Why Your PDF Tools Should Never Upload Your Files
A comprehensive guide to understanding how online PDF tools handle your files, what privacy risks exist, and how to choose tools that truly protect your documents.
What Happens When You Use Online PDF Tools
Most popular PDF tools like iLovePDF, Smallpdf, and PDF Candy work the same way:
- 1You select a PDF file — this could be a sensitive contract, medical record, tax document, or personal information.
- 2Your file is uploaded to their server — the entire PDF is transmitted over the internet to a server that could be in another country.
- 3The server processes your file — your document exists in memory on a machine you don't control, running code you haven't vetted.
- 4The result is sent back to you — the processed file is downloaded, and the company claims they delete your file from their servers.
The fundamental problem: you must trust the company to delete your file — and you have no way to verify they actually do.
Server-Side vs Client-Side Processing
| Aspect | Client-Side (pdfprivately) | Server-Side (Most Tools) |
|---|---|---|
| File Location | Stays on your device | Uploaded to remote server |
| Internet Required | Only to load the app (works offline after) | Required for every operation |
| Privacy Verification | Verifiable via DevTools Network tab | Impossible — must trust privacy policy |
| Data Sovereignty | Your device, your jurisdiction | Server may be in another country with different laws |
| File Retention | Nothing to delete — files never leave | Company controls deletion schedule |
| AI Training Risk | No risk — files never leave your device | Files could be used for model training |
| Third-Party Access | None — no server involved | Server operators, cloud providers, potential subpoenas |
| Processing Speed | Instant — no upload time | Depends on upload speed and server load |
| File Size Limits | Limited only by browser memory (~2GB) | Often capped at 5-50MB on free tiers |
| Account Required | Never required | Often required or encouraged |
How pdfprivately Keeps Your Files Private
1. Client-Side WebAssembly
All PDF processing is done in your browser using WebAssembly (WASM). Libraries like pdf-lib and PDF.js run directly on your device — no server needed.
2. CSP Security Headers
Our Content-Security-Policy headers block all outbound network connections (connect-src 'none'). No file data can be sent anywhere.
3. Zero-Knowledge Architecture
Our server never receives your file. Even file metadata stays on your device. No accounts, no analytics cookies, no tracking scripts.
4. Auto-Cleanup on Tab Close
All temporary data is stored in browser memory and IndexedDB. When you close the tab, it's automatically garbage collected — nothing persists.
How to Verify: Disconnect Your Internet
This is the most powerful privacy test you can do. Try it with any pdfprivately tool:
- 1Open any pdfprivately tool page (e.g., Merge PDF, Compress PDF).
- 2Wait for the page to fully load (including WASM binaries).
- 3Disconnect your internet — turn off WiFi, unplug Ethernet, or enable airplane mode.
- 4Drop your PDF file and use the tool normally.
- 5It still works. Because your files are never uploaded, the internet is not needed for processing.
Try this with iLovePDF, Smallpdf, or any server-side tool — they will fail immediately without internet because their processing depends on uploading your file to their servers. This simple test is the ultimate proof of privacy.
PDF Tool Privacy Checklist
Use this checklist to evaluate any online PDF tool before trusting it with your documents:
Experience True Privacy
Try any pdfprivately tool right now. Your files never leave your browser. No account, no upload, no tracking.
Frequently Asked Questions
Are online PDF tools safe to use?
Most online PDF tools process files on their servers, meaning your documents are uploaded to a third-party cloud. While reputable tools use encryption and claim to delete files after processing, you cannot independently verify this. pdfprivately is different: all processing happens in your browser using WebAssembly — your files never leave your device. You can verify this by opening DevTools and confirming zero outbound network requests containing file data.
How can I verify that my files aren't being uploaded?
For pdfprivately, open your browser's Developer Tools (F12 or right-click > Inspect), go to the Network tab, and use any of our PDF tools. You'll see no outbound requests containing your file data. You can also disconnect your internet entirely after the page loads — our tools continue to work because everything runs client-side. For other online PDF tools, this verification is impossible because files must be uploaded to their servers for processing.
What is client-side PDF processing?
Client-side processing means all PDF manipulation happens inside your web browser using JavaScript and WebAssembly. The PDF file is read locally, processed by code running on your device, and the result is generated without ever being sent to a server. This is different from server-side processing where your file is uploaded to a remote server, processed there, and the result is sent back to you.
Can pdfprivately see my files?
No. pdfprivately cannot see your files because they never leave your browser. There is no server-side component that receives, stores, or processes your PDF content. Our Content-Security-Policy headers block all outbound network connections containing data payloads. The only network requests are for loading the application itself (HTML, CSS, JavaScript, WASM binaries) — never your file content.
What happens to my files when I close the tab?
When you close your browser tab or window, all temporary data is automatically cleaned up. Your browser's garbage collection reclaims the memory. Nothing persists on our side because nothing was ever sent to us. IndexedDB temp storage (if used for large files) is wiped when the tab closes.