Your network tab is our proof

Every PDF site on the internet says some version of “your files are safe with us.” The claim is unfalsifiable, unless you check. Fortunately your browser ships with the only audit tool you need: the network inspector.

Open devtools (F12 or Cmd-Opt-I), switch to the Network tab, and use any FernPDF tool with a real file. Filter by Fetch/XHR. What you should see is: nothing. No POST with a multipart body, no PUT to a storage bucket, no websocket streaming chunks. The page assets load once, and after that your document is processed in silence, on your machine.

Compare that with a typical converter. Drop a file and you’ll see an upload request roughly the size of your document, often to a cloud storage domain you’ve never heard of, followed by polling requests while a server you can’t inspect does the work. The privacy policy may be sincere, but you’re trusting a policy, not a property of the system.

That’s the distinction we care about: policy privacy versus structural privacy. Policy privacy says “we promise not to look.” Structural privacy says “there is nothing to look at.” Only one of these survives a breach, an acquisition, or a subpoena.

This test works on any tool that claims local processing, not just ours. Make it a habit: before you feed a contract, a medical record, or a passport scan into a web app, watch what it sends. Thirty seconds of skepticism is cheaper than a leaked document.