, You may not:

  1. modify or create any derivative works of the Service or Software;
  2. copy any portion of the Service or Software;
  3. sublicense or, unless You have signed up for an account that permits more than one user (in which case You agree not to exceed the permitted number of users), permit use of the Service or Software by more than one user;
  4. reverse engineer, decompile, or disassemble or otherwise attempt to derive the source code for the Software (except to the extent applicable laws specifically prohibit such restriction); or
  5. use the Service or Software in a timesharing, hosting or service bureau arrangement, or otherwise transfer rights to the Service or Software.

Any update to the Software provided to You is made on a license exchange basis such that You agree, as a condition for receiving an update, that You will terminate Your use any previous version of the Software. Nitro may automatically check the Service and/or Your version of the Software and may automatically update the Service and/or Software from time to time. You agree to accept such updates subject to this Agreement.

3. Your Account and Use of the Service or Software.

You may be required to create an account to participate in the Service and/or use the Software.  If You are entering into this Agreement on behalf of an entity, You represent and warrant that the entity will utilize the Services and/or Software under a single account. You agree not to impersonate any person or entity or misrepresent Your identity or affiliation with any person or entity, including using another person's username, password or other account information. You are responsible for the security of Your password and for any use of Your account. You also agree to notify us promptly at of any unauthorized use of Your username, password, other account information, or any other breach of security that You become aware of involving or relating to the Service or Software.

If there is a fee associated with your use of the Service or Software, You agree to pay that fee. The fee charged excludes all applicable taxes and currency exchange settlements, unless stated otherwise. You are solely responsible for paying such taxes or other charges. Nitro may suspend or cancel Your access to the Service or Software if Nitro does not receive payment from You. Suspension or cancellation for non-payment may result in a loss of access to and use of Your account. To pay any fees, You will be asked to provide a payment method at the time you sign up with Nitro. You agree to keep your billing account information current at all times. By providing Nitro with Your payment method, You (a) represent that You are authorized to use the payment method that You provided and that any payment information You provide is true and accurate; and (b) authorize Nitro to charge You using Your payment method and to charge You for any paid feature that You choose to sign up for or use while this Agreement is in effect. You acknowledge and agree that Nitro may bill you on a recurring basis for Services that You purchase on a subscription basis. If You take part in any trial offer, You must cancel the Services by the end of the trial period to avoid incurring charges, unless Nitro notifies You otherwise. Nitro may change the price it charges for the Services at any time and will notify You in advance of such changes. If You do not agree to the price change, You must cancel and stop using the Services before the price change takes effect. If there is a fixed term and price for your Services offer, that price will remain in force for that term. Unless otherwise provided by law or by a particular Service offer, all purchases are final and non-refundable.

In Your use of the Service or Software, You agree to comply with all applicable laws and regulations. You shall, in connection with Your use of the Service or Software, comply with all applicable import, export and re-export control laws and regulations of any country, including the U.S. Export Administration Regulations, the U.S. International Traffic in Arms Regulations, Council Regulation (EC) No 428/2009 on the control of exports of dual-use items and technology, and country-specific economic sanctions programs or embargoes adopted against countries or individuals under any applicable national or international legislation, including any measures implemented by the U.S. Office of Foreign Assets Control. For clarity, You are solely responsible for compliance related to the manner in which You choose to use the Service or Software, including Your transfer and processing of Your content via the Service or Software.

For U.S. Government users, the Software is a “Commercial Item(s),” as that term is defined at 48 C.F.R. Section 2.101, consisting of “Commercial Computer Software” and “Commercial Computer Software Documentation,” as such terms are used in 48 C.F.R. Section 12.212 or 48 C.F.R. Section 227.7202, as applicable. Consistent with 48 C.F.R. Section 12.212 or 48 C.F.R. Sections 227.7202 1 through 227.7202 4, as applicable, the Commercial Computer Software and Commercial Computer Software Documentation are being licensed to U.S. Government users (a) only as Commercial Items and (b) with only those rights as are granted to all other end users pursuant to the terms and conditions of this Agreement.

You agree that You will not:

  1. violate, infringe, or misappropriate other people's intellectual property, privacy or other legal rights;
  2. post or share anything that is illegal, abusive, harassing, or otherwise objectionable;
  3. transmit any viruses or other computer instructions or technological means that disrupt, damage, or interfere with the use of computers or related systems; or
  4. attempt to circumvent any technological measure implemented by Nitro.

You represent that You have either reached the age of “majority” where You live or have valid parent or legal guardian consent to be bound by the terms of this Agreement. If You do not know whether You have reached the age of majority where You live, or do not understand this section, please do not create an account with Nitro before You have asked your parent or legal guardian for help. If You are the parent or legal guardian of a minor that creates an account with Nitro, You accept this Agreement on the minor’s behalf and agree to be responsible for all use of the corresponding account.

Nitro will treat Your data and information regarding your use of the Service and/or Software in accordance with this Agreement and its Privacy Policy published at, as may be amended from time to time.

You may not access the Service other than through the interfaces provided by Nitro or interfere with or disrupt the proper operation of the Service.

4. Support and Updates

Subject to Licensee’s payment of the corresponding fees (if any), Nitro shall provide reasonable technical support. Licensee shall provide Nitro with such technical information and assistance as Nitro may reasonably request in order for it to provide support. Subject to Licensee’s payment of the corresponding fees (if any), Nitro shall provide the Licensee with updates, enhancements and maintenance modifications as they become available.

5. Feedback/Use of Licensee’s Name

You agree, at your sole discretion, to provide to Nitro suggestions, comments and feedback regarding the Service or Software, including but not limited to usability and bug reports (collectively, "Feedback"). If You provide such Feedback to Nitro, You hereby grant Nitro the following worldwide, non-exclusive, perpetual, irrevocable, royalty free, fully paid up rights to:  make, use, copy, modify, sell, distribute, publicly perform or display, sublicense (including the right to sublicense to further third parties), and create derivative works of the Feedback as part of any Nitro product, technology, service, specification or documentation (individually and collectively, "Nitro Products").  You warrant that Your Feedback is not subject to any license or other terms that would purport to require Nitro to comply with any additional obligations with respect to any Nitro Products that incorporate any Feedback.

Nitro may use Licensee’s name and/or logos to identify Licensee as a Nitro licensee in its general marketing materials or otherwise.

6. Unauthorized Use

You agree to use reasonable efforts to cooperate with and assist Nitro in identifying and preventing any unauthorized use, copying, or disclosure of the Service or the Software.

7. Nitro Proprietary Rights

Nitro and any of its licensors own all proprietary rights in and to the Service and the Software.  The Service and any Software provided to you is licensed and not sold.  Except as expressly provided herein, Nitro retains all rights and does not grant any express or implied right to You under any Nitro patents, copyrights, trademarks, or trade secret information.

8. Modification and Termination of the Service

Nitro may place limits on, modify, suspend or terminate the Service generally, may remove or disable access to any content posted by You in using the Service and may suspend or terminate Your use of the Service or terminate this Agreement at any time, including as a result of Your use of the Service that Nitro reasonably deems to be excessive, which may include usage that substantially and repeatedly exceeds the typical levels of usage by other users of same category/tier of Service. Notwithstanding anything else in this Agreement, this suspension or termination may result in the immediate deletion of Your documents, information, files, and other previously available content.  Nitro is under no obligation to return any content to you. If Nitro terminates the Service, Your use of the Service or this Agreement, the rights and licenses granted to You under this Agreement shall immediately terminate (except that You may continue to use any Software as provided in Section 2(ii) in all instances other than termination of this Agreement as a result of Your breach) and You shall immediately cease using the Service.  In addition to those provisions that survive according to their terms, Sections 3 through 15 shall continue to be effective after termination of this Agreement. If Nitro terminates the Service, Your use of the Service or this Agreement, the rights and licenses granted to You under this Agreement shall immediately terminate (except that You may continue to use any Software licensed on a perpetual basis as provided in Section 2 in all instances other than termination of this Agreement as a result of Your breach) and You shall immediately cease using the Service. In addition to those provisions that survive according to their terms, Sections 3 through 15 shall continue to be effective after termination of this Agreement.

