Skip to content
PDFlys

Security & Trust at PDFlys

How PDFlys Processes Your Files

All file processing on PDFlys is performed locally in your web browser.

Your files are never uploaded to our servers, never stored, and never transmitted over the network. PDFlys does not have access to your documents at any time.

Files never leave your browser, which significantly reduces the risk of server-side data breaches. Since your documents are not transmitted over the network or stored on our servers, they are not exposed to the types of server-side breaches that affect traditional cloud-based PDF tools.

Whether you are using our merge PDF, split PDF, compress PDF, PDF editor, or any other tool — all processing happens entirely within your browser. No file data ever leaves your device.

File Uploads and Downloads

When you select a file, it remains on your device. Processing starts only after you choose an action, such as merge or compress.

Processed files are generated locally and downloaded only when you click the download button. PDFlys does not initiate automatic or background downloads.

Malware and Virus Safety

PDFlys does not inject scripts, malware, or executable code into your files.

All file modifications are limited strictly to the operation you select. PDFlys does not execute files, install software, or alter system behavior.

Server and Infrastructure Access

Our servers are used only to deliver the website interface and static resources.

They do not receive, store, or process user files. No document data is logged or retained on our infrastructure.

Third-Party Services

PDFlys uses limited third-party services for website performance and reliability:

  • Analytics — to understand how visitors use the site
  • Error monitoring — to detect and fix technical issues
  • Content delivery — to serve the website reliably worldwide

These services do not receive or process your files and have no access to document content. For full details, see our Privacy Policy.

Data Retention

PDFlys does not retain copies of user files.

We may collect minimal, non-identifying technical logs to maintain service reliability, but these logs do not contain document data.

Data Protection Compliance

PDFlys complies with the Saudi Personal Data Protection Law (PDPL) and applicable international data protection regulations including the EU General Data Protection Regulation (GDPR). Our privacy-first architecture — where files never leave your browser — provides a strong foundation for data protection compliance.

For full details on how we protect your personal data, your rights, and how to exercise them, please see our Privacy Policy.

Responsible Disclosure

We take security seriously and welcome responsible reports of vulnerabilities.

Scope: The pdflys.com domain and all its subdomains.

How to report: Send details of the vulnerability to security@pdflys.com. Please include steps to reproduce, the potential impact, and any suggestions for remediation.

Response time: We will acknowledge your report within 48 hours and aim to provide an initial assessment within 5 business days.

Safe harbor: We will not pursue legal action against security researchers who report vulnerabilities responsibly and in good faith, provided they do not access or modify other users' data, disrupt our services, or disclose the vulnerability publicly before we have had a reasonable opportunity to address it.

Contact and Security Reporting