Our security model

PDFFlow is built on a security architecture that is fundamentally different from server-based PDF tools: all document processing happens locally in your browser. This design means that PDFFlow never receives, stores, or transmits your document files. The primary security guarantee is structural rather than policy-based -- it is technically impossible for PDFFlow to access your files because they never leave your device. This is verifiable: open Chrome DevTools, navigate to the Network tab, and process any file using PDFFlow. You will observe zero outbound requests carrying file data.

Data we do and do not collect

PDFFlow does not collect document files, document content, file names of uploaded documents, or any metadata derived from documents you process. We do collect standard web analytics through Google Analytics: page views, session duration, general geographic location (country and city level, not precise location), device type and operating system, and browser type. This data is anonymized, aggregated, and used only to understand site usage patterns for improvement purposes. We do not collect names, email addresses, or any personal identification unless you voluntarily contact us at our support email.

HTTPS and transport security

All connections to pdfflow.live use HTTPS with TLS 1.2 or higher encryption. This ensures that the HTML, JavaScript, and CSS files that constitute the PDFFlow application are transmitted to your browser securely, without interception or modification in transit. The certificate is issued by a recognized Certificate Authority and is regularly renewed. While transport security is important for the initial page load of the PDFFlow application, it is worth noting that the actual PDF processing -- the part that handles your files -- does not use the network at all after the page loads. Transport security matters for the application delivery, not the file processing.

Content Security Policy

PDFFlow implements Content Security Policy headers to reduce the risk of cross-site scripting (XSS) attacks. Content Security Policy defines which scripts, styles, and resources are permitted to load on the page, preventing unauthorized code injection. This protects visitors from malicious script injection that could potentially attempt to intercept file data processed by the page. Our CSP is configured to allow only explicitly approved script and resource sources.

Third-party services

PDFFlow uses Google Analytics (GA4) for usage analytics and Google AdSense for advertising. Both are services provided by Google LLC, subject to Google's privacy and security practices. The pdf-lib and pdf.js libraries used for document processing are loaded from the pdfjsLib CDN (Cloudflare) for the pdf.js worker script and bundled directly into the site build for pdf-lib. No other external services have access to any data from site visitors. We do not use session recording tools, heat-mapping services, or any other behavioral tracking beyond Google Analytics.

Responsible disclosure

If you discover a security vulnerability in PDFFlow, please report it to support@pdfflow.live before public disclosure. We will acknowledge receipt within 48 hours, investigate the issue, and work to address it promptly. We appreciate responsible disclosure and will credit researchers who identify genuine security issues, subject to their preference for public or private acknowledgment. We ask for reasonable time to investigate and address issues before any public disclosure.