Security & Privacy

How we protect your files, your data, and your privacy.

HTTPS / TLSEncrypted in transit

AES-256Encrypted at rest

Auto-DeleteTemp files removed after session

No AI TrainingFiles never used for training

Encryption in Transit

All connections to PDFRealm are encrypted using HTTPS/TLS. Your files are never transmitted over unencrypted connections. We enforce HTTPS site-wide with HSTS headers.

Processing: Browser vs. Server

Some PDF operations run entirely in your browser (client-side), meaning your file never leaves your device. Others require server-side processing for higher fidelity or format conversion.

Browser-side: Basic PDF viewing, annotation previews, page reordering
Server-side: Compression, OCR, format conversion (PDF to Word, etc.), merge, split, redaction, password protection

For server-side tools, files are uploaded over HTTPS, processed on our servers, and deleted automatically after your session (or within 24 hours of processing).

Vault: Encryption at Rest

Files saved to your PDFRealm Vault are stored encrypted using AES-256 encryption. Vault storage is hosted on Backblaze B2, a SOC 2-compliant cloud storage provider. Encryption keys are managed server-side and never exposed to third parties.

File Retention

Temporary processing files: Deleted automatically after your session ends, or within 24 hours of processing — whichever comes first.
Vault files: Retained until you delete them or close your account.
Secure Send files: Deleted when the link expires (expiration set by the sender; default is 7 days).
After account deletion: All vault files are permanently deleted within 30 days.

Secure Send

Files shared via Secure Send are stored temporarily with an expiration timer. When the link expires, the file is permanently deleted from our servers. Recipients cannot access files after expiration. Senders can set custom expiration times.

No AI Training

Your files are never used to train AI models or any machine learning systems. When you use AI-powered features, your file is sent to OpenAI's API solely to fulfill your request and is not retained or used for training by OpenAI under their current data processing policies.

Subprocessors

Stripe — Payment processing. PDFRealm never stores your credit card details. All payment data is handled by Stripe's PCI-compliant infrastructure.
Backblaze B2 — Vault file storage. Files are encrypted before upload.
OpenAI — AI features only, and only when you explicitly initiate an AI action. Your files are not shared with OpenAI for any other purpose.

Analytics & Logging

PDFRealm does not log personally identifiable information (PII) in analytics. Usage analytics track aggregate events (tool usage counts, page views) without linking them to individual users or files.

Vulnerability Disclosure

Found a security issue? Please report it responsibly to [email protected]. We aim to acknowledge reports within 48 hours and resolve confirmed vulnerabilities promptly.