Your files are safe with us.

We process over 2 million PDF files without storing a single one. Here's exactly how we handle your data — with complete transparency.

✓ HTTPS / TLS 1.3✓ Zero File Retention✓ AES-256 Encryption✓ No Third-Party Sharing✓ No AI Training

How We Protect Your Files

Six security principles baked into every tool on this platform.

Encrypted in Transit

Every file you upload travels over HTTPS/TLS 1.3. Your browser and our server negotiate a secure channel before any data is exchanged — the same standard used by banks and financial institutions.

Zero Retention Policy

Your files are processed entirely in server memory (RAM). Nothing is written to disk. The moment your result is sent back, the data is gone. We have no database of your files, ever.

No Tracking of File Content

We log operational metrics (tool used, file size in MB, success/failure) for rate limiting and abuse prevention — never the file content, filename, or any extractable data from your document.

Isolated Processing

Each file operation runs in its own isolated process. Your file is never commingled with another user's data. Temporary directories are always cleaned up in a `finally` block — even if processing fails.

AES-256 Encryption (Protect PDF)

When you use the Protect PDF tool, we apply AES-256 encryption via qpdf — the gold standard for PDF password protection. We never store your password; it exists only during the processing request.

No Third-Party File Sharing

Your files are never sent to or processed by third-party AI services, analytics platforms, or advertising networks. Processing happens entirely on our own infrastructure.

What Happens to Your File

The complete lifecycle of a file from upload to deletion.

1

Encrypted Upload

Your file travels from your browser to our server over HTTPS/TLS. It is never transmitted in plain text.

2

In-Memory Processing

The file is held in server RAM only. Our multer config uses memoryStorage — no disk writes occur.

3

Tool Execution

The PDF operation runs in an isolated process. If a temporary directory is needed, it's created in /tmp and tracked for cleanup.

4

Result Returned

The processed file is sent directly to your browser as a download response. We never upload it anywhere else.

5

Immediate Deletion

All temporary files and directories are deleted in a `finally` block — guaranteed even if an error occurred. No residual data remains.

Security Practices

A detailed breakdown of how security is implemented across our stack.

File Handling

  • All uploads processed in memory (memoryStorage) — no disk writes
  • Temporary directories cleaned immediately after each operation
  • 50 MB upload limit enforced at the server level (multer)
  • PDF-only MIME type validation on file upload endpoints
  • No file content is ever logged or stored in our database

API & Backend Security

  • JWT authentication with short-lived tokens for logged-in users
  • Rate limiting per IP and per user to prevent abuse
  • All shell commands use execFileSync with argument arrays — no shell injection risk
  • Error messages never expose internal paths or stack traces to clients
  • CORS restricted to the official frontend origin

Infrastructure

  • Hosted on Railway with automatic TLS certificate management
  • Environment secrets stored as encrypted environment variables, never in code
  • No hardcoded API keys, passwords, or credentials anywhere in the codebase
  • Database connections use SSL in production
  • Paddle webhook signatures verified cryptographically before processing

Open Source Processing

  • Ghostscript — open-source, widely audited PDF processing engine
  • qpdf — open-source, FIPS-compliant PDF manipulation library
  • LibreOffice — open-source office suite used for document conversions
  • Tesseract OCR — open-source OCR engine maintained by Google
  • pdf-lib — open-source JavaScript PDF library

Responsible Disclosure

If you discover a security vulnerability in PDFTool, please report it privately to security@pdfs.to. We take all reports seriously and will respond within 48 hours. We do not pursue legal action against researchers who act in good faith.

Security FAQ

Can PDFTool employees read my files?

No. Files are processed in memory and deleted immediately. There is no storage system for user files, so there is nothing for anyone to access.

Are my files used to train AI models?

Absolutely not. Your files are never used for any AI training, machine learning, or analytics purposes. They exist only long enough to be processed and returned to you.

What happens if processing fails?

Our backend wraps every operation in a try/finally block. If an error occurs, the temporary directory is still cleaned up — your partial data is not left on any server.

Is Google Drive / Dropbox import safe?

Yes. The Drive and Dropbox import uses client-side OAuth entirely — your cloud credentials are handled by Google and Dropbox's own OAuth servers, never by PDFTool's backend. We only receive the resulting file download.

Do you comply with GDPR?

Because we don't store file content or personal data beyond what's necessary for account management, our data footprint is minimal. Registered users can request account deletion at any time via the billing portal.

What data do you store about me?

For anonymous users: nothing beyond standard server access logs (IP, timestamp, tool used). For registered users: email address, hashed password (bcrypt), and usage statistics (tool name, file size in MB, success/failure) — never file content.

Process your PDFs with confidence

Zero retention. Full encryption. No tracking. 29 tools, free to use.

Try All Tools Free Read Privacy Policy