We Built a Privacy-First PDF Editor That Never Touches Your Files

Most PDF tools online have a dirty secret. When you click “upload,” your document travels to a server in another country, gets processed by software you cannot inspect, and sits on hardware you do not own. They promise to delete it. You just have to trust them.

We did not think that was good enough. So we built something different.

What is PDFEdit4U?

PDFEdit4U is a full-featured PDF editor that runs entirely inside your web browser. Merge documents, add signatures, convert pages to images, extract text, crop margins, add page numbers — all without your file ever leaving your computer.

It is not a stripped-down demo. It is a production application serving real users who need to handle sensitive contracts, tax forms, medical paperwork, and legal documents without handing them to a third party.

The Technical Challenge

Building a serious document editor that runs client-side is not straightforward. PDF is a complex format — 1,310 pages of specification covering fonts, encryption, color spaces, annotations, and interactive forms. Making all of that work inside a browser tab, with no server to fall back on, required careful engineering decisions.

We chose a stack that could handle it:

• React with TypeScript for the application layer
• pdf-lib for creating and modifying PDF documents programmatically
• PDF.js (Mozilla's renderer) for reading pages and extracting content
• Canvas API for image conversion at configurable DPI
• Service workers for offline capability and instant loading

The result is a Progressive Web App that installs on any device, works without internet after first load, and processes files using only the user's own CPU and memory.

What We Shipped

The editor handles the full range of common PDF operations: annotations, highlights, drawings, text boxes, signatures, stamps, merge, split, compress, and rotate. All in-browser.

Beyond the editor, we built seven standalone tool pages — focused single-purpose interfaces for quick tasks:

• PDF to JPG and PDF to PNG with quality and DPI controls
• JPG to PDF with drag-to-reorder image sequencing
• PDF to Text with a Markdown extraction mode that reduces AI token usage by 15-30%
• Add Page Numbers with configurable position, format, and font size
• Crop PDF with a visual overlay and draggable edge handles
• Flatten PDF that converts form fields to static content

Each tool loads on demand, processes instantly, and produces a downloadable result without any network activity.

The Privacy Architecture

We did not just add a privacy policy. We made data leakage architecturally impossible.

When a user selects a file, the browser's File API reads it into local memory. Our JavaScript processes that data using the libraries listed above. The result gets packaged as a Blob and offered for download via a temporary object URL. After download, the URL is revoked and memory is released when the tab closes.

There is no upload endpoint. No file storage. No processing queue. No database entry for user documents. The Network tab in developer tools shows zero requests related to file data during any operation.

Engineering Decisions Worth Noting

A few choices we made that shaped the final product:

Lazy loading everywhere. Each tool is a separate code-split chunk. Users only download the JavaScript for the specific tool they use. Initial page load stays fast.

Processing engines separated from UI. Every tool has a pure async function that takes an ArrayBuffer and returns a result. These are independently testable and have no dependency on React or the DOM.

Heuristic markdown extraction. Our PDF-to-Markdown engine analyses font size ratios to detect headings, parses font names for bold/italic indicators, uses Y-position gaps for paragraph detection, and matches text patterns for lists. It is not perfect for every document, but it handles typical business documents well enough to meaningfully reduce token consumption when feeding content to AI models.

Honest limitations on every page. Each tool clearly states what it can and cannot do. We would rather a user know upfront that we cannot handle OCR than discover it after uploading a scanned document.

What We Learned

Browser memory is the constraint. A 200-page PDF at 300 DPI pushes limits on lower-end devices. We handle this with clear warnings, graceful error recovery, and documentation that explains exactly what is happening and how to fix it.

Not everything can be done client-side today. Password-encrypted PDF decryption, for instance, is not reliably supported by current JavaScript libraries. We removed that feature rather than ship something that would fail silently. Honesty builds more trust than feature checkboxes.

Progressive Web Apps are production-ready. Service workers, install prompts, offline mode — the platform has matured. Users can install PDFEdit4U alongside native apps and it behaves like one.

The Result

A shipping product that processes sensitive documents with zero server involvement, installs as a PWA, works offline, and honestly communicates its capabilities and limitations. Built by a small team, deployed on Google Cloud Run, and available free at pdfedit4u.com.

If your organisation needs a privacy-first tool, a browser-based utility, or a client-side processing solution built to production standards — that is what we do.

Tech Stack