You found a PDF tool you want to use, but the file is sensitive — a contract, a bank statement, a medical record. Before uploading, you want to know: is it safe? Where does the file go? Who sees it? How long is it kept?
This is a direct, honest answer for PDFGrover specifically.
The short version
- For most tools (merge, split, rotate, edit, sign, fill forms, page numbers, watermark, crop, etc.) — your file never leaves your device. The processing runs in your browser using JavaScript. We never see the file.
- For some tools (compress, OCR, Word/Excel/PowerPoint conversion) — the file is uploaded over HTTPS to our server, processed, and the uploaded copy is deleted as part of generating your download.
- No signup, no account, no email required for any tool.
- No watermarks on output, ever.
- No file retention — files are deleted immediately after the response is sent.
If you'd like the longer explanation of how each works, read on.
What runs in your browser vs. on our server
PDF tools fall into two categories based on what's technically possible:
Browser-based (your file never uploads)
These tools run as JavaScript in your browser. The file is loaded into your browser's memory, processed there, and the result is offered as a download — all without crossing the network.
Tools in this category:
- Merge PDF (small batches: 10 files / 30 MB or less)
- Split PDF (files up to 100 MB / 100 outputs or fewer)
- Rotate PDF
- Reorder PDF Pages
- Delete PDF Pages
- Extract PDF Pages
- Add Page Numbers
- Add Watermark
- Crop PDF
- Resize PDF Pages
- Edit PDF (add text, images, shapes)
- Sign PDF
- Fill PDF Forms
- Flatten PDF
- PDF to Grayscale
- PDF Metadata Editor
- Unlock PDF (owner-password / permissions removal)
- Protect PDF (small files)
- Extract Text (small files)
- Extract Images (small files)
- PDF to JPG (small files)
- JPG to PDF (small batches)
- PDF to PNG (small files)
- PNG to PDF (small batches)
For these, you can verify the file isn't uploading by opening your browser's DevTools (F12) and watching the Network tab while you process a file. You won't see your file in any POST request to our server.
Server-based (file is uploaded, processed, deleted)
Some operations can't run in a browser — they require server-side software (such as full-document OCR, Office-format conversions, or large-file compression):
- Compress PDF (always server-side; the algorithm doesn't run in browser)
- OCR PDF (uses server-side OCR engines)
- PDF to Word
- PDF to Excel
- Word to PDF
- HTML to PDF (server-side rendering)
- Merge PDF (large batches: more than 10 files OR over 30 MB total)
- Split PDF (large files: over 100 MB OR more than 100 outputs)
- Protect PDF (large files)
- Extract Text (large files)
- Extract Images (large files)
- PDF to JPG (large files)
- JPG to PDF (large batches)
For these, the workflow is:
- Your file uploads over HTTPS (TLS-encrypted in transit).
- The server writes it to a private temporary folder.
- The processing engine reads it, generates the output.
- Your download is streamed back over HTTPS.
- The uploaded file and any temporary working files are deleted.
The deletion happens as part of the response — it's automatic, not a scheduled job that might miss. By the time you've saved the downloaded file, the upload is gone from our server.
What we don't do
To be specific about what's NOT happening:
- We do not retain copies of your files for any duration. There's no "we'll keep it for 24 hours just in case." Files are deleted on response.
- We do not OCR your files for our own data set. Some "free" PDF services use uploaded documents to train their AI models. We don't.
- We do not log file contents. Server logs include request size, processing time, and outcome — not the content of the file.
- We do not require an account. No email, no signup, no verified phone number. Use the tool, get the result, leave.
- We do not add watermarks. The output PDF you download is identical to what you'd get from a paid PDF tool — minus the cost.
- We do not embed tracking or analytics inside the output PDF. The PDF you download is just a PDF.
What we do do
What runs on our server when you use a server-based tool:
- Standard web server logging — IP address, user agent, request timestamp. Used for diagnosing technical errors and detecting abuse (e.g., bot traffic). Logs are rotated and not connected to file content.
- Anonymous usage statistics — which tools are used, how often, success/failure rates, average processing times. Used to improve the service. Not connected to individuals.
- Error monitoring — if a conversion fails, we record what type of error occurred. We don't record the file contents that caused it.
These are the same baseline practices any professional web service uses. They don't extend to seeing your file's content.
