Skip to main content

Security Policy

Protecting user data is our highest priority. Learn about our security practices and how to report vulnerabilities.

Core Security Architecture

UploadReadyPDF operates on a strict Zero-Trust, Local-First architecture.

  • Client-Side Only Processing: All PDF document repairs, flattening, and compression happen entirely within your browser using WebAssembly and JavaScript.
  • No Server Uploads: User files are never uploaded to our servers, ensuring we cannot access, store, or leak your sensitive documents.
  • Ephemeral Metadata: We do not log file names, metadata, or content characteristics.

Vulnerability Disclosure Policy

We value the security community and welcome reports of vulnerabilities. If you believe you have found a security issue in our platform, please read our disclosure guidelines below.

Scope

  • In Scope: Web application vulnerabilities (XSS, CSRF, Injection), Authentication flaws, Client-side logic bypasses.
  • Out of Scope: DDoS attacks, Social engineering, Physical security of offices, Vulnerabilities in third-party libraries without a working exploit.

How to Report

Please send a detailed description of the vulnerability, inclusive of steps to reproduce, to: [email protected].

We aim to acknowledge receipt within 48 hours and provide a timeline for remediation within 5 business days.

Security Hall of Fame

We gratefully acknowledge the following researchers for their contributions to securing our platform:

No vulnerabilities reported yet. Be the first to help secure UploadReadyPDF!

PDF rejected? Fix it now.