Your PDFs are being uploaded to strangers — and they don't have to be

You open a free PDF tool, drop in a contract, click Compress. Twenty seconds later, you get a download link.

Quick question: where did your contract just go?

If you can't answer that — and most people can't — you've just handed a copy of that document to a company you've never vetted, in a country whose data laws you don't know, to be processed on servers you'll never see, retained for a period nobody told you. The contract had your salary in it. Or your client's address. Or your medical history. Or the financial projections you spent three weeks on.

This isn't theoretical. It's the default model for almost every "free" PDF tool on the internet.

What actually happens when you upload a PDF

The pipeline is consistent across the major players. You upload a file. It hits a load balancer. It's written to object storage (usually AWS S3 or equivalent). A worker picks it up, runs the conversion in a container, writes the result back to storage. A short-lived URL is generated for your download. The original and converted files sit in storage until a retention policy deletes them — typically anywhere from 1 hour to 30 days, depending on the service.

That's the happy path. Within it, your file is touched by:

• The TLS-terminating proxy at the edge
• The load balancer's request logs (often including filename)
• The object storage layer, which is read-write accessible to every engineer with production access at that company
• The processing worker's memory and temp disk
• The CDN cache, if the download URL gets cached
• The access logs, which usually persist for months
• Whichever monitoring and observability tools the company uses (Datadog, Honeycomb, etc.) — these often ingest request bodies

Every one of those layers is a place your file could leak. Most don't. Some have. The 2023 disclosure of misconfigured S3 buckets exposing user-uploaded documents at multiple PDF-conversion services made the rounds in security circles and was quietly patched without consumer-facing disclosures, because the affected companies weren't legally required to notify users for documents below specific thresholds.

The three risks people underestimate

1. Retention drift

Most free PDF tools say something like "files are deleted within 1 hour." That commitment exists in the privacy policy, not in the code. There's no external audit that proves it. There's no way for you to verify it. And the privacy policy can be updated unilaterally. The version you agreed to when you uploaded your tax return six months ago is not necessarily the policy that governs it today.

2. AI training data

This one is new. The post-2023 generative-AI gold rush created a documented market for high-quality training corpora. Documents — especially well-formatted business documents — are extraordinarily valuable training material. Several free PDF services updated their terms in 2024 and 2025 to allow "improvement of services, including machine learning models" — language general enough to cover almost any use. If you uploaded a marketing plan in 2023, there is no mechanism preventing it from being part of a 2026 training corpus.

3. Acquisition risk

SaaS companies get acquired. When they do, their data assets transfer to the new owner under whatever the new owner's terms specify. The PDF tool you trusted in 2023 may be owned in 2026 by a private equity rollup that has different ideas about what to do with five years of user uploads sitting in cold storage.

None of these risks are exotic. They're the default conditions of trusting your documents to any third party that takes possession of them.

Why this got worse, not better

You'd expect the trajectory to bend toward more privacy. The opposite happened.

Three things converged. First, the AI training boom made document corpora suddenly valuable in ways nobody had previously priced. Second, the consolidation of the PDF-tools market into a small number of large players concentrated retention risk into fewer hands. Third, the same market consolidation reduced competitive pressure on privacy as a feature, because all the big players quietly normalised server-side processing as "just how it works."

The "just how it works" framing is wrong. It was how it had to work in 2008, when browsers couldn't crack 100MB of memory and couldn't run anything more complex than a slideshow. It hasn't been how it has to work for at least eight years. Modern browsers ship full JavaScript engines, WebAssembly runtimes, GPU access via WebGPU, and enough memory to handle hundred-megabyte PDFs without breaking a sweat. Every operation a server-side PDF tool performs — merging, splitting, compressing, signing, OCR, conversion, encryption — has a browser-side equivalent that's been production-grade for years.

The reason most of the market still uploads is inertia, not necessity.

What in-browser tools do differently

When a PDF tool runs entirely in your browser, the file never leaves your device. There's no upload step. The file is read into your browser tab's memory. All the manipulation — page reordering, compression, format conversion, OCR — runs as JavaScript or WebAssembly on your machine. The output is written to a Blob URL that your browser immediately offers as a download. Nothing crosses your network adapter except the static HTML, CSS, and JavaScript that comprise the tool itself.

This is verifiable. Open your browser's DevTools, switch to the Network tab, run the conversion. You'll see the initial page load, you'll see some font files and the worker JavaScript, and you'll see absolutely no POST request carrying your file. If a tool claims to be in-browser and DevTools shows your file going up the wire, the claim is false.

It's worth being honest about what in-browser tools can't do well. The conversions that require Microsoft Office's rendering engine — Excel and PowerPoint specifically — are still hard to do faithfully in the browser, because faithfully rendering those formats requires reverse-engineering the Office layout engine. For everything else — every PDF operation, every image conversion, OCR, signing, encryption, compression — there's no good technical reason to ever upload.

The three things to check before trusting any PDF tool

If you take one thing from this piece, take this. Before you upload a PDF to any free tool, open DevTools (Cmd-Opt-I on Mac, F12 on Windows), go to the Network tab, and watch what happens when you process the file.

You're looking for three things:

1. No POST or PUT request containing your file payload. Filtering by Request size makes this easy — if any request has a body the size of your file, your file went up.
2. No persistent storage of file data outside your tab. Check IndexedDB and Local Storage under the Application tab — a properly built in-browser tool should clean up after itself.
3. The tool's claims match its behaviour. If a tool's homepage says "your files never leave your device" but DevTools shows them leaving your device, that's a trust failure that should disqualify the tool entirely.

Two minutes of DevTools tells you more about a tool's privacy than two hours of reading its privacy policy.

A different default

We built Filoraio because the people who upload their tax returns to mystery servers should have an alternative that's just as fast, just as polished, and provably doesn't do that.

Every Filoraio tool runs entirely in your browser. The codepath that uploads your file to a server doesn't exist — not because we promise not to use it, but because it isn't there. You can verify this with DevTools in thirty seconds. You can verify it by running the tool with your Wi-Fi disabled (it still works). You can verify it by reading the network panel of any of our tools — Merge PDF, Compress PDF, PDF to Word, OCR PDF, Sign PDF — and watching nothing leave your tab.

There's no signup. No daily quota. No watermark on the output. The site is supported by ads on the page, not by the file you process.

If that sounds like what a free PDF tool should be, that's the point. It's how it should have worked for the last eight years.

The bar isn't high. It's just that until recently nobody else was clearing it.