The engineering version, for people who want to check the math.

In transit

Your uploads and downloads travel over TLS 1.3 with modern cipher suites. HSTS is on, HTTP is redirected to HTTPS, and you never reach the app over a plain connection.

At rest

Any short-lived server-side copy of your file sits on AES-256 encrypted disks and is deleted within 60 minutes. Keys are rotated on a managed schedule; locally saved PDFs stay inside your browser's storage until you clear them.

Access control

Your document content is not reachable by our team by default. Production access is least-privilege, gated by role-based permissions and multi-factor authentication, and only a narrow on-call group can touch the systems that hold a file in flight.

Audit logs

We log admin authentication, infrastructure changes, and access to storage backends. Your task activity is never logged with document content — only anonymous timing and error telemetry, which you can opt out of.

Incident response

We have a written response plan covering detection, containment, customer notification, and post-incident review. If your data is materially affected, you hear from us within 72 hours of confirmation. Pen tests and supplier reviews are on a recurring schedule.

Reporting vulnerabilities

If you find a security issue, email security@pdfclarity.com with a reproduction path. A real human triages your report, replies with an acknowledgement, and follows up with a fix timeline. Coordinated disclosure is welcome.

Keep reading

Your trust review is easier when you can cross-check each page. These short companion pages cover the same product boundary from different angles.

• TrustThe plain-language summary of where your files live, who can see them, and what we will never do with them.
• Compliance and certificationsOur honest certification status: ISO/IEC 27001 in progress, GDPR and CCPA compliant, plus our stance on SOC 2, HIPAA, and PCI.