Security

Security by architecture

Most online PDF services upload your files to a server, process them there, and send the result back. That model creates an inherent risk: your document sits on someone else's disk, even if briefly. PDFPuddle takes a different approach.

Client-side processing

Every tool on PDFPuddle runs entirely inside your browser using JavaScript. pdf-lib handles writing operations (merge, split, watermark, sign, etc.) and PDF.js handles rendering and text extraction. Both are battle-tested open-source libraries.

What this means for you

• Your files never travel across the internet to our servers
• There is no upload step — when you "open" a PDF it stays in your device's RAM
• There is no shared multi-tenant infrastructure to be breached
• Even if PDFPuddle itself were compromised, your past files would be unaffected

Transport security

The PDFPuddle site itself is served over HTTPS with a modern TLS configuration. The page assets (HTML, CSS, JS) you load are protected in transit.

Disclosure

If you discover a security issue, please contact us. We respond to all reports promptly.