How ShellPDFs Keeps Your Documents Private and Secure

One of the most common concerns with online PDF tools is privacy. When you upload a document to a website, you are trusting that site with your file's contents. For many people — especially those handling contracts, medical records, financial reports, or personal documents — that trust is not something to give away casually.

ShellPDFs was designed with this concern at the center. This article explains how each type of tool handles your files, what happens on our servers when you use server-based tools, and how you can add your own password protection to sensitive documents.

Browser-Based Tools: Your Files Never Leave Your Device

Six of ShellPDFs' tools run entirely in your web browser: Merge PDF, Split PDF, Organize PDF, Remove PDF Pages, Rotate PDF, and Password Protect PDF.

When you use any of these tools, your PDF is processed locally using WebAssembly running inside your browser tab. The file is loaded into your browser's memory, processed there, and the result is offered as a download — all without any network request to our servers. If you close the tab, everything is gone.

This is not a marketing claim — it is a technical constraint of how these tools are built. There is no server endpoint for these tools to upload to. Your file physically cannot leave your device.

This makes browser-based tools the best choice for sensitive documents. Legal teams working with privileged communications, healthcare professionals handling patient data, and financial advisors processing client records can use these tools without any privacy concerns.

Server-Based Tools: Temporary Processing with Strict Deletion

Three tools require server-side processing: Compress PDF (Stronger mode), Webpage to PDF, and PDF to Word. These tasks need more compute power than a browser can provide — Ghostscript for compression, headless Chromium for webpage rendering, and document parsing libraries for Word conversion.

When you use a server-based tool, here is exactly what happens:

Your file is uploaded over TLS 1.3 (the current highest standard for encrypted connections). The upload is validated — ShellPDFs checks the file type using MIME inspection and magic byte analysis, and runs basic security checks before accepting it.

The file is processed by an isolated worker. Each job runs independently with no shared filesystem between jobs. The worker produces the output file and makes it available for download.

Both the original upload and the processed output are automatically deleted within one hour. A cleanup process sweeps the storage directory regularly to enforce this. Deletion events are logged, but document contents are never recorded in any log.

This one-hour retention window exists to give you time to download your result. After that, the files are gone. There is no archive, no backup, and no way for us to retrieve them.

Password Protecting Your PDFs

For documents that need an extra layer of security, ShellPDFs offers a dedicated Password Protect PDF tool. This tool encrypts your file using AES-256 — the same encryption standard used by governments and financial institutions.

The tool runs entirely in your browser. Your password is never transmitted to any server. The encrypted file can only be opened by someone who knows the password.

A few things to keep in mind when using password protection:

Choose a strong password. AES-256 encryption is essentially unbreakable, but a weak password (like "1234" or "password") defeats the purpose. Use a password that is at least 8 characters long and combines letters, numbers, and symbols.

Share the password separately from the file. If you email a protected PDF, send the password through a different channel — a text message, a phone call, or a separate email. This way, someone intercepting the email cannot access the document.

Keep a record of your password. ShellPDFs cannot recover or reset passwords. If you lose the password, the file cannot be opened.

What ShellPDFs Does Not Do

Understanding what a service does not do is just as important as understanding what it does.

ShellPDFs does not create accounts for browser-based tools. There is nothing to sign up for, no profile to manage, and no usage data tied to an identity.

ShellPDFs does not use your documents for AI training, analytics, or marketing. Server-side jobs are processed and deleted. There is no secondary use of your files.

ShellPDFs does not retain files beyond the one-hour window for server tools, and retains nothing at all for browser tools.

ShellPDFs does not sell or share data with third parties. Logs capture only operational metadata — job IDs, timestamps, file sizes, and status codes.

Choosing the Right Approach for Your Situation

For maximum privacy, use browser-based tools whenever possible. Merge, Split, Organize, Remove, Rotate, and Password Protect all run locally.

When you need server-side processing (compression, conversion), you can reduce exposure by removing sensitive pages first using the browser-based tools, then sending only the non-sensitive portion to the server.

For documents that will be shared with others, add password protection before distributing. This ensures the file is encrypted at rest, regardless of how it is transmitted or stored.

FAQ

Does ShellPDFs store my files? Browser tools: no, files never leave your device. Server tools: files are deleted within one hour of processing.

Does ShellPDFs use my documents to train AI? No. Documents are processed and deleted. There is no secondary use.

How does password protection work? AES-256 encryption, processed entirely in your browser. Your password never touches our servers.

Can someone remove the password from a protected PDF? Without the password, AES-256 encrypted files cannot be opened. Use a strong password to prevent brute-force guessing.

Try It Now

Use the Password Protect PDF tool to encrypt sensitive documents, or explore all ShellPDFs tools — most run entirely in your browser.