How to verify our claims
Don't just trust this page. You can verify:
1. Check the network traffic for browser-based tools
Open DevTools → Network tab → run a browser-based operation (e.g., merge two small PDFs). You should see no POST request containing your file. The processing happens in JavaScript with no network call carrying your data.
2. Check the response time matches "no upload"
A truly browser-based operation completes in proportion to your CPU speed, not your network speed. If you're on a slow connection but the operation completes instantly, that confirms no upload.
3. Check our open-source approach
The processing logic for browser-based tools is JavaScript that runs in your browser — it's all visible in your browser's DevTools (Sources tab). You can read the actual code that handles your file.
4. Read our privacy policy
Our privacy policy is direct and short — no paragraph-long boilerplate trying to obscure what we do. Read it once and you'll know.
What about HTTPS and encryption?
The connection between your browser and our server uses TLS 1.3 (the current standard for HTTPS). This means:
- Your file (when uploaded) is encrypted in transit between your browser and our server. Network observers, your ISP, your office firewall — none can see the file content.
- Our SSL certificate is from a recognised certificate authority. The padlock icon in your browser's address bar confirms the connection is secure.
- We don't support old TLS versions (TLS 1.0, 1.1) that have known vulnerabilities.
For browser-based tools, the file never even leaves your device — TLS doesn't enter the picture because there's no upload to encrypt.
What about ads?
PDFGrover doesn't show display ads at the moment. The site is currently unmonetized.
We do plan to introduce modest display advertising (Google AdSense or similar) once approved, to cover hosting costs. When that happens:
- Ads will run in their own iframe; the PDF you're processing is in a different part of the page, and ad scripts have no access to it.
- They will not affect processing. Ad networks load independently and don't slow down or interfere with the PDF tool.
- Standard ad blockers (uBlock Origin, AdGuard) will work as expected. Tools work fine with ads blocked.
If ad-tracking ever becomes a concern: use the tool, then close the tab. The ad's session ends with the tab.
What if we're acquired or shut down?
Reasonable concern. Our commitment:
- If acquired, the new owners would inherit the same privacy commitments, OR users would be notified of changes 30+ days in advance with an option to leave before changes take effect.
- If shut down, there's nothing to leak. We don't retain user files, so there's no archive to be lost.
- No customer data to sell. With no signup and no file retention, there's no user database to monetise even if we wanted to.
When NOT to use PDFGrover (or any online tool)
Some documents are too sensitive for any online tool, ours or anyone else's:
- Classified or compartmented government documents. Use government-approved tools on government-issued hardware.
- Healthcare records under strict HIPAA / GDPR processing rules. Use HIPAA-compliant tools with signed Business Associate Agreements.
- Legal documents under attorney-client privilege. Discuss with your firm's IT — many require offline or vetted tools only.
- Documents subject to NDAs that explicitly prohibit cloud processing. Read the NDA before uploading anywhere.
For these, desktop software (Adobe Acrobat Pro, Foxit PhantomPDF) running entirely offline is the appropriate choice.
For everyday personal use — bank statements, tax forms, contracts, signed documents — PDFGrover's combination of browser-based processing for most tools and immediate-deletion server processing for the rest is genuinely safe.
Quick reference
| Question | Answer |
|---|---|
| Can you see my file? | No, for browser-based tools. For server-based tools, only briefly during processing. |
| How long do you keep my file? | Browser-based: never. Server-based: deleted on response. |
| Do you require an account? | No. |
| Do you add watermarks? | No. |
| Is there a daily limit? | No, beyond the per-tool file size limits. |
| Do ads see my file? | No. They run in a separate iframe. |
| Is the connection encrypted? | Yes, HTTPS / TLS 1.3 for any upload. |
| Do you sell my data? | No. We have no user data to sell — no signup, no file retention. |
| Are tools open-source? | Browser-based tool code is visible in your browser DevTools. |
Summary
For most PDF operations, your file never leaves your device when you use PDFGrover. For operations that require a server (compression, OCR, Office conversions), files are uploaded over HTTPS, processed, and deleted immediately.
There's no signup, no account, no email required, no watermarks, no file retention, no resale of data, and no tracking inside the output PDFs.
If you're worried about a specific document type, consider:
- Using browser-based tools where possible (most operations)
- Running on a private network (not public WiFi)
- For high-sensitivity documents, using offline desktop software
For everyday use, PDFGrover is built to be a tool you can trust without having to verify it yourself every time.