9. Changes to this Agreement

Nitro may change this Agreement and will post the modified agreement (which shall then become the Agreement) on Nitro’s website. Therefore, Nitro encourages you to check the terms of this Agreement from time to time to see if they have been updated. If You do not agree to the modified agreement, Your sole recourse is to stop using the Service and/or Software. Your continued use of the Service or Software after the date the modified agreement is posted will constitute Your acceptance of the modified agreement.

10. Indemnification by Nitro

During the Term, Nitro shall defend, indemnify and hold harmless Licensee and its officers, directors, employees, Users, successors and assigns, from and against any and all losses, damages, liabilities, settlements, reasonable costs and expenses resulting from or arising out of any third-party claim, demand, or cause of action which alleges that the Licensed Products infringe any duly issued patent, copyright or trademark or misappropriate any trade secret right of a third party (“Claim”). Licensee shall provide Nitro with prompt written notice of any Claim and permit Nitro to control the defense, settlement, adjustment or compromise of such Claim. Licensee shall have no authority to settle any Claim on behalf of Nitro. In addition, in the event use of the Licensed Products during the Term becomes, or in Nitro’s reasonable opinion is likely to become, the subject of a claim of infringement as outlined in this Section 10, Nitro may, at its option and expense: (a) obtain for Licensee the continuing right to use such Licensed Products; or (b) modify the Licensed Products or replace them with a substantially functional equivalent so that they no longer infringe; or (c) if neither (a) nor (b) is reasonably practicable, terminate Licensee’s license to such allegedly infringing Services and/or Software and refund to Licensee any unused pre-paid fees paid to Nitro, in which case this Agreement and Licensee’s right to use the Services and/or Software will terminate. This Section 10 states Nitro’s entire liability and Licensee’s exclusive remedy with respect to any claim of intellectual property infringement.

11. Indemnification by Licensee

You will defend, indemnify and hold harmless Nitro, its affiliates, and their respective officers, directors, employees, agents, licensors and any third-party providers, from and against all claims, losses, damages and costs, including reasonable attorneys’ fees, arising from any third-party claim against Nitro related to Your use of the Service or Software, including any document or content You submit to the Service.

12. Exclusion of Warranties


13. Limitation of Liability



14. Ethical Business Conduct

Nitro is committed to integrity and high standards of business conduct in everything it does, especially in its dealings with its customers, suppliers and contractors. As a result, Nitro supports and agrees to abide by the following principles:

  1. to obey the applicable laws and regulations governing its business conduct worldwide, including in its hiring practices and laws and regulations related to anti-discrimination and forced, compulsory or child labor;
  2. to be honest, fair and trustworthy in its relationships and not to engage in corruption in any form, including extortion and bribery; and
  3. to strive to create a safe workplace and to protect the environment and through leadership at all levels, to sustain a culture where ethical conduct is recognized and valued.

15. General Legal Terms

This Agreement is the entire agreement between You and Nitro related to the Service and/or Software, replacing any prior agreements.  Nitro's licensors may be third party beneficiaries to this Agreement.  There are no other third-party beneficiaries to this Agreement. The parties to this Agreement are independent contractors, and nothing in this Agreement creates an agency, partnership, or joint venture.  You shall not assign this Agreement, by operation of law or otherwise.  Nitro may assign this Agreement, subject to all of the terms of this Agreement.

Failure to enforce any provision will not constitute a waiver of that provision. If any provision of this Agreement is found unenforceable, it and any related provisions will be interpreted to best accomplish the unenforceable provision's essential purpose and, in any event, the remainder of the Agreement shall be unaffected.  The prevailing party in any action or proceeding to enforce its rights hereunder shall be entitled to recover reasonable attorneys’ fees and other reasonable costs incurred in the action or proceedings.

You may only resolve disputes with Nitro on an individual basis, and may not bring a claim as a plaintiff or a class member in a class, consolidated, or representative action.

This Agreement shall be governed by California law without regard to any conflict of laws principles.

Privacy Policy

Effective: March 9th, 2021

Welcome to the website of Nitro Software, Inc. (“Nitro”, “we”, “us” and/or “our”). Data privacy is important and we have prepared this Privacy Policy to explain how we collect, use, protect and disclose data when you use any Nitro services which includes this website and any site ("Site(s)"); software provided by Nitro ("Software"); or services offered by Nitro (collectively, "Services"). "You" refers to you as a user of the Site or Services. We draw your attention in particular to the sections entitled “International Data Transfer” and “Data Subject’s Rights”.

We will only process your personal data in accordance with applicable data protection and privacy laws. For the purpose of UK and European Union (“EU”) data protection legislation, the data controller is Nitro Software, Inc. of 150 Spear St STE 1850, San Francisco CA 94105.

We need certain personal data in order to provide you with access to the Services. If you created a profile, registered an account, downloaded software or provided information to us, you will have been asked to explicitly consent to our Terms of Service and Privacy Policy in order to access our Services, purchase our products and/or view our content. This consent provides us with the legal basis we require under applicable law to process your data. If you do not agree to our use of your personal data in line with this Policy, please do not use our Services.


We may update this Privacy Policy to reflect changes to our data practices. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest data on our privacy practices. Please note the effective date listed at the beginning of the Privacy Policy. If we make any material change(s) to the Privacy Policy, we will post a notice on our Site prior to such changes(s) taking effect.

If you disagree with any changes to the Privacy Policy and do not wish to be subject to the revised Privacy Policy, you need to deactivate your account and stop using Nitro services.

Data Collected

Personal Data:

We collect information about you in a range of forms, including personal data. As used in this Privacy Policy, “personal data” is as defined in the General Data Protection Regulation EU 2016/679 and any successor legislation, this includes any information which, either alone or in combination with other information we hold about you, identifies you as an individual, including, for example, your name, email address and telephone number.

Nitro collects personal data from users to provide services. Throughout standard use of the Site or Services, we collect some or all of the following:

  • Account Data: Name, business name, title, phone number, billing address, email, password, and avatar
  • Financial Data: Credit card data (number, expiration, and security code)
  • Single Sign-On: Nitro supports enterprise SSO with SAML 2.0-enabled identity providers. If your users log in through enterprise SSO, we collect data from the SAML provider regarding your account (with your express consent)

Sensitive Data

Nitro does not require or use sensitive data like: racial or ethnic origin, political affiliation or opinions, religious or philosophical beliefs, trade union membership, health data, sexual orientation, criminal convictions, or genetic or biometric data. Subject to the following paragraph, we ask that you not send us, and/or disclose, any such sensitive personal data.

If you send or disclose any sensitive personal data to us when you submit user generated content to our Services, you consent to our processing and use of such sensitive personal data in accordance with this Policy. If you do not consent to our processing and use of such sensitive personal data, you must not submit such user generated content to our Services.

Document Data

The Sites, Software, and Services provide capabilities to users to upload and manipulate documents. The user is responsible for and owns the content of the documents. Nitro does not alter the content of documents. By content, we are referring to text, graphics, and/or images within the document that are human readable and convey the meaning of the document to a person reading it. Occasionally, we will have to alter the formatting of the document to show it on the Sites (i.e. on Mobile devices) or in the Software, but there will be no material change to the content within the document.

You are responsible for who you choose to share documents with via the Site, Software, and/or Services’ collaboration functionality. When collaborating on documents, users you grant access to will be able to view that content and download the document (even if you delete that document at a later date). Additionally, if a collaborator signs, reviews, or marks-up the document, that collaborator owns a different version of that document which contains the collaborator's changes. If you access or collaborate on a document owned by another individual, you are responsible for the content you provide on or about the document. Also, by sharing documents with other parties, those parties own a version of the document which mean they may then share and retain the document even after the original owner deletes the document.

