Skip to content

Security at PDFWix

How we keep your PDFs private and your account safe.

Security at PDFWix

How we keep your PDFs private and your account safe.

Quick answer

PDFWix processes 22 of its 24 tools entirely in your browser using WebAssembly (WASM) — your PDF file is never uploaded to any server. The two server-side tools (Protect PDF and Unlock PDF) process files in-memory only over TLS 1.3, and the in-memory buffer is freed immediately after the response is returned. No files are written to disk. No files are retained.

Most tools never upload your file

PDFWix uses client-side PDF manipulation — Merge, Split, Compress, Edit, Sign, Rotate, Watermark, Redact, Page Numbers, Organize, Crop, Repair, Compare, Fill Form, JPG-to-PDF, PDF-to-JPG, PDF-to-PNG and several others run entirely in your browser via WebAssembly PDF processing. Your file is never uploaded — it's processed on your device, in memory, and downloaded back to you. Data residency — your device only.

Server-side tools and how we handle them

A small number of tools — currently Protect PDF (qpdf encryption), Unlock PDF (qpdf decryption) and HEIC conversion in some fallback paths — execute on our servers under a no-disk-write processing model. Files transit over TLS 1.3, are processed in volatile server memory only (never written to disk), and the in-memory buffer is freed immediately after the response is returned. We never train AI on uploaded files. We never share, sell or repurpose them. This zero server storage architecture means even server-processed files leave no persistent traces. See our Privacy Policy for the full data-handling breakdown.

Encryption and transport security

All connections to pdfwix.com use TLS 1.3 — the current cryptographic standard for web transport security. TLS 1.3 removes support for legacy cipher suites and significantly reduces connection latency versus TLS 1.2.

For server-side tools (Protect PDF, Unlock PDF): the two tools that use server processing encrypt file data in transit using TLS 1.3. Files are processed using AES-256 encryption for the output (for Protect PDF) — the same standard required by US FIPS 140-2 and most enterprise document security policies. AES-256 with a strong password provides computational security that current technology cannot break in a practical timeframe.

For browser-side tools: no file data is transmitted at all. TLS applies only to page and script loading.

Encryption strength and signature compliance

Protect PDF uses AES-256 — the strongest standard PDF encryption supports, and the same standard required by US FIPS 140-2 and most enterprise document policies. Sign PDF produces electronic signatures that meet the US ESIGN Act and EU eIDAS simple-electronic-signature requirements, sufficient for engagement letters, NDAs and most commercial contracts.

Client-Side PDF Manipulation — How PDFWix Processes Your Files

PDFWix uses client-side PDF manipulation for the majority of its tools — meaning all PDF processing happens inside your browser using WebAssembly, with zero data transmitted to any server.

WebAssembly (WASM) is a low-level bytecode format that runs at near-native speed inside modern browsers. PDFWix compiles PDF processing libraries — including Ghostscript for compression and PDF manipulation — to WebAssembly, so they execute directly on your device.

The result: your PDF file is loaded into browser memory, processed entirely on your CPU, and the output is written back to your device. At no point does the file data cross a network boundary.

This architecture is fundamentally different from cloud-based PDF tools that upload your file to a remote server for processing.

Cloud-based processing (most PDF tools): your file is uploaded over the internet, processed on a remote server, the result is downloaded back, and the file is stored on the server until deletion.

Client-side processing (PDFWix — 22 tools): your file is loaded into browser memory, processed by WebAssembly on your device, output is saved to your device, with zero server involvement.

For the two tools that require server processing (Protect PDF and Unlock PDF): the file is transmitted over TLS 1.3 (HTTPS), processed in volatile server memory only, never written to disk at any point, the memory buffer is freed immediately after the response is returned, and there is no file retention and no logging of content.

This no-disk-write server architecture means even server-processed files leave zero persistent traces after your download is complete.

Reporting a vulnerability

Email support@pdfwix.com with the subject 'Security'. We acknowledge within 24 hours and follow a coordinated-disclosure timeline. We don't currently run a paid bug-bounty programme but credit researchers in our changelog with their permission.

Frequently asked questions

How do I know a tool runs in the browser?

Each tool's page shows a 'browser-side' or 'server-side' badge. The browser-side tools also work offline once the page is loaded — you can disconnect from the internet after the page loads and the tool will still work, which is the simplest live test of client-side PDF manipulation.

Do you keep logs of my files?

No. Browser-side tools never see your file at all — data residency is your device only. Server-side tools log only request metadata (timestamp, tool name, response status) — not file contents and not file metadata, under our no-disk-write processing model.

Are encrypted PDFs really safe?

AES-256 with a strong password is computationally infeasible to brute-force. The weakest link is your password — use a 16+ character mixed-case password with numbers and symbols, and share it through a different channel than the PDF itself.