We built LovePDFs around a simple principle: your files are yours, always.
LovePDFs is structured to reduce risk by keeping document processing in the browser whenever possible. That means the service does not depend on a traditional upload-and-store workflow for core PDF and image tools. This page explains the practical safeguards behind that approach so visitors, reviewers, and partners can understand how the site is designed.
Last reviewed: March 19, 2026. We update this page when our tooling, scripts, or privacy-related practices materially change.
This is our core security promise. Every single PDF and image processed by LovePDFs is handled entirely within your web browser using JavaScript and WebAssembly. There is no server upload. Your files are not transmitted anywhere.
We use PDF.js and pdf-lib.js to process files in your browser tab. The result is computed on your CPU and stays in your RAM until you download it.
All pages are served over HTTPS with TLS encryption, ensuring safe browsing even on public networks.
We only use a single localStorage key for your dark-mode preference. No tracking cookies. No third-party cookie services.
Our only third-party script is Google AdSense for serving ads. Ad scripts run in a sandboxed iframe and have no access to your file data.
We do not use Google Analytics, Hotjar, or any user behaviour tracking. No session recordings. No heatmaps.
We cannot retain your data because we never receive it. There is nothing to delete. There is nothing to breach.
If you discover a legitimate security issue affecting LovePDFs, please report it through the contact page with the affected URL, steps to reproduce, and any screenshots that help explain the problem. We review credible reports and prioritize issues related to privacy, availability, and site integrity.
For visitors, we also recommend keeping your browser updated and maintaining backups of important files before editing them with any web-based tool.