When storing documents on the Sites, Software, and Services, Nitro collects the following data:

  • Document Metadata: Name, size, email address of user uploading document, meta data about the structure of the document, and standard metadata provided by the standard used to create the document (PDF, DOC, XLS, etc.).
  • Document Sharing: E-mail address and name of users who you wish to share the document.
  • Document Content: The contents of documents stored in the Site, Software, or Services.

User Generated Content

You may share personal data with us when you submit user generated content to our Services, including via our forums, message boards and blogs on our Sites. Please note that any information you post or disclose on our Site will become public information, and will be available to other users of our Site and to the general public. We urge you to be very careful when deciding to disclose your personal data, or any other information, on our Site. Such personal data and other information will not be private or confidential once it is published on our Site.

Use of Data

For the types of processing that are needed to provide the Services, we rely on the necessity of our processing of your information for the performance of the Services (governed by the Terms of Service) as a legal ground to collect and use your data in accordance with this Privacy Policy. For all other types of processing carried out under this Privacy Policy, we rely on our legitimate interests as a legal ground to collect and use your data in such ways.

Nitro uses data provided through the use of our Sites, Software, and Services to provide services for which Nitro was engaged. The data may be used for a variety of functions, including:

  • Provide, monitor, maintain and improve the Software, Site and Services
  • Register for and enable access to the Software, Site and Services
  • Purchase services and contact you in case a purchase request cannot be fulfilled
  • Manage documents (including upload, download, convert, and edit)
  • Collaborate and share files with others you designate which involves the Site sending emails on your behalf
  • Deliver services you request
  • Provide audit data to you and others who you grant access to via document collaboration
  • Recommend actions to you based on usage activity and document content; including testing and training algorithms used to provide these services
  • With your consent, personalize and customize the Site and Services by improving content, features, and/or advertisements based on your interests and preferences
  • Send push notifications that update you on activities initiated within the Site and Services
  • Send you related data (including confirmation of services requests and/or purchases)
  • Provide customer support (comments, questions, and requests for support along with support responses)
  • With your consent, provide data about services (newsletters, surveys, offers, promotions, contests, events, customer testimonials, case studies, and data about Nitro)
  • Monitor and analyze trends in connection with the Site and Services for marketing and advertising purposes
  • Investigate potential illegal activities (fraudulent transactions, unauthorized access, and/or other illegal activities)
  • With your consent, link or combine with other data from 3rd Parties to understand your needs and preferences
  • Diagnose unexpected issues that occur within the Site and Services

Activity Data

Activity Data includes data about how users interact with our Site, Software, or Services. Data in this category includes:

  • Browser Technologies: Cookies, beacons, tags and scripts
  • Device Data: Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. For mobile devices, we may additionally collect device identifiers. If printing, we may collect device data about the printer like: Driver, Printer ID, Brand, Make, Model, and other data accessible through the print driver. We may collect this information about you using cookies. Please refer to the sections on Cookies and Pixel Tags below.
  • Local Shared Objects: Cookie Preferences
  • Usage Data: We monitor user activity and collect data about the features you use
  • Information from Social Networking Sites. Our Services include interfaces that allow you to connect with social networking sites (each an “SNS”). If you connect to an SNS through our Services, you authorize us to access, use and store the information that you agreed the SNS could provide to us based on your settings on that SNS. We will access, use and store that information in accordance with this Privacy Policy. You can revoke our access to the information you provide in this way at any time by amending the appropriate settings from within your account settings on the applicable SNS.
  • Information We Get from Others. We may also get information about you from other sources, for example, if you have agreed to share information with one of our partners or other third parties, we may add this to information we get from our Services.


What are cookies?

We may collect information using “cookies”. Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Services.

We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when it revisits our Services; and (2) third party cookies, which are served by service providers on our Services, and can be used by such service providers to recognize your computer or mobile device when it visits other websites.

Cookies we use

Our Services uses the following types of cookies for the purposes set out below:

Type of cookie Purpose
Essential Cookies

These cookies are essential to provide you with services available through our Services and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Services and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.

Functionality Cookies

These cookies allow our Services to remember choices you make when you use our Services, such as remembering your language preferences, remembering your login details and remembering the changes you make to other parts of our Services which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Services.

Analytics and Performance Cookies

These cookies are used to collect information about traffic to our Services and how users use our Services. The information gathered does not identify any individual visitor. The information is aggregated and therefore anonymous. It includes the number of visitors to our Services, the websites that referred them to our Services, the pages that they visited on our Services, what time of day they visited our Services, whether they have visited our Services before, and other similar information. We use this information to help operate our Services more efficiently, to gather broad demographic information and to monitor the level of activity on our Services.

We use Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how our Services works. You can find out more information about Google Analytics cookies here:

You can find out more about how Google protects your data here

You can prevent the use of Google Analytics relating to your use of our Services by downloading and installing the browser plugin available via this link:

Targeted and advertising cookies

These cookies track your browsing habits to enable us to show advertising which is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, and with our permission, third party advertisers can place cookies to enable them to show adverts which we think will be relevant to your interests while you are on third party websites.

You can disable cookies which remember your browsing habits and target advertising at you by visiting If you choose to remove targeted or advertising cookies, you will still see adverts but they may not be relevant to you. Even if you do choose to remove cookies by the companies listed at the above link, not all companies that serve online behavioral advertising are included in this list, and so you may still receive some cookies and tailored adverts from companies that are not listed.

Social Media Cookies

These cookies are used when you share information using a social media sharing button or “like” button on our Services or you link your account or engage with our content on or through a social networking website such as Facebook, Twitter or Google+. The social network will record that you have done this.

At this time, Nitro does not recognize "do not track" (DNT) signals.

You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings”, “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.

Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit and

If you do not accept our cookies, you may experience some inconvenience in your use of our Services. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Services.

Pixel Tags

We may also use pixel tags (which are also known as web beacons and clear GIFs) on our Services to track the actions of users on our Services. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of the Services, so that we can manage our content more effectively. The information we collect using pixel tags is not linked to our users’ personal data.


Generally. We may use other companies to serve third-party advertisements when you visit and use the Services. These companies may collect and use click stream information, browser type, time and date, subject of advertisements clicked or scrolled over during your visits to the Services and other websites in order to provide advertisements about goods and services likely to be of interest to you. These companies typically use tracking technologies to collect this information. Other companies' use of their tracking technologies is subject to their own privacy policies.

Targeted Advertising. In order to serve offers and advertisements that may interest you, we may display targeted advertisements on the Services, or other digital properties or applications in conjunction with our content based on information provided to us by our users and information provided to us by third parties that they have independently collected. We do not provide personal data to advertisers when you interact with an advertisement.

Your Ad Choices. Some of the third-party service providers and/or Advertisers may be members of the Network European Interactive Digital Advertising Alliance ("EDAA") Self-Regulatory Program for Online Behavioral Advertising. To learn more, visit which provides information regarding targeted advertising and the "opt-out" procedures of EDAA members.

Mobile. We may, from time to time, offer certain location or pinpoint based services, such as location assisted navigation instruction. If you elect to use such location-based services, we must periodically receive your location in order to provide such location-based services to you. By using the location-based services, you authorize us to: (i) locate your hardware; (ii) record, compile and display your location; and (iii) publish your location to third parties designated by you by means of location publication controls available within the applications (for example, settings, user preferences). As part of the location-based services, we may also collect and store certain information about the users who elect to use such location-based services, such as a device ID. This information will be used to provide you the location-based services. We may use third-party providers to help provide location-based services through mobile systems and we may give the information to such providers to enable them to provide their location-based services, provided that such providers use the information in accordance with this Policy.

