Are online PDF tools safe? What to check before using one
PDFs often contain the most sensitive documents in your life — tax returns, bank statements, medical records, passports, contracts. Before you drop one into a "free online PDF" website, it's worth understanding exactly what happens to it. The answer is often surprising.
The hidden risk: most tools upload your files
The vast majority of online PDF tools — including well-known names — work by uploading your file to their servers. When you click "compress" or "merge", your document travels across the internet to a remote computer, gets processed there, and is sent back to you. During that process:
- Your file is stored on a third-party server, even if briefly
- The company's employees could theoretically access it
- If their servers are breached, your document could be exposed
- Their data retention policy determines how long it stays
- You're trusting their privacy policy, which you probably haven't read
For a photo of a receipt, that's probably fine. For a passport scan, a medical report, or a legal contract — it's a real risk most people don't think about.
How to tell if a tool uploads your files
Here are four ways to check before you use any online PDF tool:
- Look for "files deleted after X hours" — this phrase confirms your file was uploaded. If it wasn't uploaded, there'd be nothing to delete.
- Check the network tab — open your browser's developer tools (F12), go to the Network tab, then process a file. If you see a large POST request, your file was uploaded.
- Try it offline — disconnect from the internet after the page loads. If the tool stops working, it needs a server. If it still works, it's processing locally.
- Read the privacy policy — look for words like "process on our servers", "temporary storage", or "third-party processors". These confirm server-side processing.
What types of documents are highest risk?
- Identity documents — passports, driving licences, national IDs
- Financial documents — bank statements, tax returns, payslips
- Medical records — test results, prescriptions, insurance claims
- Legal documents — contracts, NDAs, court documents
- Business documents — anything marked confidential or under NDA
For any of these, you should only use a tool that processes locally — or use desktop software like Adobe Acrobat or Preview (Mac).
The browser-based alternative: local processing
A small number of tools — including Slate — use a different approach. Instead of uploading your file, they use WebAssembly to run PDF processing code directly inside your browser. Your file is read into your device's memory, processed on your own CPU, and the result is handed back to you. Nothing is transmitted.
You can verify this yourself: open Slate's Merge PDF tool, load a file, then disconnect from the internet. The merge still works — because it never needed the internet in the first place.
Is Slate safe for confidential documents?
Yes. Because Slate processes everything locally:
- There's no server to breach
- No employee can access your files
- No data retention policy applies — there's no data to retain
- GDPR and data protection laws are irrelevant — no personal data is collected
The only copy of your file is the one on your device. That's the safest possible architecture for handling sensitive documents online.
Quick checklist before using any PDF tool
- ☐ Does it mention "files deleted after X hours"? (= uploads)
- ☐ Does it require an account? (= data collection)
- ☐ Does it work offline? (= local processing)
- ☐ Is the privacy policy clear about no server processing?
- ☐ Is the document sensitive enough to matter?