ihatepdf.club
← Back to Blog
6 min read

Why Most PDF Tools Upload Your Files (And Why That's a Problem)

Most online PDF tools send your documents to remote servers. Here's why that happens, what risks it creates, and how browser-based alternatives keep your files private.

What Happens When You "Upload" a PDF

When you use most online PDF tools — iLovePDF, Smallpdf, Adobe's online tools, or dozens of smaller alternatives — your file gets uploaded to their server. A server you don't control, in a data center you can't verify, governed by a privacy policy you probably didn't read.

Here's the typical flow:

  1. You select a PDF from your computer
  2. The file gets uploaded to the tool's server (often via AWS, Google Cloud, or Azure)
  3. Server-side software processes your file (usually Ghostscript, LibreOffice, or similar)
  4. The processed file is stored temporarily on their server
  5. You download the result
  6. The tool promises to delete your file after some time (usually 1-24 hours)

Why This Matters

Think about the PDFs you work with. Contracts with signatures and addresses. Medical records. Tax documents. Resumes with your phone number and email. Legal filings. Student assignments with your student ID. These documents contain personally identifiable information (PII) that you probably don't want sitting on a random server.

The risks aren't theoretical:

  • Data breaches — If the PDF tool's servers get compromised, your documents could be exposed. Even major companies experience breaches.
  • Incomplete deletion — "We delete files after 2 hours" doesn't mean backups are deleted. Enterprise-grade cloud services often have backup systems that retain data longer.
  • Employee access — In most architectures, system administrators could potentially access uploaded files.
  • Compliance issues — If you're handling HIPAA-protected health data, GDPR-covered EU personal data, or FERPA-protected student records, uploading to a third-party server may violate compliance requirements.
  • Training data — Some free tools monetize by using uploaded documents to train AI models or for other analytics purposes.

The Alternative: Client-Side Processing

Client-side processing means your files never leave your computer. The PDF manipulation happens entirely in your web browser using JavaScript. No upload. No server. No middleman.

This is how ihatepdf.club works. When you merge, compress, split, or convert a PDF, the processing happens in your browser tab. You can verify this yourself: open your browser's Network tab (F12 > Network) and watch — no file uploads occur.

The technology that makes this possible:

  • pdf-lib — A JavaScript library for creating and modifying PDF documents in the browser
  • pdfjs-dist — Mozilla's PDF rendering engine (the same one used in Firefox)
  • Canvas API — Browser-native image processing for compression
  • Web Workers — Background processing so the browser stays responsive

"But Why Don't All PDF Tools Do This?"

Good question. There are two main reasons most PDF tools use server-side processing:

  1. Legacy architecture — Most PDF tools were built 5-10 years ago when browser JavaScript wasn't powerful enough for heavy file processing. They built server-based pipelines using tools like Ghostscript and LibreOffice, and changing architecture is expensive.
  2. Business model — Server-side processing creates a dependency. Users need the service to process files. This enables subscription models, usage limits, and account requirements. If processing happens in the browser, there's less reason for users to create accounts or pay.

How to Check If a PDF Tool Is Safe

Before using any online PDF tool, check these things:

  • Open the Network tab (F12 > Network) before processing a file. If you see your file being uploaded, the tool is server-based.
  • Read the privacy policy — specifically, look for how long they retain files and whether they use file data for any purpose.
  • Check for account requirements — if a tool requires login for basic operations, they're likely tracking usage and storing data.
  • Try it offline — after loading the page, disconnect from the internet and try processing a file. If it works, it's client-side. If it fails, it needs the server.

The Bottom Line

For most people, the risk of uploading PDFs to online tools is low. Most services are legitimate and do delete files as promised. But "low risk" and "no risk" are different things. If a tool exists that does the same job without any upload — why take the risk?

ihatepdf.club offers four core PDF tools — merge, compress, split, and PDF to Word — that process everything in your browser. No files uploaded. No accounts. No tracking. For these basic operations, there's simply no reason to send your documents to someone else's server.