International Data Transfer

Your information, including personal data that we collect from you, may be processed and transferred within and to the United States and other countries and territories which may have different privacy laws from your country of residence. Nitro is compliant with the EU General Data Protection Regulation (GDPR).

Nitro adheres to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, although Nitro does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of personal data in light of the judgment of the Court of Justice of the EU in Case C-311/18. Nor do we rely on the Swiss-U.S. Privacy Shield Framework in light of the policy paper of the Swiss Federal Data Protection and Information Commissioner of September 8, 2020. To learn more, visit the U.S. Department of Commerce’s Privacy Shield website.

Nitro takes data privacy seriously and monitors the regulatory landscape with regards to data privacy. As new regulations evolve, Nitro will evaluate those regulations and, in good faith, evolve our Data Privacy procedures appropriately.

Sharing and Disclosure

We will share or sell your personal data with third parties only in the ways that are described in this Privacy Policy. We do not sell your personal data to third parties except as described in this Privacy Policy (see the "Business Transfers" section below).

We may provide your personal data to companies that provide services to help us with our business activities, such as shipping your order or offering customer service. These companies are authorized to use your personal data only as necessary to provide these services to us. We may disclose personal data when the disclosure:

  • is required by law; or
  • has been consented to by you.

Other ways Nitro shares personal data are:

  • Collaboration and Sharing: Nitro offers collaboration features built into the Site and Services which allow you to share documents (read-only or full edit capabilities) with others you explicitly choose. Collaboration and sharing allows others to view the content of the document you choose to share in addition to the activity data pertaining to the shared document (views, edits, etc.). You can set permissions and revoke access through your Nitro account. If you share a document with another party, that party can download the document as long as they have access to it. Additionally, you may choose to create a public link and send that link to others. If you create a public link, anyone with that link can access in read-only mode and download it.

  • Business Accounts: If you are an individual user and the domain of your e-mail address associated with your account is owned by your employer and that employer has established a Nitro Business account, the data concerning use of your individual account (including access to personal data, usage data and document content) are accessible to that organization.

  • External Storage: The Sites, Software, and Services allow users to save documents to third party storage providers like: Box, Dropbox, OneDrive, SharePoint 365 and many others offering a storage API. When saving documents externally, Nitro sends document meta data (like, name and size) along with the contents of the document to the storage provider. If documents are saved externally to Nitro, you are subject to such third parties' privacy policy and terms and conditions. We recommend you read their privacy policies before you submit any data to them.

  • Ads: We partner with third party ad networks to either display advertising on our Sites or to manage our advertising on other sites. Our ad network partner uses cookies and Web beacons to collect non-personally identifiable data about your activities on the Sites and other Web sites to provide you targeted advertising based upon your interests.

  • Business Transfers: In the event Nitro goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personal data will likely be among the assets transferred. You will be notified via email (sent to the e-mail address specified in your account) or prominent notice on our Site of any such change in ownership or control that affects your personal data.

  • Aggregated and Anonymized Data: We also share aggregated and anonymized data with partners which does not directly identify individuals. We may create anonymous data from the personal data we receive about you and other individuals whose personal data we collect. Anonymous data might include analytics information and information collected by us using cookies.  We make personal data into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you.  We use this anonymous data to analyse usage patterns in order to make improvements to our Services.


We will take reasonable precautions to protect your personal data from loss, misuse or alteration. This includes both physical and technological security measures. We follow generally accepted industry standards (e.g. encryption at rest and in transit, access control policies, etc.) to protect the personal data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security and you agree that you submit data to us at your own risk. When you enter personal data on our order forms, we encrypt the transmission of that data using transport layer security (TLS).

Out of Scope

Some actions initiated within the Site and Services link to external sites. Additionally, those actions may result in data appearing on forums that are public and/or not subject to the Privacy Policy.

  • Frames: Some of our pages utilize framing techniques to serve content from our partners while preserving the look and feel of our Sites. Please be aware that you are providing your personal data to these third parties and not to Nitro.

  • Social Media Widgets: Our Sites include social media features, such as the Facebook “Like” button and Widgets, the “Share this” button or interactive mini-programs that run on our Sites. These features may collect your IP address, which page you are visiting on our Sites, and may set a cookie to enable the feature to function properly. Social media features and Widgets are either hosted by a third party or hosted directly on our Sites. Your interactions with these features are governed by the privacy policy of the company providing it.

  • Customer Testimonials: We may post customer testimonials/comments/reviews on our Site which may contain personal data. We obtain the customer's consent, prior to posting the testimonial, to post the customer’s name along with the customer’s testimonial. If you would like to have us remove any of your comments, please contact us.

  • Forum and Blog Content: Our Site may offer publicly accessible blogs or community forums. You should be aware that any data you provide in these areas may be read, collected, and used by anyone who has access to them. To request removal of your personal data from our blog or community forum, please contact us at

  • Forum and Blog Comments: Our blog is also managed by a third-party application that may require you to register to post a comment. We do not have access to or control of the data posted to the comments. You will need to contact or login to the third-party application if you want the personal data that was posted to the comments section removed. To learn how the third-party application uses your data, please review the third party’s privacy policy.

Children's Privacy

We do not knowingly collect personal data from children under the age of 16. By using the Site, Software, and/or Services, the user asserts they are over 16 years of age. If we become aware that we have inadvertently received personal data from a child under the age of 16, we will delete such data from our records.

Data Subject's Rights

Nitro takes privacy seriously. If you have any concerns regarding our handling of your Personal, Sensitive, or Document Data, we encourage you to contact us (details below in the 'Contact Us' section). Additionally, Nitro acknowledges you have the following rights with regards to your personal data.

  • You may raise a complaint to the relevant supervisory authority in your EU Member State (and/or to the EU Data Protection Agency)
  • You have the right to object to or restrict the processing of your personal data. If you wish to restrict or object, please follow the procedures stated in the 'Opt-out' section above.
  • If consent to process is granted, you may withdraw your consent to process personal data. To withdraw consent follow the steps detailed in the 'Opt-out' section above.

Data Access Rights

Nitro collects a variety of information via the use of the Site, Software, and/or Services at the direction of users. If you have concerns about your personal data being processed, or if you seek access or want to correct, amend, or delete inaccurate data, please contact us at and we will work with you to respond to your request in a reasonable timeframe.


If you have concerns or inquiries regarding the handling of your personal, document, and/or activity data, please contact us at Nitro will respond within a reasonable timeframe. If, after contacting us, we fail to adequately address your concern please contact the dispute resolution provider, Data Protection Commissioner of Ireland at, at no cost to you.

For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in any event, within one month of your request. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion.


We are committed to resolve any complaints about our collection or use of your personal data. If you would like to make a complaint regarding this Privacy Policy or our practices in relation to your personal data, please contact us using the “Contact Us” section below. We will reply to your complaint as soon as we can and in any event, within 45 days.

Privacy Shield Statements

Nitro complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Nitro has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit

In compliance with the Privacy Shield Principles, Nitro commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Nitro by going to the "Contact Us" webpage on this Site or contacting us at or at the address below.

Nitro Software, Inc
150 California Street, STE 1850
San Francisco, CA 94105
Attn: Privacy

Nitro has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.

  • Nitro is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
  • In instances where other redress possibilities have been exhausted under EU law, or where the complaint has not been resolved by any other means, Nitro will provide EU end users a binding arbitration option before the Privacy Shield Panel. Nitro acknowledges that any final decision by the Privacy Shield Panel is a legally binding decision, enforceable in US courts.
  • Nitro may disclose data in response to lawful requests by public authorities, and to meet national security or law enforcement requirements.
  • If required at some point in the future, to effectively process data on behalf of a client to serve the client's needs, Nitro may need to share that data with certain third parties or sub-processors. In such instances, Nitro will execute any needed contracts, clauses or addendums to ensure that any third-party agents that it engages to process personal data does so in a manner that is consistent with the Privacy Shield Principles.
  • Nitro does not currently transfer personal data, received pursuant to the EU-U.S. Privacy Shield Framework, to third party agents. However, if personal information of EU individuals is transferred to third parties in the future, Nitro is potentially liable.

