Security & GDPR
SafePDF is designed for privacy from the architecture up. Here are the technical details.
100% local processing
SafePDF never connects to the internet to process your files. All operations (merge, compress, convert, encrypt, OCR) run on your CPU. No upload, no intermediary server, no data collection. After installation, the app works entirely offline.
Technical security
Electron sandbox: contextIsolation:true, nodeIntegration:false, sandbox:true
Strict CSP: no unsafe-inline, no outbound connections to CDN
Typed IPC via contextBridge: minimal exposure surface between renderer and main
Anti path-traversal: input/output path validation on all sidecar calls
safeStorage (OS keychain): local store encrypted with native OS APIs
Validated sidecars: only qpdf, Ghostscript, and LibreOffice are invoked, paths normalized
AES-256 encryption: PDF password protection via qpdf
Ed25519 tokens: cryptographically signed license, impossible to forge
GDPR compliance
Since no data leaves the user's machine, SafePDF does not constitute processing of personal data by a third party. There is no processor, no data transfer, no processing registry to maintain. SafePDF is GDPR compliant by design (data protection by design, Art. 25).
Libraries used
Preguntas frecuentes
Does SafePDF send my files to the internet?
No. SafePDF processes all your files locally on your machine. The app only connects to the internet to check for updates (only with an active Pro license). No file, no file data, no content is ever transmitted.
Does SafePDF collect personal data?
SafePDF does not collect personal data. No account is required to use the merge tool (free). The Pro license is associated with a locally signed Ed25519 token, not a user account. No telemetry, no tracking, no analytics on your file content.
How does SafePDF encrypt my PDFs?
SafePDF uses qpdf for AES-256-bit encryption (military standard). The password is entered locally and never transmitted. The file is encrypted on your machine before any possible sharing.
Is SafePDF open-source?
SafePDF code is auditable. The app uses recognized open-source libraries: pdf-lib, qpdf, Ghostscript, Tesseract, LibreOffice.
Is SafePDF GDPR compliant?
Yes, by design. Since no data leaves your machine, there is no processing of personal data by a third party. GDPR therefore imposes no complex registry requirements related to processing your files.
What are the technical security measures?
Electron sandbox (context isolation), disabled nodeIntegration, strict CSP (no unsafe-inline), IPC input validation, anti path-traversal on sidecars, encrypted local store via safeStorage (OS keychain).