๐Ÿ”’ Your files are processed entirely in your browser and are never uploaded to any server.
Advertisement ยท 728ร—90

The problem most people overlook

When you need to convert, compress, or edit a PDF quickly, the instinct is to search for a free online tool and upload your file. This works โ€” but it raises a privacy question that most users never think about: once you upload a file to a website, what happens to it?

For many documents this doesn't matter. A recipe you scanned, a museum brochure, a product manual โ€” none of that is sensitive. But a significant proportion of people uploading to online PDF tools are handling documents they definitely would not want a stranger to read: CVs, contracts, financial statements, medical records, legal documents, and identity documents such as passports and driver's licences.

The risks are real and the variance between services is wide. This guide explains how online PDF tools typically work, what data they collect and retain, what the realistic risks are, and how to assess whether a service is trustworthy before you upload something sensitive.

How server-based PDF tools work

Most online PDF tools โ€” the ones that ask you to upload a file โ€” operate using a server-side model. When you click "Upload" or drag a file onto their page, your browser sends the file across the internet to the company's servers. The processing (conversion, compression, merging, etc.) happens on their infrastructure, and then the resulting file is sent back to your browser for download.

This model is necessary for some operations that genuinely require server-side processing โ€” for example, OCR (optical character recognition) on scanned documents, which needs significant computing power. But most common PDF operations (compression, merging, splitting, text extraction, format conversion) do not technically require a server. They can be done entirely in your browser using JavaScript. The reason many services use servers anyway is historical inertia, simpler development, and the ability to monetise through data access.

When your file is on their server, the service can:

  • Store a copy permanently or for a period of time
  • Index the text content for search or advertising purposes
  • Train machine learning models on the content
  • Share or sell the data to third parties
  • Hand it over to authorities if legally compelled
  • Expose it accidentally if the server is breached

Not all of these are malicious. Many services have legitimate reasons to retain files temporarily (for re-download links, for example). But the point is that once a file leaves your device, you have no control over what happens to it.

What privacy policies actually say

Most online PDF services have privacy policies, and many of them contain reassuring language such as "your files are deleted within 1 hour" or "we never read your documents." These statements may be honest โ€” or they may be aspirational policies that are not technically enforced, or they may have exceptions buried in the fine print.

Common things to look for when reading a privacy policy for a file processing service:

Retention period. How long do they keep your files? "Deleted after 1 hour" is common but not universal. Some services keep files for 24 hours to allow re-download. Others retain logs and metadata even after deleting the file content. A few retain files indefinitely for "service improvement."

Third-party data sharing. Does the service share your files or file metadata with advertising partners, analytics services, or affiliated companies? Most policies contain broad language permitting sharing with "trusted partners" โ€” which in practice means your file metadata may be shared even if the file itself is not.

Machine learning and AI training. An increasing number of services include clauses permitting them to use your uploads to train AI models. This is particularly common with services that offer AI-powered features. If the policy says anything like "we may use your content to improve our services," that often includes ML training.

Legal jurisdiction. Where is the company based and where are its servers located? A company operating under GDPR (European Union) faces strict requirements around data retention and user consent. A company operating under no comparable regulation has far fewer obligations. This matters if you are dealing with documents covered by professional privacy obligations (medical records, legal documents).

Security measures. Does the service transmit files over HTTPS? Are files encrypted at rest on their servers? What happens in the event of a data breach? Many smaller services have minimal security documentation, which is itself informative.

The realistic risks by document type

Not all documents carry the same risk. Here is a practical assessment of what to consider for common document types:

Low risk (generally fine to upload): publicly available documents, product manuals, recipes, publicly distributed reports, brochures, academic papers you did not write, printed news articles, maps, and any document that does not contain your personal information or proprietary data.

Medium risk (use caution, verify the service): documents that contain your name and address, invoices, purchase receipts, company reports that are not publicly released, and internal documents that are not confidential but also not public.

High risk (use a browser-based or local tool only): CVs and resumes, employment contracts, financial statements and tax returns, bank statements, medical records and prescriptions, legal agreements and contracts, identity documents (passport, driver's licence, national ID), documents containing passwords or security codes, anything marked "confidential" or "private," and any document containing other people's personal information that you are responsible for protecting.