Contact us

If you require more detailed data about our data handling practices please let us know by going to the “Contact Us” webpage on this Site or contacting us at or at the address below.

Nitro Software, Inc
150 Spear Street, STE 1850
San Francisco, CA 94105
Attn: Privacy

Nitro PDF Pro Refund Policy

As a customer, your satisfaction and success are the motivation for all we do—which is why we’ll always do everything we can to ensure we make working with documents smarter and easier for you. If, however, you feel like Nitro doesn’t fulfill your needs, we’re here to help make things right.

Try before you buy

We understand you want the perfect fit and that’s why we offer a trial version of Nitro Pro. During this trial you can test all the functionality of the software to be sure it suits your needs and desires.

To ensure Nitro PDF Pro is the perfect fit, you can experience all of Nitro Pro’s powerful features in our free 14-day trial. You’ll also have access to our User Guide, Knowledge Base, and Community Forum to help you maximize your trial and answer any questions you may have.

Experience the Nitro difference for yourself by downloading your free trial today.

Refunds for online customers

You may be approved for a refund if you purchased Nitro from our online store at and one of the following conditions applies:

  • The product is proven to be defective by Nitro’s technical support department.
  • Duplicate orders were made at Nitro’s online store.

While these conditions are guidelines, all refunds are made at Nitro’s sole discretion.

How to apply for a refund

We’re sorry to hear that Nitro wasn’t the perfect fit for your needs. If the conditions listed above apply to you, please follow this step-by-step guide to apply for a refund:

  1. If you have already activated your Nitro PDF Pro license, please deactivate it by going to Help tab > About Nitro Pro. Please refer to the following Knowledge Base article for detailed steps on how to deactivate Nitro Pro:
  2. Once your Nitro PDF Pro license has been deactivated, please click below to contact our Support team and specify the details of your refund request.
Request a refund

Note: We will notify you when we have processed your refund request or if we need additional information. Once your request has been processed, please allow 5–8 business days for the refund to appear in your account.

Refunds for business and reseller customers

If you purchased Nitro PDF Pro directly through a Nitro sales representative or reseller, please reach out to your Account Executive or reseller to discuss potential refund options.

Do Not Sell My Personal Information

Please be advised that Nitro do not, and has not, sold any personal information. See Nitro's privacy policy here. Likewise, Nitro do not have any future plans to sell personal information. Should you have any questions or concerns about how Nitro handles personal information, please contact us at or at the following address:

Nitro Software, Inc

150 Spear Street, STE 1850

San Francisco, CA 94105

Attn: Privacy


Nitro Software, Inc.(“Nitro”) uses certain subprocessors to assist in providing our Services. We use service providers that may store and process personal data about you and your end users (each, a "Sub-Processor"). This page provides important information about the identity, location, and role of these material Sub-Processors. Terms used on this page but not defined have the meaning set forth in our Terms of Service agreement (the "Agreement").

The following table identifies the Subprocessors used by Nitro, the function that may be provided, and the location where such subprocessing activities are performed.

Name Function Corporate Location
Amazon Web Services Infrastructure Germany
Oracle America Billing United States Customer Relationship Management / Support United States
Marketo Marketing Tool United States
Google Analytics United States
Stripe Payment Processing United States
Microsoft Infrastructure United States
CyberSource Payment Processing United States
Intercom Customer Communication United States
Gong Call Recording United States
Salesloft Customer Relationship Management United States
Slack Collaboration and Communication United States

As our business and technical requirements change, we may from time to time remove or add Subprocessors, or we may engage an existing Subprocessor to perform additional services for us, if we believe that doing so will enhance our ability to deliver the Nitro Service. We will periodically update this page to reflect changes to our Subprocessors. If you have any questions about our subprocessing activities, please contact

The following entities are members of Nitro Group Companies:

Nitro Group Member Name Country
Nitro Software EMEA Limited Ireland
Nitro Software Limited Australia
Nitro Software Canada Limited Canada


This Data Processing Addendum (“DPA”) forms part of the Nitro Business Terms of Service and Nitro Terms of Services governing the use of Nitro’s services. (“Agreement”) entered by and between you, the Customer (collectively, “Individual”, “Entity”, “Licensee”) and Nitro Software Inc. (“Nitro”) to reflect the parties’ agreement with regard to the Processing of Personal Data by Nitro solely on behalf of the Customer. Both Parties shall be referred to as the “Parties” and each, a “Party”.

1. Definitions

For purposes of this DPA, the terms below have the meanings set forth below. Capitalized terms that are used but not defined in this DPA have the meanings given in the Agreement.

(a) Affiliate means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity, where “control” refers to the power to direct or cause the direction of the subject entity, whether through ownership of voting securities, by contract or otherwise.

(b) Applicable Data Protection Laws means the privacy, data protection and data security laws and regulations of any jurisdiction applicable to the Processing of Personal Data under the Agreement, including, without limitation, European Data Protection Laws and the CCPA.

(c) CCPA means the California Consumer Privacy Act of 2018 and any regulations promulgated thereunder.

(d) Customer Data means information provided or made available to Nitro for Processing on Customer’s behalf to perform the Services.

(e) EEA means the European Economic Area.

(f) European Data Protection Laws means the GDPR and other data protection laws and regulations of the European Union, its Member States, Switzerland, Iceland, Liechtenstein, Norway and the United Kingdom, in each case, to the extent applicable to the Processing of Personal Data under the Agreement.

(g) GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, as amended from time to time.

(h) Information Security Incident means a breach of Nitro’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data in Nitro’s possession, custody or control. Information Security Incidents do not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, or other network attacks on firewalls or networked systems.

(i) Personal Data means Customer Data that constitutes “personal data,” “personal information,” or “personally identifiable information” defined in Applicable Data Protection Law, or information of a similar character regulated thereby, except that Personal Data does not include such information pertaining to Customer’s personnel or representatives who are business contacts of Nitro, where Nitro acts as a controller of such information.

(j) Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(k) Security Measures has the meaning given in Section 5(a) (Provider’s Security Measures).

(l) Standard Contractual Clauses means the mandatory provisions of the standard contractual clauses for the transfer of personal data to processors established in third countries in the form set out by European Commission Decision 2010/87/EU.

(m) Subprocessors means third parties that Nitro engages to Process Personal Data in relation to the Services.

(n) Third Party Subprocessors has the meaning given in Section 5 (Subprocessors) of Annex 1.

(o) The terms controller, data subject, processor and supervisory authority as used in this DPA have the meanings given in the GDPR.

2. Duration and Scope of DPA

(a) This DPA will remain in effect so long as Nitro Processes Personal Data, notwithstanding the expiration or termination of the Agreement.

(b) Annex 1 (EU Annex) to this DPA applies solely to Processing subject to European Data Protection Laws. Annex 2 (California Annex) to this DPA applies solely to Processing subject to the CCPA if Customer is a “business” or “service provider” (as defined in CCPA) with respect to such Processing.

3. Customer Instructions

Nitro will Process Personal Data only in accordance with Customer’s instructions to Nitro. This DPA is a complete expression of such instructions, and Customer’s additional instructions will be binding on Nitro only pursuant to an amendment to this DPA signed by both parties. Customer instructs Nitro to Process Personal Data to provide the Services as contemplated by this Agreement.

4. Analytics

Customer acknowledges and agrees that, as a part of the Services, Nitro may create and derive from Processing related to the Services anonymised and/or aggregated data that does not identify Customer or any natural person, and use, publicise or share with third parties such data to improve Nitro’s products and services and for its other legitimate business purposes.

