Privacy Policy

Last updated: May 9, 2026 · Reachable at support@pdfedit.com

Your PDFs never leave your device. Not when you open them, not when you edit them, not when you sign them, not when you save them. PDF Edit runs entirely inside your browser. We have no copy of your file. We cannot read it. We cannot share it. We cannot lose it in a breach, sell it to anyone, train an AI on it, or be subpoenaed for it — because we never have it in the first place.

This is not a marketing claim. It is an architectural fact about how the product is built, and you can verify it yourself in less than a minute (instructions below).

How it actually works

When you open a PDF on PDF Edit, your browser reads the file directly from your hard drive using its built-in File API. The PDF is then parsed and edited entirely by JavaScript and WebAssembly running on your computer — the same way a desktop app processes a file. When you click "Save," the completed PDF is delivered straight to your Downloads folder by the browser. At no point in this flow does your file's content leave your device.

The PDF Edit website itself is just static files — HTML, JavaScript, CSS, and fonts — served from a CDN. Those files contain the editor code. The server has no idea what you opened, what you typed, what you signed, or what you saved. It does not need to, because none of that processing happens on the server.

Verify it yourself (60 seconds)

Open PDF Edit in your browser.
Press F12 (or Cmd+Option+I on Mac) to open DevTools.
Click the Network tab and check "Preserve log."
Drop a PDF into the editor. Edit it. Add text, sign it, save it.
Look at the Network log. Filter by request size if you want.
You will see zero outbound requests carrying your file's bytes. No POST with your PDF. No upload. Nothing. Your file went into the editor, was processed, and came out the other side — without ever touching our infrastructure.

Compare against any other free PDF tool (Smallpdf, iLovePDF, Sejda, Adobe Acrobat web, PDFescape) and you will see them upload your file before they let you edit it. PDF Edit is the only one that does not.

What we DO collect (and what we DON'T)

What we collect

Aggregate page-view analytics — via Google Analytics. We see things like "X visitors today, Y of them used the merge tool, Z came from Spain." We do not see what was in the PDFs they merged, because the analytics script — like every script on the page — runs in the same sandbox and has no access to the file content.
Your local UI preferences — theme (light/dark), interface language, zoom level. These live in your browser's localStorage on your device. We never see them.
Standard server logs — when you load the page, our hosting provider's web server records the request (your IP, your browser, the URL you fetched). This is true of every website on the internet and is required for serving you the page. These logs are rotated and never linked to anything you did inside the editor.

What we do NOT collect — and structurally cannot

The contents of your PDF — text, images, signatures, annotations, redactions, metadata. None of it is transmitted to any server. There is no version of "we accidentally saved your file" because there is no save path that goes anywhere except your Downloads folder.
The names or filenames of your PDFs.
Your name, email, phone number, address, or any personal identifier. We don't ask, and there is nowhere on the site to provide them.
Any account, login, or authentication state. There are no accounts.
Any payment information. The product is free and has no premium tier; no payment processor sees you.
Cross-site tracking from one PDF Edit session to another. We don't fingerprint you for re-identification.

For sensitive documents (legal, medical, financial)

Many of our users edit documents that are governed by strict confidentiality rules — court filings, medical records, tax returns, contracts under NDA, classified-adjacent material, internal company memos, attorney-client-privileged work product, and so on.

The legal frameworks that protect these documents (GDPR, HIPAA, attorney-client privilege, government data-handling policies) typically require that the document not be transmitted to any third party without strong contractual safeguards (a Data Processing Agreement, a Business Associate Agreement, etc.). Most online PDF tools cannot meet this bar because they upload your file to their servers.

PDF Edit meets the bar by absence. There is no DPA to sign, no BAA to negotiate, and no breach to report — because there is no transmission to a third party in the first place. Your document goes from your device, through your browser, back to your device. We are not a "data processor" for your file because we do not process your file. The architecture removes the entire risk class.

Cookies and third-party services

The PDF editor itself sets no cookies. The website uses three third-party services, all of which operate at the page level and have no access to your PDF content:

Google Analytics — for the aggregate page-view counts described above. You can opt out by installing the Google Analytics Opt-out Browser Add-on or by enabling Do Not Track in your browser.
Google AdSense (when ads are active) — display ads are how this free product is funded. Our advertising partners may set cookies for ad personalization. You can manage personalization at Google Ad Settings.
Buy Me a Coffee — if you click the "Buy me a coffee" link to support the project, you are taken to buymeacoffee.com, which has its own privacy policy and payment flow. We never see your payment details.

None of these services receive your PDF content because they cannot — same sandbox, same architectural impossibility as everything else on the page.

Your rights (GDPR, CCPA, and similar)

If you are in the EU, UK, California, or any jurisdiction with strong privacy law, you have rights to access, correct, delete, and port the personal data a service holds about you. We have answered every one of those requests in advance: we don't hold any personal data about you, so there is nothing to access, correct, delete, or port. If you want us to confirm that in writing, email support@pdfedit.com and we will reply.

The aggregate page-view analytics described above do not include personal identifiers and cannot be tied back to a specific person. If you would like us to exclude you from analytics entirely going forward, the cleanest option is a browser-level Do Not Track setting or the Google Analytics opt-out add-on linked above.

Children's privacy

PDF Edit does not collect personal information from anyone, regardless of age. The service is appropriate for all ages.

Data security

Because your files never leave your device, the most common cause of document privacy incidents — a server breach at a SaaS provider — is structurally impossible here. There is no server-side copy of your document for anyone (including us) to lose, leak, or have stolen. Your security depends only on the security of your own device, which is a much smaller and more controllable surface than a third party's data center.

Where the code lives

If you want to inspect the actual code that runs in your browser, you can. The site's JavaScript and WebAssembly bundles are served unminified-enough to read in DevTools, and the project's source is published on GitHub. We mention this because the strongest privacy guarantee is one you can verify — not one you have to take our word for.

Changes to this policy

If we change anything material, we will update the "Last updated" date at the top of this page and, if the change is significant, post a notice in the editor. The architectural property described above ("your files never leave your device") is fundamental to the product and will not change — it is what PDF Edit is.

Contact

Questions, concerns, or want a written confirmation that we don't have any data about you? Email support@pdfedit.com. We read every message.