Home / Security
WHITEPAPER Last updated: February 2026

Security & Privacy Architecture

Technical documentation of ModernPDF's zero-knowledge document processing system

1. Executive Summary

Key Security Claims

  • Zero-knowledge for local tools: PDFs processed by merge, split, compress, rotate, edit, sign, convert, watermark, and redact tools never leave your browser.
  • Minimal data transmission for AI tools: OCR and Translate extract text client-side; only extracted text (not the PDF) is sent for AI processing.
  • No persistent storage: We operate no servers that store user documents. There is no document database to breach.
  • Verifiable architecture: All client-side code is inspectable in your browser's developer tools.

ModernPDF is designed with a privacy-first architecture that processes documents locally in the user's browser whenever possible. This document provides technical details about our security model, data handling practices, and the technology that enables zero-knowledge document processing.

2. System Architecture

ModernPDF tools fall into two categories based on their data handling requirements:

2.1 Local Processing Tools (Zero Network Traffic)

The following tools process documents entirely within your browser using JavaScript and WebAssembly:

Merge PDF
Split PDF
Compress PDF
Rotate PDF
Edit PDF
Fill & Sign
PDF to JPG
JPG to PDF
Watermark
Redact PDF

Technical implementation: When you select a file, the browser's File API reads it into memory. Processing occurs via JavaScript libraries (PDF.js, PDF-Lib) running in the main thread or Web Workers. The resulting file is generated as a Blob and downloaded via a dynamically created anchor element. At no point does the file or its contents leave the browser context.

// Simplified data flow for local tools

User selects file
    → File API reads into ArrayBuffer (local memory)
    → JavaScript/WASM processes data (local CPU)
    → Result generated as Blob (local memory)
    → Browser downloads file (local disk)
    
Network requests: 0
Data transmitted: 0 bytes

2.2 AI-Powered Tools (Minimal Data Transmission)

The following tools require AI processing and transmit extracted text only (never the original PDF):

Translate

Text → Claude API → Translated text

OCR

Uses Tesseract.js (local) by default

For Translate: The PDF is rendered client-side, text is extracted using PDF.js, and only the plain text is sent to Anthropic's Claude API for translation. The original PDF file, images, formatting, and metadata never leave your browser. The translated text is then reassembled into a new PDF locally.

For OCR: Text recognition is performed entirely in-browser using Tesseract.js (WebAssembly). No data is transmitted. The recognized text is embedded as a searchable layer in the PDF.

3. Data Flow Analysis

3.1 What We Collect

  • Analytics: Anonymous usage statistics (tool used, not content)
  • Pro accounts: Email address and payment info (via Stripe)
  • Support: Information you voluntarily provide

3.2 What We Never Collect

  • Your PDF files or their contents
  • Document metadata (titles, authors, etc.)
  • Images or embedded content from PDFs
  • Signatures or form field data

Transparency Note: Translate Tool

When using Translate, extracted text is sent to Anthropic's Claude API. This text is processed according to Anthropic's privacy policy, which states that API inputs are not used for model training and are deleted after 30 days.

4. Technology Stack

Library Version Purpose License
PDF.js 3.11.174 PDF rendering and text extraction Apache 2.0
PDF-Lib 1.17.1 PDF creation and modification MIT
Tesseract.js 5.0.4 OCR (optical character recognition) Apache 2.0
JSZip 3.10.1 ZIP file handling for batch operations MIT

All libraries are loaded from CDN (Cloudflare) over HTTPS with subresource integrity (SRI) hashes where available. You can verify the exact code running in your browser using Developer Tools (F12).

5. Threat Model

5.1 Threats We Mitigate

Server-side data breach

No document data is stored on our servers, eliminating this attack vector entirely.

Man-in-the-middle interception

No document transmission for local tools. For AI tools, all API calls use TLS 1.3 encryption.

Insider threat

Our employees cannot access your documents because they never reach our infrastructure.

5.2 Threats Outside Our Scope

Compromised client device

If malware exists on your computer, it could potentially access files in your browser. Use antivirus software and keep your system updated.

Malicious browser extension

Browser extensions with broad permissions could potentially read page content. Review your installed extensions.

6. Regulatory Compliance

Our zero-knowledge architecture simplifies compliance because we don't process or store personal data from documents:

GDPR (EU)

For local tools, no personal data is processed by ModernPDF. For AI tools, see our Privacy Policy for data processing details.

CCPA (California)

We do not sell personal information. Document contents are not collected or shared.

HIPAA (Healthcare)

Local tools can be used with PHI as data never leaves your device. AI tools should not be used with PHI without a BAA.

SOC 2

Our architecture inherently satisfies many SOC 2 requirements by eliminating data storage risks.

For organizations that need to actively identify and remove PII from documents before distribution, SafeRedact provides AI-powered redaction with the same zero-upload architecture — purpose-built for HIPAA, GDPR, and FOIA compliance workflows.

7. Competitor Comparison

Feature ModernPDF iLovePDF Smallpdf Adobe
Files stay on device Yes* No No No
Free to start Yes Limited Limited No
Works offline Yes* No No Desktop
Open source libraries Yes No No No
Server storage None 2 hours 1 hour Cloud

* For local processing tools. AI-powered tools require network connectivity.

8. Frequently Asked Questions

Can you see my documents?

No. For local processing tools, your files never leave your browser. We have no technical ability to access them. For AI tools (Translate), only extracted text is transmitted, and we do not log or store this content.

How can I verify your claims?

Open your browser's Developer Tools (F12), go to the Network tab, and process a document. You'll see zero network requests to our servers for local tools. All code is visible in the Sources tab.

What happens if I close my browser mid-process?

Since processing happens locally, closing your browser immediately terminates the operation. No partial data is transmitted or stored anywhere.

Is it safe to use with sensitive documents?

For local processing tools, yes. Your sensitive documents never leave your device. For AI tools, consider whether the extracted text contains sensitive information before proceeding.

Do you have a bug bounty program?

We welcome responsible security disclosures. Please email security@modernpdf.app with any findings.

Questions?

Have questions about our architecture or privacy practices? We're happy to help.

Get in Touch