5. Security

(a) Provider Security Measures. Nitro will implement and maintain technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data (the “Security Measures”) as described in Annex 3 (Security Measures). Nitro may update the Security Measures from time to time, so long as the updated measures do not decrease the overall protection of Personal Data.

(b) Information Security Incidents. Nitro will notify Customer without undue delay of any Information Security Incident of which Customer becomes aware. Such notifications will describe available details of the Information Security Incident, including steps taken to mitigate the potential risks and steps Nitro recommends Customer take to address the Information Security Incident. Nitro’s notification of or response to an Information Security Incident will not be construed as Nitro’s acknowledgement of any fault or liability with respect to the Information Security Incident.

(c) Customer’s Security Responsibilities and Assessment (i) Customer’s Security Responsibilities. Customer agrees that, without limitation of Nitro’s obligations under Section 5 (Security), Customer is solely responsible for its use of the Services, including (a) making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of the Personal Data; (b) securing the account authentication credentials, systems and devices Customer uses to access the Services; (c) securing Customer’s systems and devices that Nitro uses to provide the Services; and (d) backing up Personal Data. (ii) Customer’s Security Assessment. Customer agrees that the Services, the Security Measures and Nitro’s commitments under this DPA are adequate to meet Customer’s needs, including with respect to any security obligations of Customer under Applicable Data Protection Laws, and provide a level of security appropriate to the risk in respect of the Personal Data.

6. Data Subject Rights

(a) Nitro’s Data Subject Request Assistance. Nitro will (taking into account the nature of the Processing of Personal Data) provide Customer with assistance reasonably necessary for Customer to perform its obligations under Applicable Data Protection Laws to fulfill requests by data subjects to exercise their rights under Applicable Data Protection Laws (“Data Subject Requests”) with respect to Personal Data in Nitro’s possession or control. Customer shall compensate Nitro for any such assistance at Nitro’s then-current professional services rates, which shall be made available to Customer upon request.

(b) Customer’s Responsibility for Requests. If Nitro receives a Data Subject Request, Nitro will advise the data subject to submit the request to Customer and Customer will be responsible for responding to the request.

7. Customer Responsibilities

(a) Customer Compliance. Customer shall comply with its obligations under Applicable Data Protection Laws. Customer shall ensure (and is solely responsible for ensuring) that its instructions in Section 3 comply with Applicable Data Protection Laws, and that Customer has given all notices to, and has obtained all such notices from, individuals to whom Personal Data pertains and all other parties as required by applicable laws or regulations for Customer to Process Personal Data as contemplated by the Agreement.

(b) Prohibited Data. Customer represents and warrants to Nitro that Customer Data does not and will not, without Nitro’s prior written consent, contain any social security numbers or other government-issued identification numbers; biometric information; passwords for online accounts; credentials to any financial accounts; tax return data; credit reports or consumer reports; any payment card information subject to the Payment Card Industry Data Security Standard; information subject to the Gramm-Leach-Bliley Act, Fair Credit Reporting Act or the regulations promulgated under either such law; information subject to restrictions under Applicable Data Protection Laws governing Personal Data of children, including, without limitation, all information about children under 13 years of age; or any information that falls within any special categories of data (as defined in GDPR). Customer further represents that Customer Data does not and will not contain protected health information subject to the Health Insurance Portability and Accountability Act (HIPAA) or any similar legislation in other jurisdiction; other information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional; or health insurance information unless Customer and Nitro have separately entered into a HIPAA Business Associate Agreement.

8. Miscellaneous

Except as expressly modified by the DPA, the terms of the Agreement remain in full force and effect. In the event of any conflict or inconsistency between this DPA and the other terms of the Agreement, this DPA will govern. Notwithstanding anything in the Agreement or any order form entered in connection therewith to the contrary, the parties acknowledge and agree that Nitro’s access to Personal Data does not constitute part of the consideration exchanged by the parties in respect of the Agreement. Notwithstanding anything to the contrary in the Agreement, any notices required or permitted to be given by Nitro to Customer under this DPA may be given (a) in accordance with any notice clause of the Agreement; (b) to Nitro’s primary points of contact with Customer; or (c) to any email provided by Customer for the purpose of providing it with Services-related communications or alerts. Customer is solely responsible for ensuring that such email addresses are valid.


1. Processing of Data

(a) Subject Matter and Details of Processing. The parties acknowledge and agree that (i) the subject matter of the Processing under the Agreement is Nitro’s provision of the Services; (ii) the duration of the Processing is from Nitro’s receipt of Personal Data until deletion of all Personal Data by Nitro in accordance with the Agreement; (iii) the nature and purpose of the Processing is to provide the Services; (iv) the data subjects to whom the Personal Data pertains are Customer (to the extent that Customer is an individual), users of the Services or Nitro’s software, and data subjects, the personal data of which has been generated, shared or uploaded by Customer and/or users of the Services and/or Nitro’s software; and (v) the categories of personal data are the personal data generated, shared, uploaded or requested by the Customer or users of the Services and/or Nitro’s software (which may include personal data contained in documents, pictures and other media and user-generated content such as documents, text, pictures and other content).

(b) Roles and Regulatory Compliance; Authorization. The parties acknowledge and agree that (i) Nitro is a processor of that Personal Data under European Data Protection Laws; (ii) Customer is a controller (or a processor acting on the instructions of a controller) of that Personal Data under European Data Protection Laws; and (iii) each party will comply with the obligations applicable to it in such role under the European Data Protection Laws with respect to the Processing of that Personal Data. If Customer is a processor, Customer represents and warrants to Nitro that Customer’s instructions and actions with respect to Personal Data, including its appointment of Nitro as another processor, have been authorized by the relevant controller.

(c) Nitro’s Compliance with Instructions. Nitro will Process Personal Data only in accordance with Customer’s instructions stated in this DPA unless applicable European Data Protection Laws require otherwise, in which case Nitro will notify Customer (unless that law prohibits Nitro from doing so on important grounds of public interest).

(d) Data Deletion. Nitro shall delete all the Personal Data on Nitro’s systems on Customer’s request and after the end of the provision of Services, and shall delete existing copies unless continued storage of the Personal Data is required by (i) applicable laws of the European Union or its Member States, with respect to Personal Data subject to European Data Protection Laws or (ii) Applicable Data Protection Laws, with respect to all other Personal Data. Nitro will comply with such instruction as soon as reasonably practicable and no later than 180 days after such expiration or termination, unless Applicable Data Protection Laws require storage. Customer may choose to request a copy of such Personal Data from Nitro for an additional charge by requesting it in writing at least 30 days prior to expiration or termination of the Agreement. Upon the parties’ agreement to such charge pursuant to a work order or other amendment to the Agreement, Nitro will provide such copy of such Personal Data before it is deleted in accordance with this clause.

2. Data Security

(a) Nitro Security Measures, Controls and Assistance (i) Nitro Security Assistance. available to Nitro) provide Customer with reasonable assistance necessary for Customer to comply with its obligations in respect of Personal Data under European Data Protection Laws, including Articles 32 to 34 (inclusive) of the GDPR, by (a) implementing and maintaining the Security Measures; (b) complying with the terms of Section 5(b) (Information Security Incidents) of the DPA; and (c) complying with this Annex 1. Customer hereby acknowledges and agrees that such measures are sufficient to permit Customer to comply with these obligations. (ii) Security Compliance by Nitro Staff. Nitro will ensure that its personnel who are authorized to access Personal Data are subject to appropriate confidentiality obligations.

