← All posts

Why you should never upload PDFs to online tools

·4 min read

You found a free website that merges PDFs. You drag in a contract, click a button, download the result. Convenient. But somewhere between "drag in" and "download," your file traveled across the internet to a server you've never heard of, in a country you didn't choose, owned by a company you can't name.

For a meme PDF, who cares. For a signed contract, a medical report, a bank statement, or an ID scan — that should give you pause.

What actually happens when you "upload"

The word upload is doing a lot of quiet work. It means a complete copy of your file now exists on someone else's computer. What happens to that copy depends entirely on a privacy policy you didn't read:

  • How long is it stored? "Deleted after one hour" is common — and unverifiable from your side.
  • Who can access it? Employees, subprocessors, backups, and anyone who breaches the server.
  • Where does it live? A file processed in another jurisdiction is subject to that jurisdiction's laws, including lawful-access requests.
  • Is it used for anything else? Some "free" tools train models or build datasets on uploaded documents.

None of this is hypothetical. Document-processing services have leaked files through misconfigured storage buckets more than once. The only file that can't leak is the one that was never uploaded.

The data you're actually handing over

Think about the PDFs you've touched this month. Probably some mix of: employment contracts, invoices with bank details, lease agreements, tax documents, insurance claims, scanned passports, medical test results. These are exactly the documents identity thieves and corporate competitors want most.

You wouldn't email a stranger your passport scan and write "please delete this after an hour." Uploading it to an anonymous PDF site is the same trust, with worse accountability.

The alternative: processing in your browser

Here's the part most people don't know: the vast majority of PDF operations don't need a server at all. Merging, splitting, rotating, compressing, watermarking, adding a password — all of it can run inside your browser tab using WebAssembly, a technology that lets fast, compiled code execute locally.

When a tool works this way, your file never moves. There's no upload to intercept, no copy to retain, no server to breach. The bytes stay on your machine from start to finish.

That's the entire design principle behind PlinyPDF: do the work locally whenever it's technically possible, and be honest about the rare cases where it isn't.

How to verify it yourself (30 seconds)

You don't have to trust any claim — including ours. Browsers ship with a tool that shows every byte a page sends over the network.

  1. Open the PDF tool you want to test.
  2. Press F12 (or right-click → Inspect) to open DevTools.
  3. Click the Network tab.
  4. Run the tool — merge a file, add a watermark, whatever.
  5. Watch the request list.

If the tool is genuinely local, you'll see no upload traffic — no large outgoing request carrying your file. If you see your multi-megabyte PDF leaving in a POST request, it was uploaded, full stop.

Try it right now on Merge PDF or Add Watermark. The Network tab stays quiet because the file never leaves.

When a server is genuinely unavoidable

Honesty matters more than absolutism. A few operations really do need server muscle: converting a PDF to an editable Word document (which needs a full office engine), or summarizing a 200-page report with AI (which needs a language model). For those, the right standard isn't "never upload" — it's upload over an encrypted connection, process, delete fast, and never train on your data.

The difference is that you should know when that's happening. A trustworthy tool labels its cloud features clearly instead of silently shipping every file off your machine.

The takeaway

Before you upload a PDF, ask one question: does this actually need a server? For most tasks, the answer is no — and a tool that uploads anyway is taking a risk with your documents for no reason. Check the Network tab, prefer local processing, and keep your files where they belong: on your own machine.