Privacy
Privacy Policy
Last updated: 2026-04-26
Summary
OpenPDF is a PDF reader and editor that runs entirely in your browser. Your PDF files never leave your device. The merge, split, organize, annotate, sign, compress, watermark, page-numbers, and add-image tools all execute as WebAssembly and JavaScript inside the page you are looking at — there is no upload step, no temporary server-side processing, and no copy of your file kept anywhere outside of your browser session. Annotations you create (highlights, notes, signatures) are stored locally in your browser's IndexedDB so they persist across sessions on the same device.
What we do NOT do
- We do not upload your PDFs to any server, ever — not for processing, not for caching, not for “improving the service”.
- We do not log, store, or analyze the content, file names, or metadata of your files.
- We do not require an account, email address, name, or any personal identifier to use any feature of the site.
- We do not sell, rent, or share user data with any party. There is no user data on our servers to share.
- We do not run fingerprinting, session-replay, or behavioral analytics.
Local storage (important)
OpenPDF uses your browser's IndexedDB to save annotations (highlights, notes, electronic signatures). This storage is:
- Per-origin and per-browser: accessible only from openpdf.app in your current browser profile. A different browser, a private window, or a different device starts with an empty store.
- Not encrypted at rest. On a shared device, other users of the same browser profile — or browser extensions with broad permissions — may be able to read your annotations. Treat IndexedDB the way you would treat your downloads folder.
- Persistent: annotations remain until you explicitly clear them or clear browser data for this site.
We also store two small values in localStorage: your theme preference (openpdf-theme) and your cookie-consent choice (cookie-consent). These are read on page load to render the UI in your preferred mode without flashing.
You can clear all annotations at any time from the annotations sidebar inside the app. To remove every locally-stored value, clear browser data for openpdf.app in your browser settings.
Third-party services
- Google AdSense (Google LLC, United States) — displays advertisements. AdSense scripts are loaded with deferred timing only after the page is otherwise interactive, and personalized advertising cookies are only set after you explicitly grant consent through the banner. If you decline or ignore the banner, ads remain in non-personalized mode.
- Google Funding Choices (Google LLC, United States) — the consent management platform that displays the cookie banner in regulated regions (EU/UK/CH and similar). It is required by Google to comply with the EU Digital Markets Act and UK PECR rules for AdSense publishers.
- Google Analytics 4 (Google LLC, United States) — aggregate, IP-anonymized usage statistics (page views, country at country-level granularity, device class). Configured under Consent Mode v2: advertising signals stay denied until you accept the banner; only basic analytics pings are sent in the meantime, with no user-level identifiers.
- Cloudflare (Cloudflare Inc., with EU points-of-presence) — hosting, CDN, and DDoS protection. Standard web server logs (IP, path, user-agent, response code) are retained by Cloudflare for a short window per their published policy. We do not enrich those logs and do not share them.
Third-party vendors, including Google, use cookies to serve ads based on a user's prior visits to this website or other websites. Google's use of advertising cookies enables it and its partners to serve ads to users based on their visit to this site and/or other sites on the Internet. Users may opt out of personalized advertising by visiting Google Ads Settings. Alternatively, users can opt out of a third-party vendor's use of cookies for personalized advertising by visiting www.aboutads.info.
Named processors and international transfers
The third parties listed below process limited data on our behalf. All US-based processors are certified under the EU-US Data Privacy Framework (DPF), the lawful transfer mechanism since July 2023.
| Processor | Purpose | Legal basis | Retention | Transfer |
|---|---|---|---|---|
| Google LLC (Google AdSense, USA) | Display advertising | Consent (GDPR Art. 6(1)(a)) | Up to 13 months (Google default) | DPF |
| Google LLC (Funding Choices CMP, USA) | Cookie consent management (TCF v2.2) | Legal obligation (ePrivacy) | Session | DPF |
| Google LLC (Google Analytics 4, USA) | Aggregate audience measurement (IP-anonymised) | Consent in EU/EEA/UK; legitimate interest elsewhere | 14 months | DPF |
| Cloudflare, Inc. (USA, EU edge) | Hosting, CDN, security, anonymous request metrics | Legitimate interest (GDPR Art. 6(1)(f)) | Aggregate logs, ≤30 days | DPF + EU DPA |
| Formspree.io (USA) | Footer feedback form submissions (only when you submit) | Consent (GDPR Art. 6(1)(a)) | Per Formspree policy | DPF |
Right to object (GDPR Art. 21): you may object to any processing based on legitimate interest at any time by contacting us via the footer form. Right to withdraw consent (GDPR Art. 7(3)): you may withdraw consent at any time via the cookie banner (it reappears when you clear localStorage for this site). Withdrawal does not affect lawfulness of processing prior to withdrawal.
Advertising (Google AdSense)
When AdSense is enabled, Google may set cookies, read their values on subsequent visits, and use your IP address and ad-ID (where available) to serve relevant advertisements. None of this happens before you grant consent through the banner. More information: Google Ads privacy policy. To opt out of personalized ads across Google services, visit myadcenter.google.com.
OCR and digital signatures (optional)
When you run OCR on a scanned PDF, the OCR engine (Tesseract.js) executes entirely in your browser. Page images are never sent to a server. Language models are downloaded once from a CDN and cached locally for offline reuse. Digital signatures created with the Sign PDF tool are computed in-browser using the WebCrypto API; private keys you import remain in browser memory only and are not transmitted.
Children
OpenPDF is not directed to children under 13 (under 16 in the EEA). We do not knowingly collect data about children. If you believe a child has used the service in a way that conflicts with this policy, contact us and we will assist with the (very limited) cleanup possible — typically clearing local IndexedDB on the device.
Your rights (GDPR / CCPA / equivalents)
Because we hold no personal data on our servers, there is nothing for us to access, export, rectify, or delete on your behalf. The locally-stored annotations on your device are under your sole control: you can view them in the annotations sidebar, export them with the built-in tools, and delete them at any time. If you would like a written confirmation of “no personal data on file”, contact us and we will provide it.
Changes to this policy
If we add a new third-party script, change a data-handling practice, or change retention, we will update the “Last updated” date at the top of this page and — when the change is material — add a short note in the app's release log. We do not send unsolicited email about policy updates because we do not have your email.
Contact
Questions? Open an issue on the project page or use the feedback channel inside the app. We respond to good-faith privacy questions within a few business days.