(b) Reviews and Audits of Compliance
Customer may audit Nitro’s compliance with its obligations under this DPA up to once per year and on such other occasions as may be required by European Data Protection Laws, including where mandated by Customer’s supervisory authority. Nitro will contribute to such audits by providing Customer or Customer’s supervisory authority with the information and assistance reasonably necessary to conduct the audit. If a third party is to conduct the audit, Nitro may object to the auditor if the auditor is, in Nitro’s reasonable opinion, not independent, a competitor of Nitro, or otherwise manifestly unsuitable. Such objection by Nitro will require Customer to appoint another auditor or conduct the audit itself. To request an audit, Customer must submit a proposed audit plan to Nitro at least two weeks in advance of the proposed audit date and any third party auditor must sign a customary non-disclosure agreement mutually acceptable to the parties (such acceptance not to be unreasonably withheld) providing for the confidential treatment of all information exchanged in connection with the audit and any reports regarding the results or findings thereof. The proposed audit plan must describe the proposed scope, duration, and start date of the audit. Nitro will review the proposed audit plan and provide Customer with any concerns or questions (for example, any request for information that could compromise Nitro security, privacy, employment or other relevant policies). Nitro will work cooperatively with Customer to agree on a final audit plan. Nothing in this Section 2(b) shall require Nitro to breach any duties of confidentiality. If the controls or measures to be assessed in the requested audit are addressed in an SOC 2 Type 2, ISO, NIST or similar audit report performed by a qualified third party auditor within twelve (12) months of Customer’s audit request and Nitro has confirmed there have been no known material changes in the controls audited since the date of such report, Customer agrees to accept such report in lieu of requesting an audit of such controls or measures. The audit must be conducted during regular business hours, subject to the agreed final audit plan and Nitro’s safety, security or other relevant policies, and may not unreasonably interfere with Nitro business activities. Customer will promptly notify Nitro of any non-compliance discovered during the course of an audit and provide Nitro any audit reports generated in connection with any audit under this Section 2(b), unless prohibited by European Data Protection Laws or otherwise instructed by a supervisory authority. Customer may use the audit reports only for the purposes of meeting Customer’s regulatory audit requirements and/or confirming compliance with the requirements of this DPA. Any audits are at Customer’s sole expense. Customer shall reimburse Nitro for any time expended by Nitro and any third parties in connection with any audits or inspections under this Section 2(b) at Nitro’s then-current professional services rates, which shall be made available to Customer upon request. Customer will be responsible for any fees charged by any auditor appointed by Customer to execute any such audit.

3. Impact Assessments and Consultations

Nitro will (taking into account the nature of the Processing and the information available to Nitro) reasonably assist Customer in complying with its obligations under Articles 35 and 36 of the GDPR, by (a) making available documentation describing relevant aspects of Nitro’s information security program and the security measures applied in connection therewith and (b) providing the other information contained in the Agreement, including this DPA.

4. Data Transfers

(a) Data Processing Facilities. Provider may, subject to Section 4(b) (Transfers out of the EEA), store and Process Personal Data in the United States or anywhere Provider or its Subprocessors maintain facilities.

(b) Transfers out of the EEA. If Customer transfers Personal Data out of the EEA to Nitro in a country not deemed by the European Commission to have adequate data protection, such transfer will be governed by the Standard Contractual Clauses, the terms of which are hereby incorporated into this DPA. In furtherance of the foregoing, the parties agree that (i) Customer will act as the data exporter and Nitro will act as the data importer under the Standard Contractual Clauses; (ii) for purposes of Appendix 1 to the Standard Contractual Clauses, the categories of data subjects, data, special categories of data (if appropriate), and the Processing operations shall be as set out in Section 1(a) to this Annex 1 (Subject Matter and Details of Processing); (iii) for purposes of Appendix 2 to the Standard Contractual Clauses, the technical and organizational measures shall be the Security Measures; (iv) data importer will provide the copies of the subprocessor agreements that must be sent by the data importer to the data exporter pursuant to Clause 5(j) of the Standard Contractual Clauses upon data exporter’s request, and that data importer may remove or redact all commercial information or clauses unrelated the Standard Contractual Clauses or their equivalent beforehand; (v) the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be performed in accordance with Section 2(b) of this Annex 1 (Reviews and Audits of Compliance); (vi) Customer’s authorizations in Section 5 (Subprocessors) of this Annex 1 will constitute Customer’s prior written consent to the subcontracting by Nitro of the Processing of Personal Data if such consent is required under Clause 5(h) of the Standard Contractual Clauses; and (vii) certification of deletion of Personal Data as described in Clause 12(1) of the Standard Contractual Clauses shall be provided upon data importer’s request.

Notwithstanding the foregoing, the Standard Contractual Clauses (or obligations the same as those under the Standard Contractual Clauses) will not apply to the extent an alternative recognized compliance standard for the transfer of Personal Data outside the EEA in accordance with European Data Protection Laws applies to the transfer. In the event of any conflict or inconsistency between (a) this Annex 1 and any other provision of this DPA, this Annex 1 will govern or (b) the Standard Contractual Clauses and any other provision of this Agreement, the Standard Contractual Clauses will govern.

5. Subprocessors

(a) Consent to Subprocessor Engagement. Customer specifically authorizes the engagement of Nitro’s Affiliates as Subprocessors and generally authorizes the engagement of other third parties as Subprocessors (“Third Party Subprocessors”).

(b) Information about Subprocessors. Information about Subprocessors, including their functions and locations, is available at: as may be updated by Nitro from time to time) or such other website address as Nitro may provide to Customer from time to time (the “Subprocessor Site”).

(c) Requirements for Subprocessor Engagement. When engaging any Subprocessor, Nitro will enter into a written contract with such Subprocessor containing data protection obligations not less protective than those in this DPA with respect to Personal Data to the extent applicable to the nature of the services provided by such Subprocessor. Nitro shall be liable for all obligations under the Agreement subcontracted to, the Subprocessor or its actions and omissions related thereto.

(d) Opportunity to Object to Subprocessor Changes. When Nitro engages any new Third Party Subprocessor after the effective date of the Agreement, Nitro will notify Customer of the engagement (including the name and location of the relevant Subprocessor and the activities it will perform) by updating the Subprocessor Site or by other written means. If Customer objects to such engagement in a written notice to Nitro within 15 days after being informed of the engagement on reasonable grounds relating to the protection of Personal Data, Customer and Nitro will work together in good faith to find a mutually acceptable resolution to address such objection. If the parties are unable to reach a mutually acceptable resolution within a reasonable timeframe, Customer may, as its sole and exclusive remedy, terminate the Agreement and cancel the Services by providing written notice to Nitro and pay Nitro for all amounts due and owing under the Agreement as of the date of such termination.

(e) Sufficiency of Consent. Customer hereby acknowledges and agrees that the foregoing procedures are sufficient to obtain Customer’s prior written consent to the subprocessing under Article 28 of the GDPR, and to the extent required under Clause 5(h) of the Standard Contractual Clauses.


  1. For purposes of this Annex 2, the terms “business,” “commercial purpose,” “sell” and “service provider” shall have the respective meanings given thereto in the CCPA, and “personal information” shall mean Personal Data that constitutes personal information governed by the CCPA.
  2. It is the parties’ intent that with respect to any personal information, Nitro is a service provider. Nitro shall not (a) sell any personal information; (b) retain, use or disclose any personal information for any purpose other than for the specific purpose of providing the Services, including retaining, using, or disclosing the personal information for a commercial purpose other than the provision of the Services; or (c) retain, use or disclose the personal information outside of the direct business relationship between Nitro and Customer. Nitro hereby certifies that it understands its obligations under this Section 2 and will comply with them.
  3. The parties acknowledge that Nitro’s retention, use and disclosure of personal information authorized by Customer’s instructions documented in the DPA are integral to Nitro’s provision of the Services and the business relationship between the parties.


