PDF Privacy Guide: What Happens to Your Files on Free PDF Websites
We analyzed the privacy policies, data handling, and network behavior of 8 popular PDF tools. Here is what actually happens to your files when you use "free" online PDF services.
The Privacy Problem with Online PDF Tools
Over 100 million people use online PDF tools every month. Most assume their files are processed and discarded. The reality is more complicated: your PDF passes through multiple systems, may be stored for hours or days, and in some cases is used to train machine learning models.
We reviewed the privacy policies and tested the network behavior of 8 popular PDF tools to understand what actually happens to your documents.
What We Found: File Handling Across 8 Tools
We tested each tool by merging two PDF files while monitoring network traffic with Chrome DevTools and Wireshark. We then reviewed each service's privacy policy, terms of service, and data processing agreements.
| Tool | File Upload | Stated Retention | Uses Files for ML/AI | GDPR DPA Available |
|---|---|---|---|---|
| PDF-Zips | No upload (browser-only) | None — tab memory only | No (no server) | N/A (no data transfer) |
| iLovePDF | Yes (full file) | 2 hours | No (per policy) | Yes |
| Smallpdf | Yes (full file) | 1 hour | No (per policy) | Yes |
| Adobe Acrobat Online | Yes (full file) | 24 hours | Unclear (broad ToS) | Yes |
| PDF24 | Yes (full file) | Immediately after processing | No (per policy) | Yes (German company) |
| Sejda | Yes (full file) | 2 hours | No (per policy) | Yes |
| PDF Candy | Yes (full file) | Up to 48 hours | Unclear | Limited |
| FreePDFConvert | Yes (full file) | Unclear | Unclear | No |
Key finding: Every server-based tool uploads your complete file. Retention periods range from "immediately" to 48 hours. Two tools have unclear policies about using uploaded files for AI/ML training.
The Three Privacy Models
Online PDF tools fall into three distinct privacy architectures, each with different risk profiles.
Model 1: Client-side processing. Your file never leaves your device. The tool runs JavaScript in your browser to read, manipulate, and output the PDF. Network upload: 0 bytes. Privacy risk: none from the tool itself (standard browser security applies). PDF-Zips and a few open-source tools use this model.
Model 2: Server-side with explicit retention. Your file is uploaded, processed on a server, and stored temporarily (1-48 hours) before deletion. Privacy risk: your file exists on a third-party server during the retention window. A data breach, unauthorized employee access, or law enforcement request during this window could expose your documents. Most commercial PDF tools use this model.
Model 3: Server-side with broad terms. Your file is uploaded and the terms of service grant the provider broad rights to use uploaded content for "service improvement," which may include AI/ML model training. Privacy risk: highest. Your documents may persist in training datasets indefinitely.
Which Documents Are Most at Risk
Not all PDFs carry the same privacy risk. A flyer for a bake sale and a signed mortgage agreement have very different sensitivity levels. Here is a risk framework for common PDF types.
| Document Type | Sensitivity | Data Exposed | Recommended Processing |
|---|---|---|---|
| Tax returns (1040, W-2) | Critical | SSN, income, bank accounts | Client-side only |
| Medical records | Critical | Diagnoses, medications, SSN | Client-side only (HIPAA) |
| Legal contracts | High | Terms, signatures, party names | Client-side or encrypted server |
| Financial statements | High | Revenue, accounts, transactions | Client-side only |
| Employee records (I-9, W-4) | High | SSN, immigration status | Client-side only (FCRA/ADA) |
| School transcripts | Medium | Grades, student ID | Client-side preferred (FERPA) |
| Business proposals | Medium | Pricing, strategy | Client-side preferred |
| Marketing materials | Low | Public information | Any method acceptable |
Rule of thumb: if the document contains a Social Security number, financial account number, medical information, or legal signatures, use client-side processing exclusively.
How to Verify Privacy Claims
You do not have to take any PDF tool's privacy claims at face value. Here is how to verify for yourself.
Step 1: Open Chrome DevTools (F12) → Network tab before using the tool. Clear the log, then perform your PDF operation. If you see a large POST request uploading your file, the tool is server-based regardless of what it claims.
Step 2: Check the request payload size. A browser-based tool will show 0 bytes transferred for the PDF data. A server-based tool will show a transfer matching your file size.
Step 3: Test offline. Disconnect from the internet after loading the tool page. If the tool still works, it is genuinely client-side. If it fails, it requires a server connection.
We verified PDF-Zips using all three methods. Network transfer: 0 bytes. Offline test: all 10 tools functional. POST requests for PDF data: none.
Methodology
Privacy policies were reviewed in May 2026 from each tool's website. Network traffic was captured using Chrome DevTools (Network tab) and verified with Wireshark for two tools with ambiguous JavaScript behavior. Tests used Chrome 130 on macOS. We merged two 2 MB PDF files on each platform. All observations represent the state of each service at the time of testing and may change as providers update their policies.