The State of PDF Privacy 2026
What four widely used online PDF tools actually do with your files — based on their own published policies, with sources.
tools in this report upload your files to remote servers. Only browser-based processing keeps a file on your device.
typical retention window for standard operations — but e-signature files are kept 14 days to 5 years.
of consumers won't buy from a company they don't trust with their data (Cisco, 2024).
uploaded by a browser-based tool — verifiable in your browser's Network tab, not a marketing claim.
Most people assume a PDF tool that says "secure" keeps their file private. The reality is more nuanced. The majority of popular online PDF tools work by uploading your document to a remote server, processing it there, and deleting it after a short window. They are not necessarily unsafe — the leading tools use encryption, delete files quickly, and operate under EU data-protection law — but there is a meaningful architectural difference between "deleted in an hour" and "never uploaded at all."
This report compiles the published file-handling policies of four widely used PDF tools so you can compare them in one place. Every figure below is the provider's own stated policy as of May 2026, linked in the Sources section.
How four PDF tools handle your files
| Tool | Processing | Standard retention | Servers | Encryption |
|---|---|---|---|---|
| JustPDF1 | In your browser (local) | None — files are never uploaded | No server processing | N/A — no file is transmitted |
| Smallpdf2,3 | Uploaded to servers | Deleted ~1 hour after processing (free use) | Ireland (EU) | 256-bit TLS in transit |
| iLovePDF4,5 | Uploaded to servers | Deleted within 2 hours of processing | Cloud provider (region not published) | HTTPS in transit + at rest |
| PDF24 (online tools)6,7 | Uploaded to servers | Deleted within 1 hour after processing | EU data centres | Encrypted transfer |
E-signature retention differs from standard processing: Smallpdf keeps signed PDFs 14 days; iLovePDF retains signed documents up to 5 years for legal compliance. Figures are each provider's published policy as of May 2026 and may change — see Sources.
Why the difference matters
A short retention window is a real safeguard, and the tools above implement it responsibly. But "deleted within an hour" still means your file existed on third-party infrastructure during that hour, traveled across the network to get there, and depended on that company's security to stay private. For most documents that is an acceptable trade-off. For sensitive ones — contracts, medical records, tax forms, identity documents — the safest position is for the file to never leave your device in the first place.
This is not a hypothetical preference. In Cisco's 2024 Consumer Privacy Survey, more than 75% of consumers said they won't buy from a company they don't trust with their data, and 49% of 25–34-year-olds had already switched providers over data practices. Privacy has become a purchasing decision.
How we verified this
We reviewed the public privacy, security, and help documentation of each tool in May 2026. Retention figures are the companies' own stated policies. "Processing" reflects each tool's own description of its architecture — Smallpdf, iLovePDF, and PDF24 all describe uploading files to servers for processing, while JustPDF processes files locally in the browser. You can confirm the upload-versus-local distinction yourself: open your browser's developer tools, switch to the Network tab, and run a file through any tool. A server-based tool produces an upload request roughly the size of your file; a browser-based tool produces none.
Sources
- JustPDF — browser-based architecture (verifiable via your browser's Network tab; no upload request is made)
- Smallpdf — “Is Smallpdf Safe?” (file retention, servers, certifications)
- Smallpdf — Trust Center
- iLovePDF — Security & Data Protection
- iLovePDF — Privacy Policy
- PDF24 — Tools FAQ (file deletion, server processing)
- PDF24 — Privacy Policy
- Cisco 2024 Consumer Privacy Survey (published Oct 30, 2024; 2,600+ respondents across 12 countries)
Published May 29, 2026. This report compiles publicly available policies and is provided for general information; verify current policies with each provider before relying on them. JustPDF publishes this analysis as the maker of a browser-based PDF toolkit and has aimed to represent each tool's stated practices accurately and fairly.
Frequently asked questions
Are online PDF tools like Smallpdf and iLovePDF unsafe?
Not necessarily. Smallpdf, iLovePDF, and PDF24 all use encryption, delete files within 1–2 hours, and operate under EU data-protection law. The distinction this report draws is architectural, not a safety judgment: server-based tools upload your file to third-party infrastructure for a window of time, while browser-based tools never transmit it at all.
How long do PDF tools keep my files?
Per their own published policies as of May 2026: PDF24 deletes within 1 hour of processing, Smallpdf within ~1 hour for free use, and iLovePDF within 2 hours. E-signature files are kept far longer — 14 days for Smallpdf and up to 5 years for iLovePDF, for legal-compliance reasons.
How can I verify whether a tool uploads my file?
Open your browser's developer tools (F12), go to the Network tab, then use the tool. If you see an upload request roughly the size of your file, it was sent to a server. Browser-based tools show no such request.
What is the most private way to edit a PDF?
Use a tool that processes files locally in your browser so the document never leaves your device. This removes the third-party server from the equation entirely — there is no upload, no retention window, and nothing for a breach to expose.