Technical and Security
Overview of Nitro Sign

Application security, compliance, user authentication,
document integrity and disaster recovery

Executive Summary
Nitro’s software solutions are designed to improve productivity and reduce paper consumption for every knowledge worker. By enabling end-to-end digital document workflows, Nitro helps organizations advance document security and corporate sustainability initiatives — essential factors in building the foundation for successful digital transformation.

Nitro Sign, a part of the Nitro Productivity Suite, is a browser-based application offering fast, secure and legally binding eSigning workflows. Designed to provide simple, delightful eSigning for everyone, Nitro Sign offers an intuitive interface and rich functionality supported by strong security fundamentals, for a truly enterprise-grade experience. With our eSigning solution, Nitro customers are transforming disconnected, time-consuming legacy processes into modern digital workflows that can be executed in minutes.

Nitro Sign provides all the functionality required to achieve fast, secure and legally binding eSignatures:

  • Sequenced order of signers
  • Real-time notifications
  • Viewing analytics
  • Multi-factor authentication for signer identity verification
  • Tamper-proof signed documents
  • Complete audit trail for each document
  • Reusable templates
  • Compliance with the highest level of global regulations and standards

The purpose of this this paper is to provide a high-level overview of Nitro Sign’s overall security framework, including but not limited to : application security, compliance, organisational security, network security, data security and disaster recovery.

Application Security
Nitro Sign runs on a containerised micro-services platform hosted in a dedicated-to- Nitro VPC (Virtual Private Cloud) across multiple Availability Zones within a single EU region—Frankfurt, Germany. Nitro Customers access the Nitro Sign application through their web browsers via the public website

Public internet traffic to and from is encrypted via TLS (Transport Layer Security) secured using a Secure Hash Algorithm (SHA-2) family extended validation digital certificate from DigiCert ( with both SHA1 and SHA256 fingerprints; SHA256 is the hashing algorithm used, and the signing scheme used is 2048-bit RSA.

Nitro Sign documents are stored in secure, dedicated and managed locations, using the Advanced Encryption Standard with a 256-bit key size (AES-256). AES is included in the ISO/IEC 18033-3: Information technology – Security techniques – Encryption algorithms – Part 3: Block ciphers Standard. AES is defined as U.S. Federal Information Processing Standard: FIPS PUB 197: Advanced Encryption Standard (AES).

Data communications between the web clients and Nitro backend servers is encrypted using TLS, which protects data in transit. Document metadata is held in a Relational Database Service which provides for high availability and data durability. Storage is provided by Amazon S3 (Simple Storage Service) buckets — dedicated to Nitro — which are encrypted to protect data at rest.

Sensitive information (credentials, tokens, certificates, API keys) are managed through an encrypted vault database. Systems Overview image

User Authentication
Nitro Sign supports multiple methods for managing and authenticating user's identities.

Nitro Admin, our dedicated user and license management portal, is used by designated administrators to invite new users, to manage existing users and their licenses, and to suspend or remove users, as necessary.

Nitro also offer Single Sign-On (SSO) integrations as part of our Enterprise level plan. SSO allows users to access Nitro's products by authenticating through the organization’s Identity Provider (IdP). Nitro supports SSO with any SAML-2.0 compliant IdP.

More information on enabling Nitro’s SSO integration can be found here

Document Integrity
Upon completion of a signature workflow, Nitro digitally signs the PDF using a certificate issued to identify Nitro as an organization. The digital signature verifies the document integrity and confirms that the document has not been tampered with since it was completed. Please see the following image for how the Digital Signature appears on a completed document being viewed in Nitro PDF Pro 13. The Digital Signature will be present in the copy of the document received by all parties to the request. Document Security image

Nitro Software Inc. holds HIPAA, SOC2 Type 1, and SOC2 Type 2 certifications, among others. Nitro are also self-certified for Privacy Shield, and fully committed to supporting the EU General Data Protection Regulations (GDPR). Compliance image

Since we consider data security to be our number-one job and priority, we build security into each stage of the System Development Lifecycle for all Nitro products.

We follow industry best practices to transfer, process, and store customer data. All Nitro cloud–enabled features use state-of-the-art computing facilities that satisfy key industry standards, such as PCI DSS, HIPAA, and SOC. Our primary data centre is in the EU in Frankfurt, Germany.

Nitro protects documents in motion and at rest with digital audit trails and TLS AES encryption. Through extensive logging and instrumentation, we monitor our production environment to audit security, availability, access, and other metrics for our services.

We use a combination of automated tools and manual inspection to ensure constant oversight of security events. For all of our cloud infrastructure, we use Amazon Web Services (AWS), which provides extensive documentation about their security practices here. AWS employs cutting-edge data security measures, as well as physical access restrictions at server locations.

For a full list of Nitro certifications, including SOC 2 Type 2, HIPAA, and Privacy Shield, please click here.

The list of AWS certifications, including ISO 27001 and SOC reports 1, 2, and 3, is available here.

Organisational Security
Nitro Software has developed and communicated to its users’ procedures to restrict logical access to Nitro Software’s systems. The procedures cover the following key security lifecycle areas:

  • Policy management and communication
  • Authorization, changes to, and termination of information system access
  • Authorization, testing and approval of changes to production environment applications
  • Monitoring security controls
  • Management of access and roles
  • Maintenance and support of the security system and necessary backups/media storage
  • Disaster recovery and incident response
  • Maintenance of restricted access to system configurations, administrative functionality, passwords, powerful utilities, and security devices

Background Checks: Nitro go to great lengths to ensure no one sees or processes your data unless they’re authorized to do so — and we strictly limit exceptions. All employees are subject to background checks, and access to production servers is limited solely to engineers who need to work directly with our production systems.

Nitro Information Security Standards v 1.5 exist and are in effect.

These Standards are developed under the authority of the Nitro Information Security Policy.

These Standards apply to all components of Nitro and all geographic regions where Nitro operates.

These Standards are based on and aligned with ISO/IEC 27002:2013 Information technology – Code of practice for information security controls (licensed by Nitro).

These standards are also aligned with and support the U.S. Department of Commerce NIST Special Publication 800-53.

The Nitro Information Security Policy is owned by the Global Security Lead, who has secured management approval and responsibility for developing, reviewing, and maintaining the policy.

Nitro Information Security Standards underpin the Nitro Information Security Policy. Standards are reviewed on an on-going basis with updates applied as and when required.

Nitro Information Security Standards and Policy are reviewed annually as part of our ongoing Regulatory Compliance initiatives including SOC2 and HIPAA.

Security Awareness & Training
Nitro has an information security policy to help ensure that employees understand their individual roles and responsibilities concerning processing and controls to ensure significant events are communicated in a timely manner.

These include formal and informal training programs and the use of email, Slack and other methods to communicate time-sensitive information and processes for security and system availability purposes that notify key personnel in the event of problems.

General Information Security training is delivered during the hiring and onboarding process and refreshed at least annually thereafter. Specific training dependent on roles is provided to specialist areas such as software development and systems or platforms engineering.

Data Security
All systems and applications are subject to vulnerability assessment scans by an independent and accredited third party on a regular basis.

The Nitro online platform service is a cloud-based solution hosted in AWS VPC across multiple availability zones in a single region (Frankfurt, Germany), designed for failure, self-healing, robustness, and is highly available.

Automated backups are in place covering 20 generations of data.

AES-256 encryption is in place covering data at rest, and data in transit.

Multiple instances of Anti-Virus and Anti-Malware technology is in place, at the desktop layer and also at the email gateway and internet gateway layers.

Nitro also uses a Web Application Firewall and DDoS protection platform.

Disaster Recovery
All Nitro systems are built to be highly resilient, highly available, and fault tolerant.

That said, we do have a Nitro Disaster Recovery Plan and Nitro Business Continuity Plan, which are reviewed and tested annually.

The most recent test of the Nitro Disaster Recovery Plan was conducted in Q3 2020.