PDFLM is a WordPress plugin that turns every PDF in your media library into a searchable, AI-answerable knowledge base. Your visitors ask questions in plain language; PDFLM answers in seconds, citing the exact source PDF and page each answer came from.

How do I add AI search to PDFs on my WordPress site?

Install the PDFLM plugin from your WordPress admin, activate it, and PDFLM begins indexing every PDF in your media library — including scanned files, via built-in OCR. Drop the PDFLM block into any page or sidebar widget and visitors can start asking questions.

Does it work with scanned PDFs?

Yes — PDFLM runs OCR during indexing so image-only PDFs become searchable alongside your text-native files.

Where does the AI run? Where is my data stored?

On our managed infrastructure. Your original PDFs stay in your WordPress media library; PDFLM keeps an index and pointers — never copies of the documents themselves. Your archive remains under your control.

Can I customise the chat UI?

It inherits your WordPress theme automatically — type, color, and spacing. You can override colors, copy, and layout via the block settings or your theme's CSS.

What about new PDFs we upload later?

Auto-indexed. PDFLM watches your media library and picks up new uploads in the background — no manual sync.

How is PDFLM different from ChatGPT, Claude, or Perplexity?

General AI tools can't read your library. ChatGPT and Claude need you to upload PDFs one at a time. Perplexity searches the public web. PDFLM reads every PDF in your WordPress media library and cites the source page on every answer, so visitors can verify it themselves.

How much does PDFLM cost?

PDFLM has three paid plans plus an Enterprise tier. Starter: £29/month ($36) for 25 documents and 500 questions/month on 1 site. Pro: £79/month ($98) for 250 documents and 5,000 questions/month on 3 sites, with cross-encoder reranking and a signed DPA. Scale: £249/month ($310) for 2,000 documents and 30,000 questions/month on 10 sites, with white-label and 99.5% uptime SLA. Annual billing saves two months on every plan. Enterprise is custom-quoted. Every plan includes a 14-day free trial when access opens, no credit card required.

PDFLM is rolling out access in waves. Join the waiting list at pdflm.com and we'll email you when it's your turn — when access opens, every plan starts with a 14-day free trial, no credit card required.

Cookie Policy · PDFLM

01

What is a cookie?

A cookie is a small text file that a website asks your browser to store. The next time you visit the site, the browser sends the cookie back, so the site can recognise you (for example, to keep you logged in).

There are a few related technologies worth distinguishing:

sessionStorage and localStorage are similar to cookies — also stored in your browser — but the website's JavaScript reads and writes them directly. They're not cookies, but UK PECR treats some of them as “similar technologies”.
Tracking pixels are tiny invisible images that other companies use to track behaviour across the web. We don't use any.
Browser fingerprinting identifies you from characteristics of your device (fonts installed, screen size, etc.) without setting a cookie. We don't do this either.

The rest of this policy covers what pdflm.com actually uses.

02

What cookies pdflm.com uses

Cookies on the marketing site

The public marketing pages on pdflm.com (the homepage, /pricing, /demo, the legal pages) set no first-party cookies. You can verify this for yourself in any modern browser: open developer tools, navigate to the “Application” or “Storage” tab, and look at the Cookies list for pdflm.com while on those pages — it will be empty.

Strictly-necessary cookies on the customer area

Once you sign up and use the authenticated customer dashboard at pdflm.com/dashboard (or any of /signup, /login, /forgot-password, /reset-password), we set the cookies listed below. All are strictly necessary to deliver the authenticated service you have requested, so under UK PECR / ePrivacy no consent is required for them. They carry no analytics or marketing function whatsoever.

Cookie	Purpose	Type	Lifetime
`authjs.session-token`	Encrypted JWT identifying your signed-in session. Without it the dashboard can't tell who you are.	First-party, HTTP-only, Secure	30 days, or until you sign out
`authjs.csrf-token`	Cross-site request forgery protection for sign-in and account forms.	First-party, HTTP-only, Secure	Session
`authjs.callback-url`	Remembers where to return you after sign-in.	First-party, Secure	Session
`pdflm_new_api_key`	Carries a freshly-issued API key from the signup or regenerate action to the one-time reveal page. Set briefly, cleared immediately after display.	First-party, HTTP-only, Secure	60 seconds maximum

The authjs.* cookies are created by NextAuth (also known as Auth.js), the open-source authentication library we use. They never contain personal data in plaintext — the session token is an encrypted, signed JSON Web Token containing only your internal user id.

Analytics — Vercel Analytics (cookieless)

We use Vercel Analytics to count anonymous pageviews. Vercel Analytics is cookieless by design: it sets no cookies, uses no browser localStorage or sessionStorage for identification, and does not fingerprint browsers. It hashes the visitor's IP address with a daily-rotating salt to count uniques without persistent identifiers, and the raw IP is never stored.

Because Vercel Analytics is cookieless and collects only anonymous, aggregated statistics, no consent is required under UK PECR or the EU ePrivacy Directive for its use.

We also use Vercel Speed Insights, which collects anonymous Core Web Vitals (page-load timings) per pageview. Also cookieless.

Marketing cookies

pdflm.com sets no marketing cookies. We do not use retargeting, advertising networks, conversion-tracking pixels, or session-replay tools (no Hotjar, no FullStory, no Microsoft Clarity).

