Security
PDF Cloak processes your files entirely in your browser. This page explains exactly how that works and why it matters.
How it works
When you upload a file to PDF Cloak, it is read into your browser’s memory using the JavaScript File API. The PDF processing library (pdf-lib or PDF.js) runs entirely in your browser tab — there is no server, no API endpoint, and no cloud function. The output file is assembled in memory and handed to you as a download. At no point does any data cross a network boundary.
YOUR DEVICE
File selected
→
YOUR BROWSER TAB
pdf-lib / PDF.js processes in memory
→
YOUR DEVICE
Result downloaded
Network requests during processing: 0
What we don’t collect
Your files — they never leave your device
File names, sizes, or page counts
Document content or metadata
Your IP address, location, or browser fingerprint
Cookies or tracking pixels
Account information — there are no accounts
Payment information — the tool is free
How to verify
You don’t need to trust our word. Verify it yourself in under a minute:
- 01Open any PDF tool on PDF Cloak (e.g., Merge PDFs).
- 02Open your browser's developer tools.Chrome: Cmd+Option+I (Mac) or Ctrl+Shift+I (Windows). Firefox: Cmd+Option+I or Ctrl+Shift+I. Safari: Enable from Develop menu.
- 03Click the "Network" tab.Check "Preserve log" to keep entries visible across actions.
- 04Upload a PDF and process it.Merge two files, split a document, add a watermark — any operation.
- 05Look at the Network tab.You will see zero outbound requests carrying your file data. The only requests are for static assets (JS, CSS, fonts) that loaded when the page opened.
Third-party code
All PDF processing is handled by open-source libraries that run in your browser. No proprietary server-side code touches your files.
pdf-lib
PDF creation and manipulation
PDF.js (pdfjs-dist)
PDF rendering to canvas
react-dropzone
File drag-and-drop handling