Last updated July 10, 2026
Security at PDFKitly
Local by design
Merge, split, rotate, extract, and basic optimization execute in your browser. Passwords and document contents are not sent to analytics or application logs.
Temporary processing
No current core tool needs server storage. A future server provider may use authenticated, non-public R2 objects with random keys and a maximum one-hour retention.
Accounts and billing
Sessions use secure cookies. D1 stores minimal account and entitlement records. Stripe handles payments and signed webhooks synchronize access.
Report a concern
Use the contact page and avoid attaching sensitive documents.