Security

PlainPDF uses a browser-side processing model for functional MVP tools. Selected files are not uploaded to an application server.

Current controls

• Supported file types are validated before processing.
• Files are limited to 50MB each.
• Downloads use randomised filenames.
• Security headers include CSP, HSTS, nosniff, referrer policy, permissions policy, and frame protection.
• No document contents or file names are intentionally logged by analytics.

Retention

PlainPDF application servers do not receive or retain files used by functional browser-side tools. Browser memory and temporary download URLs are released after use or when the page closes.

Limitations

No online tool can guarantee that every file is safe or valid. Keep original copies, use trusted devices, and review output before relying on it.