pdf.sh

Privacy Policy

Last updated: December 2025

At pdf.sh, privacy is our core principle. We built our PDF tools with a privacy-first approach, processing most files entirely in your browser. This policy explains how we handle your data.

How We Process Your Files

Client-Side Processing (7 Tools)

The following tools process files entirely in your browser. Your files never leave your device and we never have access to them:

  • Merge PDF
  • Split PDF
  • Rotate PDF
  • PDF to Image
  • Images to PDF
  • Watermark PDF
  • Sign PDF

Client-Side with Server Fallback (1 Tool)

Compress PDF uses WebAssembly to process files in your browser by default. Server processing is only used when:

  • Your browser doesn't support WebAssembly
  • Your browser doesn't support Web Workers
  • Your device runs out of memory (for large files)

Server-Side Processing (2 Tools)

The following tools require server processing due to technical requirements:

  • Office to PDF — Requires LibreOffice for conversion
  • Password Protect — Requires server-side encryption

For these tools: files are transmitted over encrypted HTTPS connections, processed on secure AWS infrastructure, and automatically deleted within 1 hour. We never access, read, or store the contents of your files beyond what's necessary for processing.

Data We Collect

Account Information

If you create an account (optional), we collect your email address through our authentication provider (Clerk). This is used solely for account management and to provide unlimited access to compression features.

Usage Analytics

We use privacy-respecting analytics to understand how our tools are used. We collect:

  • Page views and tool usage (anonymized)
  • Browser type and device category
  • Error reports for debugging (via Sentry)

We do not collect or store the contents of your PDF files, file names, or any personal data contained within documents.

Cookies

We use essential cookies for:

  • Authentication (if signed in)
  • Guest quota tracking (anonymous, HMAC-signed)
  • Theme preference (dark/light mode)

Third-Party Services (Subprocessors)

We use the following third-party services to operate pdf.sh:

  • Clerk — Authentication provider (US)
  • AWS Lambda — Server-side PDF processing (US East)
  • AWS S3 — Temporary file storage, auto-deleted within 1 hour (US East)
  • AWS DynamoDB — Guest quota tracking, anonymous usage counts (US East)
  • Vercel — Website hosting (Global CDN)
  • Sentry — Error monitoring and performance (EU - Frankfurt)

These services have their own privacy policies. We select providers that meet high security and privacy standards.

Your Rights

You have the right to:

  • Use most tools without creating an account
  • Request deletion of your account and associated data
  • Access information about what data we hold about you
  • Opt out of non-essential cookies

For GDPR/CCPA requests or any privacy concerns, please contact us.

Data Retention

  • Client-side processed files: Never stored. Exist only in your browser memory.
  • Server-processed files: Automatically deleted within 1 hour of processing.
  • Account data: Retained until you request deletion.
  • Analytics data: Aggregated and anonymized, retained for up to 2 years.

Security

We protect your data through:

  • HTTPS encryption for all data in transit
  • Secure, isolated processing environments
  • Automatic file deletion after processing
  • No persistent storage of processed files
  • Regular security reviews

Changes to This Policy

We may update this privacy policy from time to time. We will notify users of significant changes by updating the "Last updated" date at the top of this page.

Contact

For privacy-related questions or concerns, please visit our About page or Help Center.