GDPR-compliant PDF tracking

You can know who read your document and stay on the right side of the GDPR - but only if the tracking is built to avoid collecting personal data in the first place. Most document trackers do the opposite: they log every reader's IP address, which the GDPR treats as personal data, and hand you a compliance obligation you never asked for. Here's how to track readership the compliant way.

Is PDF tracking even allowed under GDPR?

Yes - tracking how a document is read is not banned by the GDPR. What the regulation governs is personal data: information relating to an identifiable person. The question is never "can I see who read it?" but "what personal data am I collecting to do so, and do I have a basis to hold it?" If your tracking records readership without collecting personal data, most of the heavy GDPR machinery simply doesn't apply, because there is no personal data to protect.

The problem: IP addresses are personal data

Under the GDPR and UK GDPR, an IP address is generally personal data - the Court of Justice of the EU confirmed this for dynamic IPs in Breyer. The moment a document tracker stores a visitor's IP, you (the sender) are processing personal data and inherit the obligations that follow: a lawful basis, a defined retention period, the duty to minimise what you keep, and the ability to honour access and erasure requests.

For a freelancer sending a proposal or a founder sharing a deck, that's a lot of liability in exchange for a stat you barely look at - and it compounds with every tool that quietly logs reader IPs. The most reliable way to comply is the simplest one: don't collect the personal data at all. You cannot mishandle, over-retain, or be compelled to produce data you never stored.

Data minimisation in practice

Data minimisation - collecting only what you actually need - is one of the GDPR's core principles, and it maps perfectly onto document tracking. The job is "understand how my document is read." You do not need a reader's address to do that. You need to recognise a returning reader, know roughly where reads come from, and see which pages held attention - and all of that can be derived without retaining an identifier that points back to a person.

How FileDroppr tracks readership without storing personal data

FileDroppr is built for this. Instead of storing the IP, each reader's address is run through a salted one-way hash the moment a read happens, producing a stable pseudonymous identity (Reader #214). The hash can't be reversed back to the address, and the salt is a server secret, so the stored identity is meaningless to anyone who might come across it - yet it's stable enough to tell you the same reader came back three times. The IP itself is used only to resolve a country in-flight, then discarded. The detailed mechanism is in how to share a PDF without storing reader IP addresses.

On top of that, links expire on a schedule you set and the encrypted file is swept from disk shortly after - so there's no indefinite retention - and readership is measured first-party inside the viewer, with no third-party tracking scripts or cross-site cookies riding along on your document.

When a reader chooses to identify themselves

Sometimes you do want a name - which investor opened the deck, which client read the contract. FileDroppr's optional email gate asks the reader to enter an email before the document opens. That is the reader consciously providing their data, which is a very different basis from quietly harvesting an address they never agreed to share. You collect a name because they chose to give it, you tell them why, and everything else stays pseudonymous.

A practical compliance checklist

  1. Use a tracker that doesn't store reader IP addresses (or other raw identifiers).
  2. Set links to expire so readership data isn't retained indefinitely.
  3. Only ask readers for an email (or other personal data) when you genuinely need it - and tell them why.
  4. Keep your privacy policy honest about what is and isn't collected.
  5. Prefer first-party measurement over embedded third-party trackers and cookies.

This guide explains the principles in general terms and is not legal advice; check your own obligations for your situation.

Related reading

See how to share a PDF without storing reader IP addresses, the full readership features, or why DocSend-alternative searches lead here (DocSend stores IPs; FileDroppr doesn't).

Readership insight, without the liability.

Try FileDroppr free