The distinction between the last two categories is roughly: would you be comfortable posting this document in a public forum? If not, treat it as high risk.

Server-based vs. browser-based tools

The architectural difference that matters most for privacy is whether a tool processes your file on a server or in your browser.

Server-based tools require your file to leave your device. Even with strong privacy policies and short retention periods, you are trusting the company to handle your data responsibly โ€” and accepting the risk that they might not, or that their servers might be compromised.

Browser-based tools process files using JavaScript running inside your browser. The file is loaded directly into browser memory using the JavaScript File API โ€” the same API your browser uses when you open a file with any local application. The processing happens on your device, and the output (the converted or compressed file) is generated in your browser and downloaded directly to your device. At no point does the file data leave your computer.

You can verify this yourself: open your browser's developer tools (F12), go to the Network tab, then use the tool. A server-based tool will show a large file upload request in the Network tab โ€” the file being sent to the server. A genuine browser-based tool will show no such request. The only network activity will be loading the page's HTML, CSS, JavaScript libraries, and any advertisements โ€” the file itself stays local.

FileFlip.no is built on this browser-based model. There are no server endpoints that accept file uploads in the codebase โ€” not as a policy statement, but as a technical fact. Every operation (PDF rendering, compression, format conversion, text extraction) runs inside your browser using established open-source libraries: PDF.js for rendering, pdf-lib for manipulation, docx.js for Word document generation.

What metadata does a PDF contain?

Even before uploading, it is worth knowing what information your PDF files may contain about you. PDF files can embed metadata that you may not be aware of:

  • Author name โ€” Often the name from the OS user account that created the document
  • Organisation name โ€” The company name registered in the software that created it
  • Creation date and time โ€” When the document was first created
  • Modification date โ€” When it was last changed
  • Software used โ€” Which application created or last modified the PDF
  • GPS coordinates โ€” If the PDF was created from a photo taken on a device with location services enabled
  • Document history โ€” Some applications embed revision history or previous versions
  • Custom properties โ€” Tags, categories, or other metadata added by the creating application

To inspect the metadata in a PDF: in Adobe Reader, go to File โ†’ Properties โ†’ Description. In macOS Preview, go to Tools โ†’ Show Inspector โ†’ More Info. This can reveal information you were not expecting to share.

Practical rules for PDF privacy

Based on the above, here are actionable guidelines:

  1. Categorise before uploading. Before using any online tool, decide whether the document is low, medium, or high risk. High-risk documents should only be processed by tools that provably do not upload to a server.
  2. Verify browser-based claims. If a service claims to process files in the browser, verify it with the Network tab in developer tools (F12). You should see no file upload request when the tool processes your document.
  3. Read the privacy policy for specifics. Look specifically for retention period, third-party sharing, and ML training clauses โ€” not just the marketing summary at the top.
  4. Check legal jurisdiction. Services headquartered in the EU or under GDPR have more enforceable obligations than services based elsewhere.
  5. Use local software for the most sensitive work. For very sensitive documents, avoid any web tool entirely. Adobe Acrobat (paid), LibreOffice Draw (free), and pdftk (free command-line tool) can all perform PDF operations entirely offline.
  6. Strip metadata before sharing. If you need to share a PDF that contains sensitive metadata, use a tool (local or verifiably browser-based) to strip the document properties before sending.
  7. Check for hidden content. Some PDFs contain content that is not visible on screen but is present in the file โ€” text under images, hidden layers, content outside the visible page area. When sending sensitive documents, ensure only what you intend is present in the file.

The bottom line

The privacy risk of online PDF tools is real but manageable. The key is matching the tool to the sensitivity of the document. For everyday non-sensitive documents, any reputable service with a reasonable privacy policy is fine. For sensitive documents โ€” anything containing personal information, financial data, legal content, or health information โ€” only use tools that provably process files in your browser without uploading anything to a server.

The free tools at FileFlip.no are built on this principle: all processing happens in your browser, and your files never leave your device. This is not just a privacy policy โ€” it is the technical architecture. But whatever tools you use, the most important habit is simply to pause before uploading and ask: am I comfortable with this document being on someone else's server?

Advertisement ยท 728ร—90

โ† Back to all guides