VVERSAFILE
Privacy model

Your files stay on your device.

VersaFile processes documents directly in your browser using JavaScript and Web Workers. Nothing is uploaded, nothing is stored. This page explains exactly what happens and where the trust boundary sits.

What stays local

  • Your PDF, DOCX, image, and spreadsheet file contents (never sent to any server)
  • All intermediate buffers during editing, compression, conversion, and watermarking
  • PII scan results and redaction selections, processed entirely in your browser
  • Passwords used in protect or unlock flows, held only in memory while the tool runs
  • Form field values, overlay text, and annotations you add to documents
  • Page thumbnails and previews, rendered locally via HTML Canvas

What hits the network

  • Standard page assets: HTML, CSS, JavaScript, fonts, and icons served by our CDN
  • Privacy-focused analytics (PostHog) for page visits — no document content is ever included
  • No document content is ever transmitted for free local tools: zero upload, zero telemetry

What is stored server-side

  • Free web tools require no account and store nothing server-side
  • Cloud API features (when used) process files server-side under a separate trust boundary
  • Account data, billing info, and API usage metadata for authenticated users only
  • Cloud-processed files are held temporarily and deleted after processing completes

The trust boundary

Local tools and cloud features operate under separate trust boundaries. Free browser tools keep your documents entirely on your device. VersaFile's servers never see them. Cloud API features are intentionally server-processed and clearly labeled with a Pro badge.

You always know which trust boundary you are operating in before dropping a file.

How local processing works

1. File stays in memory

When you drop a file, it is read into your browser's memory using the File API. It never leaves the browser tab.

2. Web Worker processes it

A background Web Worker runs pdf-lib (for mutations) or PDF.js (for extraction) on the in-memory bytes. No network calls are made.

3. Result downloads directly

The processed file is offered as a direct download via a Blob URL. After download, all buffers are released and garbage collected.

Common questions

Do you use cookies or tracking?

We use privacy-focused analytics (PostHog) to understand page visits and improve the product. No document content is ever included. We use only essential cookies for authenticated sessions when you log in to cloud features.

Can I use VersaFile offline?

Once the page loads, all local tools work without an internet connection. The processing engine is bundled in the JavaScript that your browser already downloaded.

What about the Pro tools?

Tools marked Pro (like DOCX to PDF) use server-side rendering for higher quality output. These require authentication and files are processed server-side, then deleted after delivery.

How can I verify this?

Open your browser's Network tab while using any local tool. You will see zero outbound requests carrying document data. The code is also inspectable in your browser's DevTools.

Back to tools