Edit text in place, sign, redact, reorganize. True content-stream rewrite, not stamp-on-top.
LaunchEdit, sign, redact, and reorganize PDF files in your browser. The Adobe Acrobat alternative that runs on your device — no upload, no subscription.
Pixel-perfect PDF diff with word-level text view, metadata + form-field compare, ruler, and exclusion zones.
LaunchSide-by-side or overlay PDF diff with a document-type selector — Document (contracts, reports), AEC / Blueprint (drawings, schematics), or Image-Scan. Highlights pixel-level differences plus a word-level text diff in a modal.
Open any PCB Gerber bundle in your browser. Gerber X2, Excellon, layer compare, snap-to-pad measure, snapshot URLs.
LaunchOpen RS-274X / X2 Gerber and Excellon files. Inspect layers, measure traces, export to PNG / SVG / DXF.
Compress, merge, split, convert, and manipulate PDF files.
Resize, compress, convert, and transform images.
Format, encode, decode, and validate code and data — safe for production secrets.
Convert, compress, and cut audio and video — MP3, WAV, MP4, WebM, Opus — all in your browser, nothing uploads.
Sourdough baker math, canning processing times — kitchen math you should not memorize.
AES-256 file encryption and self-destructing encrypted notes.
Analyze packet captures and run sysadmin diagnostics in your browser — nothing uploads. PCAP Analyzer ships first.
Chart-overlay technical analysis and precision financial math — your screenshots and numbers never leave your device.
Open CAD, BIM, medical, and enterprise files without paying $300-30K/year for the native software. Gerber Viewer ships first.
Three of the most-used online PDF tools — Smallpdf, PDF24, iLovePDF — all publish reasonable privacy policies. The policies are also broader than the marketing suggests. Here is what each one allows on paper, with quoted wording where available.
This document compares the published privacy positions of three of the most-used online PDF tools — Smallpdf, PDF24, and iLovePDF. The goal isn’t to argue any of them is acting in bad faith; all three are responsible operators on the AEC scale. The goal is to show what each one’s policy permits on paper, which is broader than the marketing copy suggests, and what the local-first alternative removes from that surface area.
Sources for each retention claim are cited inline. Access dates are in the citations block at the bottom of the post.
Stated retention. Anonymous files processed by free tools are deleted within one hour. Files routed through eSign or shared via file-sharing are kept up to 14 days. Pro users with active File Storage can retain files indefinitely until manually deleted. Source: the HonestPDF Smallpdf review summarising Smallpdf’s published policy.
Infrastructure. Hosted on Google Cloud Platform, primarily in Europe.
What the policy permits beyond the obvious.
Surface area observation. Responsible operator, conservative retention for the routine file-processing use case, normal account-data retention for Pro tier. The “file deleted in one hour” claim applies to the file content; metadata about the operation persists longer.
Stated retention. One-hour deletion window for processed files, with the option to manually delete sooner if logged in. Source: HonestPDF PDF24 review.
Infrastructure. PDF24’s online tools run on infrastructure operated by Geek Software GmbH (the company behind PDF24).
What the policy permits beyond the obvious.
Surface area observation. Probably the most privacy-pragmatic of the three. Short retention window, no aggressive cross-context tracking, local desktop tool for users who want it. Still uploads the file during the online flow.
Stated retention. 1, 2, or 24 hours depending on account tier. Source: iLovePDF Privacy and HonestPDF iLovePDF review.
Infrastructure. Cloud (specific provider not stated on the public page; ISO 27001 certified for the operations).
What the policy permits beyond the obvious.
Surface area observation. Similar to Smallpdf — responsible operator, short retention by default, broader allowances for paid tiers. The ISO 27001 cert means an external auditor has reviewed the controls; that’s a meaningful signal.
| Surface | Smallpdf | PDF24 | iLovePDF | Loft |
|---|---|---|---|---|
| File uploaded to server | yes | yes | yes | no |
| File deleted after window | 1 hr / 14 d / ∞ | 1 hr | 1 / 2 / 24 hr | n/a |
| Metadata retained longer | yes | yes | yes | URL path, country, and timestamp — never file content |
| Account required for full features | yes | no | yes | no |
| Marketing email opt-in default | yes | no | yes | no |
| Sub-processors involved | several | a few | several | Cloudflare, Stripe, Microsoft (email) — see our privacy policy §5 |
| File subject to operator-side breach risk | yes | yes | yes | no |
The “no” cells reflect architecture, not virtue. The local-first architecture removes the opportunity for each surface; the operator can’t lose what they don’t have.
The local-first architecture doesn’t get team-workspace features (because no accounts), batch processing in the cloud (because no cloud), shared real-time review (because no server). Many power-user workflows that depend on shared state across users are out of scope for us. The three operators above all ship those features and have honest reasons to do so.
For routine, single-document, occasional use — the bulk of what “online PDF tools” get used for — the local-first model has a strictly smaller privacy surface. For deep enterprise workflows across teams, the cloud-side operators are often the right tool.
We tried not to cherry-pick. All three operators in this post are major brands with millions of users and published policies. The retention windows are quoted (via HonestPDF’s summaries of the published policies) rather than inferred. We deliberately omitted weaker operators whose policies would make the comparison look more dramatic.
One thing I keep tripping over while writing this kind of comparison: the operators’ policies are written in legal-document register, and translating them into “what this permits” requires interpretation. Where I’m quoting a fact (retention windows, certifications, infrastructure provider), I cite. Where I’m interpreting what a clause permits, I say “the policy permits” rather than “the operator does.” If you’re using this post as input to a serious privacy decision, read each operator’s actual policy text alongside it.
This document is updated when any of the three operators publishes a significant policy change. Last reviewed 2026-05-27. The retention windows are accurate as of access dates in the citations.
