Why You Shouldn't Upload Your PDFs to Online Tools

Most people don't think twice before uploading a PDF to an online tool. The file is processed, the result downloads, job done. The problem is invisible: somewhere between the upload and the download, your document sat on a server you don't control, operated by a company whose data practices you probably haven't read.

For many documents this is a reasonable trade-off. A publicly available form, a printed receipt, a conference schedule — these carry minimal risk if they pass through a third-party server. But a significant portion of the PDFs people routinely upload to processing tools aren't low-risk at all.

What Documents People Routinely Upload

Looking at common PDF tasks — merging, compressing, converting, signing — the documents involved frequently include:

• Employment contracts and offer letters (containing salary, role, terms of employment)
• NDA and confidentiality agreements (the existence of which is often itself confidential)
• Medical records, test results, prescription documents
• Financial statements, payslips, tax returns
• Legal documents: court filings, wills, powers of attorney
• Client proposals and pricing documents
• Engineering drawings containing proprietary designs
• Passports, driver's licences, identity documents

These are documents with real-world consequences if leaked, accessed without authorisation, or retained longer than necessary.

What Happens When You Upload a PDF

When you upload a PDF to a cloud processing tool, several things happen that you typically can't observe or control:

Transmission

Your file travels from your device to the service's servers over HTTPS. The encryption protects the file in transit, but once it arrives at the server it's decrypted for processing. The server-side handling is outside your visibility.

Storage

Most services store uploaded files temporarily — but 'temporarily' ranges from minutes to days. Many services state a deletion window (commonly 1–24 hours) in their privacy policy. Some retain files for longer as part of abuse prevention or service improvement. In practice, you can't verify when or whether deletion actually occurs.

Processing Infrastructure

Large services use cloud infrastructure (AWS, Google Cloud, Azure). Your file may be processed on servers in multiple jurisdictions, across different data centres, potentially logging access metadata along the way. Sub-processors — third-party services the tool vendor uses — may also have access.

Staff Access

Most services have human staff with potential access to uploaded files — for support, debugging, abuse review, or training AI models. Privacy policies typically include a carve-out permitting this. For confidential documents, this is a significant exposure.

When It Genuinely Matters

Not every upload is a meaningful risk. A practical framework:

• Low risk: publicly available documents, your own published work, documents with no personal data or confidential information
• Moderate risk: internal business documents without sensitive personal data or proprietary IP — depends on your organisation's policies
• High risk: contracts, legal documents, medical records, financial documents, identity documents, documents containing personal data of third parties, proprietary technical drawings
• Unacceptable: anything under an NDA that restricts disclosure, documents under legal privilege, regulated data (HIPAA, PCI, GDPR-sensitive personal data)

The Local Processing Alternative

WebAssembly has made it possible to run sophisticated document processing — including full PDF rendering, editing, merging, and compression — inside a browser tab without any network transfer of file contents. The PDF engine runs locally; the document never leaves your device.

DraftPDF uses PDFium compiled to WebAssembly for all processing. You can verify this in your browser's network inspector (F12 > Network): open and edit a PDF, and you'll see no outbound requests carrying your file data.

How to Verify a Tool Doesn't Upload Your File

What to Ask Before Using a Cloud PDF Tool

• Where are servers located, and does that comply with my data residency requirements?
• How long are uploaded files retained, and is deletion verifiable?
• Are uploaded files used for any purpose beyond the immediate processing task (e.g. training models, improving the service)?
• Who are the sub-processors, and do they have access to file contents?
• Is there a Data Processing Agreement (DPA) available for GDPR compliance?

Reputable cloud tools — iLovePDF, Smallpdf, Adobe Acrobat online — answer most of these questions in their privacy policies and offer DPAs for business customers. The answers may still mean a cloud tool isn't appropriate for your most sensitive documents.

The Practical Recommendation

Use local processing tools by default for any document you'd hesitate to email to a stranger. Use cloud tools only for documents where you've confirmed the risk is acceptable. The good news is that local browser-based PDF tools now cover the full range of common tasks — annotation, merging, signing, form creation, redaction, rotation — so the functional trade-off is minimal.