Three architectures, three risk levels
Browser-only tools (like most of PDFWix) never upload your file. The PDF is parsed and rewritten in JavaScript on your device. The server only sees that you visited a page, not what you did with the tool.
Server tools upload, process and ideally delete within minutes. Your file briefly lives on someone else's disk. The risk is bounded by their retention policy, their access controls, and the trust you place in their staff.
Hybrid tools blur the line — read their privacy policy. A common pattern is to upload for some operations (OCR, format conversion) and process locally for others (merge, split). The tool may not tell you which is which.
How to tell which architecture a tool uses
Open browser DevTools (F12), switch to the Network tab, run the tool with a test PDF, and watch what gets sent. If a request body contains your file's bytes, it's a server tool. If only small JSON pings appear, it's browser-side.
PDFWix encourages this — try it on Merge PDF and you'll see no upload of file content. We document which of our tools are server-based on the /security page.
Red flags to watch for
No published retention policy, no HTTPS, ads inside the result, requirement to install desktop software for an online job, or vague language about 'improving the service' using your file.
A particularly concerning pattern: 'free' tools that require you to sign up before downloading. Sign-up gates exist to harvest emails for re-marketing — and if they monetize your email, ask what else they monetize.
Watermarks on the output of a 'free' tool aren't a safety issue, but they're a tell that the company expects you to upgrade for the actual usable version.
What to do for sensitive documents
Tax returns, medical records, contracts with personally identifying information: prefer browser-only tools, or use offline software (Adobe Acrobat, Apple Preview, qpdf).
If you must use a server tool, redact identifiers with a permanent redaction tool first, then run the conversion on the sanitized version.
Always use a tool from a domain you've vetted. 'pdf-converter-online-free.com' style domains are red flags — they're often spun up cheaply to monetize SEO traffic with little operational maturity.
How PDFWix keeps your files private
Every core PDFWix tool — Merge, Split, Compress, Edit, Sign, Watermark, Protect, Unlock — runs entirely inside your browser using WebAssembly. Your file never leaves your device. You can verify this yourself: open DevTools, switch to the Network tab, drop a PDF into any tool and watch the requests. You'll see analytics pings, but no upload of your file bytes.
For the small number of tools that do require server processing (currently advanced OCR on very large scans and a handful of format conversions), the file is deleted within 60 seconds of the response being returned and we keep no copy in logs or backups. The /security page lists exactly which tools are browser-side and which are server-side so you can make an informed choice before uploading anything sensitive.
What we don't do with your files
PDFWix does not train AI models on your documents, does not sell or share file contents with advertisers, does not require an account to use any tool, and does not put watermarks on your output. The business model is the optional paid API and Pro tier for power users — not the free web tools, which exist to be useful without strings attached.