Security & GDPR

SafePDF is designed for privacy from the architecture up. Here are the technical details.

100% local processing

SafePDF never connects to the internet to process your files. All operations (merge, compress, convert, encrypt, OCR) run on your CPU. No upload, no intermediary server, no data collection. After installation, the app works entirely offline.

Technical security

Electron sandbox: contextIsolation:true, nodeIntegration:false, sandbox:true

Strict CSP: no unsafe-inline, no outbound connections to CDN

Typed IPC via contextBridge: minimal exposure surface between renderer and main

Anti path-traversal: input/output path validation on all sidecar calls

safeStorage (OS keychain): local store encrypted with native OS APIs

Validated sidecars: only qpdf, Ghostscript, and LibreOffice are invoked, paths normalized

AES-256 encryption: PDF password protection via qpdf

Ed25519 tokens: cryptographically signed license, impossible to forge

GDPR compliance

Since no data leaves the user's machine, SafePDF does not constitute processing of personal data by a third party. There is no processor, no data transfer, no processing registry to maintain. SafePDF is GDPR compliant by design (data protection by design, Art. 25).

Libraries used

pdf-lib
Merge, split, rotate, watermark
qpdf
Encrypt, decrypt, repair
Ghostscript
Compression, PDF/A
Tesseract
OCR (text recognition)
LibreOffice
Office → PDF conversion
sharp
Image processing

Często zadawane pytania

Does SafePDF send my files to the internet?

No. SafePDF processes all your files locally on your machine. The app only connects to the internet to check for updates (only with an active Pro license). No file, no file data, no content is ever transmitted.

Does SafePDF collect personal data?

SafePDF does not collect personal data. No account is required to use the merge tool (free). The Pro license is associated with a locally signed Ed25519 token, not a user account. No telemetry, no tracking, no analytics on your file content.

How does SafePDF encrypt my PDFs?

SafePDF uses qpdf for AES-256-bit encryption (military standard). The password is entered locally and never transmitted. The file is encrypted on your machine before any possible sharing.

Is SafePDF open-source?

SafePDF code is auditable. The app uses recognized open-source libraries: pdf-lib, qpdf, Ghostscript, Tesseract, LibreOffice.

Is SafePDF GDPR compliant?

Yes, by design. Since no data leaves your machine, there is no processing of personal data by a third party. GDPR therefore imposes no complex registry requirements related to processing your files.

What are the technical security measures?

Electron sandbox (context isolation), disabled nodeIntegration, strict CSP (no unsafe-inline), IPC input validation, anti path-traversal on sidecars, encrypted local store via safeStorage (OS keychain).

Pobierz SafePDF