Stripe-side cookies during checkout

When you click an “Upgrade” button on /dashboard/billing we redirect you to Stripe's hosted Checkout page (and, separately, to Stripe's Billing Portal if you click “Manage billing”). Those pages live on checkout.stripe.com and billing.stripe.com, not on pdflm.com, and Stripe sets its own cookies there for fraud prevention and session continuity. Those cookies are governed by Stripe's cookie policy — not ours. We can't see, modify, or read them.

If at any point we want to add a cookie or technology that does require consent — for example, a heatmap tool, a non-cookieless analytics product, or a marketing pixel — we will deploy a fully ICO-compliant consent banner first, update this policy, and prompt visitors for opt-in before setting it.

03

What we do NOT use

We think the absences matter as much as the presences. pdflm.com does not use any of the following:

Google Analytics, Google Tag Manager, or any Google tracking.
Meta Pixel (Facebook / Instagram tracking).
TikTok pixel.
LinkedIn Insight Tag.
Twitter / X conversion tracking.
Hotjar, FullStory, Mouseflow, or any other session-replay tool.
Advertising networks of any kind.
Browser fingerprinting libraries.

If a future business need ever required us to add any of these, we'd update this policy, add the relevant cookie consent category, and re-prompt visitors for explicit opt-in before loading any third-party script.

04

The chat widget sets no cookies

The PDFLM chat widget that our customers embed on their own websites does not set any cookies — ever. No first-party cookies, no third-party cookies, no fingerprinting, no analytics SDKs.

Conversation history within a single browsing session is held in the visitor's browser sessionStorage, which is cleared automatically when the tab closes. sessionStorage is not a cookie under UK PECR. It is treated as a “similar technology”, but it is exempt from consent requirements because it is strictly necessary to deliver the functionality the end user has requested (asking and receiving an answer within a conversation).

This is an intentional design choice. Our customers' end-user visitors get an AI chat experience without acquiring any tracking state — a deliberate contrast to most chat widgets on the market.

05

Your consent and your choices

No consent banner currently

Because pdflm.com currently sets no cookies and uses only cookieless analytics (Vercel Analytics + Vercel Speed Insights), there is nothing that requires your consent under UK PECR or the EU ePrivacy Directive. We have not deployed a consent banner — there would be nothing for the banner to ask you about.

If you don't want to be counted at all in our anonymous pageview statistics, you can:

Use your browser's built-in tracking protection (Firefox, Brave, Safari all include one by default).
Block vitals.vercel-insights.com at the DNS / extension level (e.g. uBlock Origin, NextDNS).
Send a Do Not Track signal from your browser — we treat DNT as a request to opt out of analytics where technically feasible.

When a banner will appear

We will introduce a consent banner the first time we add anything that genuinely requires consent under UK PECR — for example, a cookie-based analytics product, a heatmap or session-replay tool, or an advertising pixel. When that happens, the banner will:

Appear on your first visit before any non-strictly-necessary cookie is set.
Offer equal-weight Accept all and Reject all buttons — same size, same colour weight, same click distance — in line with the UK ICO's 2023–2024 guidance.
Provide granular toggles for each non-essential cookie category, with no toggles pre-ticked.
Be implemented in first-party JavaScript — no third-party tracking scripts will load before you give consent.
Be re-triggered if we introduce a material change (e.g. a new tracking category).
Be re-accessible at any time through a “Cookie settings” link in the footer.

Until that point — i.e. for as long as this Cookie Policy accurately describes the site — there is no banner because there is nothing requiring consent.

06

Managing cookies in your browser

You can also manage cookies directly in your browser settings. Useful links:

Chrome: support.google.com/chrome
Firefox: support.mozilla.org
Safari (macOS): support.apple.com
Edge: support.microsoft.com

Do Not Track. Some browsers can send a “Do Not Track” signal. The DNT specification is not a binding web standard and most sites no longer honour it. We treat DNT as equivalent to rejecting non-essential cookies where technically feasible.

07

Third-party services on linked pages

When you click certain links, you leave pdflm.com and land on a third-party site. Those sites have their own cookies and their own cookie notices, which we don't control. The most relevant examples:

Stripe checkout. When you click an upgrade button, you are redirected to a Stripe-hosted checkout page. Stripe sets its own cookies for fraud prevention and session continuity. See stripe.com/cookie-settings.
WordPress.org, GitHub, and similar services referenced from our documentation. If you click through, those services set their own cookies under their own policies.

Cookies set by third-party sites are not in scope of this policy.

08

Changes to this policy

We will update this Cookie Policy whenever our cookie usage changes. Material changes — for example, introducing a new tracking category or switching to a cookie-based analytics provider — will be flagged in the cookie consent banner so you can review and re-consent.

The “Last updated” date at the top of this page always reflects the current version.

09

Contact us

For questions about this Cookie Policy, email support@pdflm.com.

If you have a complaint about our cookie practices, you have the right to lodge it with a Supervisory Authority:

UK: Information Commissioner's Office (ico.org.uk).
EU: the data protection authority of your country of residence — directory at edpb.europa.eu.

This Cookie Policy is published by Renav Limited (trading as PDFLM), registered in England and Wales under company number 08758164.