You search 'edit PDF online' and pick the first result. Within ten seconds, your contract is on someone else's server, processed by software you can't see, with retention policies you didn't read. Browser-based PDF editing can be safe — and often isn't.
The two architectures
Online PDF tools fall into two camps:
Server-side: you upload, the server processes, the server returns a download link. Your file lives on the provider's infrastructure during processing, sometimes longer.
Client-side / browser-based: the tool runs JavaScript or WebAssembly in your browser. The file is processed locally; nothing leaves your machine. Flint is this kind.
How to tell which a tool is
Check the Network tab of your browser's developer tools while using the tool. If the file is uploaded, you'll see a big POST request with the file content. If processing is local, you'll see no significant uploads.
Also check the privacy policy and the marketing copy. Tools that emphasise 'files never leave your device' usually mean it. Tools that say 'we delete files after 1 hour' are server-side.
What server-side means for your privacy
Your PDF is on the provider's servers — accessible to their staff, vulnerable to their breaches, potentially trained on if they offer 'AI features', often retained for 'caching' or 'analytics'.
For public documents, this is fine. For confidential material — contracts, financial, medical, legal — it's a risk you may not have signed up for. Many corporate IT policies now forbid uploading confidential material to unvetted online tools.
What to use instead
Browser-based tools (like Flint) keep the file on your machine — same protection as a desktop application without installation overhead.
For team workflows, vetted tools with clear data-handling commitments (SOC 2, ISO 27001, signed DPAs) are appropriate. Don't trust uncertified free tools with anything sensitive.
FAQ
Are all browser-based tools safe?
Safer than server-side, but check the privacy policy — some browser tools still send telemetry, analytics or fingerprinting data. Read what's described.
Can a browser tool steal my file?
Theoretically possible (malicious JavaScript). For widely-used reputable tools, very unlikely. For obscure tools, treat with caution.
What about Adobe Acrobat online?
Server-side — files are uploaded for processing. Adobe has enterprise privacy commitments but the files do leave your device.
Does Flint upload my files?
No — Flint processes in your browser. Your file content doesn't leave your machine. Try it on a sensitive document with confidence.
Know whether a tool is local or remote before you upload. Flint stays in your browser — no server processing.