You drag a contract onto a free "PDF converter," click a button, and a few seconds later download the result. Simple — but in that moment, where did your contract actually go? For most online tools the honest answer is: to a server you've never heard of, in a country you didn't choose. Usually that's fine. Sometimes it isn't. Here's how to tell the difference and stay on the safe side.
How most online PDF tools work
The traditional model is server-side. When you upload a file, it travels over the internet to the company's servers, gets processed there, and the finished file is sent back to you. This is how the big names — and most of the smaller clones — operate. It works, and for non-sensitive files it's perfectly reasonable.
The catch is that your file genuinely leaves your device. However briefly, a copy exists on someone else's computer, where it can in principle be logged, cached, scanned, or — if the company is careless or compromised — exposed.
The real risks (and the ones that are overblown)
- Reputable services are usually careful. Established tools encrypt uploads and delete files after a short window. The risk here is low, though not zero.
- Unknown "free" sites are the gamble. A converter with no clear company behind it, no privacy policy, and aggressive ads is the one to avoid for anything private. You have no way to verify what it does with your upload.
- Retention is the quiet issue. "We delete your files" is a promise, not a guarantee. Logs, backups, and caches can outlive the original.
- Jurisdiction matters for some. If you handle regulated data — health, legal, financial — uploading it to an unknown third party can itself breach the rules you're bound by.
The safer model: processing in your browser
There's a second way to build these tools that sidesteps the whole question. Modern browsers are powerful enough to read, render, and rewrite files locally using JavaScript and WebAssembly. With this approach, your file never leaves your device — the conversion happens on your own computer or phone, and nothing is uploaded.
This is how PDFduck's image and PDF tools work. Merging, splitting, PDF-to-image, and image-to-PDF all run entirely in the browser. The practical upshot is threefold: privacy, because only you ever see the file; speed, because there's no upload or download round-trip; and no limits, because there's no server cost to ration.
A fair note: some conversions still need a server
We won't pretend browser processing can do everything. Converting complex Office documents — Word, Excel, PowerPoint — with perfect fidelity to fonts, layouts, and embedded images is genuinely hard to do well in a browser today. For those, PDFduck uses a secure server with LibreOffice and deletes your file immediately after the conversion. We tell you which path each tool takes rather than claiming "100% private" across the board when it isn't true. Honesty about where your file goes is part of being trustworthy.
How to check any tool before you trust it
- Does it say where processing happens? Tools that work in-browser usually say so plainly. If it's silent, assume your file is uploaded.
- Is there a real privacy policy? One that names the company and explains retention is a good sign.
- Watch the network, if you're technical. Your browser's developer tools show whether the file is actually sent anywhere.
- Match the tool to the file. Use whatever's convenient for harmless documents; insist on local processing for anything sensitive.
So — are they safe?
Online PDF tools are as safe as the weakest link in how they handle your file. A reputable server-side tool is fine for ordinary documents. An anonymous free site is a poor place to send anything private. And a browser-based tool that never uploads your file at all is the safest option by design — there's simply nothing in transit to intercept. Pick the model that matches the sensitivity of what you're converting, and you'll rarely go wrong.