You uploaded a contract to a free PDF tool to add a signature. Twenty minutes later you wondered: where is that file now?
Server-side processing
Most online PDF tools work by uploading your file to their server, processing it there, and returning a download. During processing, the file is stored — sometimes briefly, sometimes longer.
Reputable tools state their retention: 'files deleted after 1 hour' is common. Less reputable tools say nothing or 'we may retain files for our purposes'. Read the privacy policy.
Where the servers actually are
US-based providers: typically AWS, Google Cloud or Azure regions in the US. Subject to US law, including subpoenas and CLOUD Act requests.
EU-based providers: usually AWS/GCP/Azure in EU regions. Subject to GDPR and EU law; may still be accessible to US providers under certain conditions.
Other: smaller providers may be on their own infrastructure or in specific data residency zones.
For regulated industries, data residency matters. Check before using.
Browser-side processing
The alternative is processing entirely in your browser — no file upload. Flint works this way. The PDF stays on your machine; the processing happens in the tab.
For confidential material, browser-side is the safer architecture. For convenience features that genuinely need server-side processing (heavy OCR, conversions to specific formats), accept the trade-off but choose providers carefully.
How to verify
Open browser developer tools, Network tab, while using the tool. If you see a large POST upload of your file, processing is server-side. If you don't, processing is local.
Reputable tools document this. Look for 'files never leave your device' or 'processed in browser' in marketing copy and privacy policy.
FAQ
Does 'we delete files after 1 hour' mean my data is safe?
Better than indefinite retention, but still means the file existed on someone else's servers for an hour. For sensitive material, prefer no-upload.
Are big-name tools more trustworthy?
Generally yes — Adobe, Smallpdf and other established names have published privacy commitments. Smaller tools require more research.
Does Flint store anything?
No file content. Flint processes in your browser; your PDF doesn't reach our servers. Anonymous analytics may be collected, documented in the privacy policy.
What about cached files in CDNs?
If processing is server-side, files may transit CDNs and edge caches. Each step is a potential exposure point — another reason to prefer browser-side.
Server-side tools are convenient but visible. Flint stays local — your files don't travel further than your tab.