Filoraio

Privacy

Your files don’t move. Your data shouldn’t either.

This policy explains what data Filoraiocollects, what we don’t, and how to control what little we do. Written in plain English — no boilerplate that obscures the point.

Last updated: May 25, 2026

The short version

  • Your PDFs are processed in your browser. Filoraio's servers never see them.
  • No account, no email, no signup — ever.
  • We use privacy-friendly analytics to count page views — no profiles, no cross-site tracking.
  • Ads (where enabled) come from Google AdSense and follow its consent rules. You can opt out.
  • We don't sell or share your data with third parties for marketing.
  • If you live in the EU, UK, California, or Brazil, you have additional rights — see below.

1. How we handle your files

Your PDFs never leave your browser. Every Filoraio tool — merge, split, compress, convert, sign, watermark, OCR, edit — processes your file directly on your device using open-source PDF and OCR engines that run as WebAssembly modules inside your browser tab.

We do not upload your files to a server. We do not store them. We do not log their names, sizes, page counts, or contents. You can verify this yourself: open your browser’s DevTools, switch to the Network tab, and watch it stay quiet while you use any tool.

Exception, with notice:some future tools (PDF-to-Excel, PowerPoint-direction conversions) genuinely require server-side processing for the fidelity users expect. If we add those, the affected tools will be clearly marked “Encrypted upload” (vs the current “Runs in your browser”) and this policy will be updated to describe exactly how those files are handled.

2. Accounts (we don't have them)

Filoraiohas no account system. You don’t sign up, you don’t verify an email, you don’t set a password. Every tool works the moment you load the page.

The flip side: there’s nothing for us to lose. We’re not the next breach headline because we’ve never had your email, password, payment method, or document history.

3. What we do collect

The data that does reach our infrastructure is limited to:

  • Request metadata (browser type, OS, country, referring URL) — standard web server logs, used to detect abuse, count traffic, and debug browser-compatibility issues. Retained for 30 days, then deleted.
  • Aggregate analytics (page views per URL, country, anonymised session counts) — helps us see which tools are useful and which pages have UX issues. See section 4 below.
  • Contact form submissions — when you use the form on /contact, your message opens in your local mail client and is sent directly to us by email. Once received, we keep the correspondence to maintain the conversation.

We do not collect: your name, email (unless you choose to message us), location beyond country, browsing history, behavioural profile, or any data about your files.

4. Analytics

If NEXT_PUBLIC_GA_ID is set in the deployment, Filoraioloads Google Analytics 4 (GA4) for aggregate page-view tracking. GA4 anonymises IP addresses by default and we’ve enabled this setting.

You can block this entirely by using a browser with built-in tracker blocking (Brave, Firefox in strict mode, Safari with ITP, etc.) or by installing a content blocker (uBlock Origin, Privacy Badger). Filoraio works fully whether GA loads or not.

5. Advertising

If NEXT_PUBLIC_ADSENSE_ID is set, the site loads Google AdSense. Google may use cookies and similar technologies to serve ads based on your prior visits to this and other websites.

You can opt out of personalised advertising by visiting Google Ads Settings or aboutads.info. Ads will still appear, but they won’t be personalised.

6. Cookies

Filoraio uses cookies in three categories:

  • Strictly necessary — a small number set by the framework (Next.js) to keep the site working. Cannot be disabled without breaking core functionality.
  • Analytics — set by Google Analytics, if enabled. Block-able via browser settings or a content blocker.
  • Advertising — set by Google AdSense, if enabled. Opt-out via the links in section 5.

We don’t use any cookies of our own to track behaviour across sessions. We don’t set tracking pixels, social widgets, or fingerprinting scripts.

7. Third-party services

The third parties Filoraio integrates with are:

  • Vercel (or comparable host) — serves the website. Receives standard HTTP request metadata; never receives your files.
  • Google Analytics (optional) — page views + country only.
  • Google AdSense (optional) — ad serving as described in section 5.
  • OCR language CDN — when you use the OCR tool, your browser downloads language models (~10–15 MB once per language) from a public CDN. The CDN sees the download request but not your PDF.
  • PDF rendering worker — bundled with the site, no external request.

8. Data retention

  • Your files:never retained anywhere outside your browser’s memory. The moment you close the tab, they’re gone.
  • Server access logs: retained for up to 30 days for abuse prevention, then deleted automatically.
  • Analytics data: retained per Google’s defaults (we use the shortest retention period GA allows — 2 months for user-level data).
  • Contact form correspondence: kept while the conversation is active. Closed conversations are deleted within 12 months unless you explicitly ask us to keep the thread longer.

9. Your rights (GDPR, CCPA, etc.)

If you’re a resident of the EU/EEA, UK, Switzerland, California, or Brazil, you have specific data-subject rights under GDPR, CCPA, LGPD, or equivalent laws — including:

  • The right to know what data we hold about you
  • The right to request a copy
  • The right to request correction
  • The right to request deletion
  • The right to opt out of any “sale” or “share” of personal information
  • The right to lodge a complaint with your data-protection authority

Because we don’t hold accounts or file contents, most of these requests have a fast answer: we don’t have it. For correspondence you’ve sent via /contact, email us at hello@filoraio.com from the same address and we’ll respond within 30 days.

We do not sell or share personal information for cross-context behavioural advertising as defined under CCPA.

10. Children's privacy

Filoraio is a general-audience tool and not directed at children under 13. We don’t knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we’ll delete it.

11. International users

Filoraiois operated from the location indicated on our hosting provider’s infrastructure. By using the site you understand that any data we do collect (request metadata, analytics, correspondence) may be processed in countries with different data-protection laws than your own. We take steps to ensure adequate protection through our processors’ contractual safeguards (e.g. Standard Contractual Clauses for GDPR).

12. Changes to this policy

We may update this policy when we add features (especially server-side tools), change analytics or advertising providers, or respond to new legal requirements. Material changes will be announced on the homepage and the “Last updated” date at the top of this page will be revised.

We won’t change the core promise — your files don’t leave your browser unless we tell you up front, per-tool, in clear terms.

13. Contact us

Privacy questions, data-subject requests, or complaints can be sent to hello@filoraio.com. We aim to respond within 5 business days; data-subject requests are completed within 30 days as required by GDPR.

Questions about how we handle your data?

We answer privacy questions in plain English. No legalese, no runaround.

Get in touch