During a security audit at a financial services company, I found that staff were routinely uploading mortgage application PDFs to a free online merger to combine documents into a single file for their case management system. Each upload contained the applicant's name, address, income details, and credit history. None of it was encrypted in transit for the third-party tool. The tool's privacy policy granted it a processing license. Switching the team to a client-side merger took one afternoon.
Merge, compress, and process PDFs without upload.
Client-side PDF tools. GDPR-friendly. Your documents stay on your device.
Open PDF Merger βWhich PDF Operations Carry Risk
| Operation | Server-Side Risk | Client-Side Alternative |
|---|---|---|
| Merge PDFs | Full document uploaded to server | pdf-lib in browser (FileMint) |
| Compress PDF | Document transmitted for processing | Ghostscript WASM (local) |
| Split PDF | Entire source document uploaded | pdf-lib in browser (FileMint) |
| Convert PDF to image | Document uploaded for rendering | PDF.js + OffscreenCanvas |
| Add digital signature | Requires server-side private key | Requires server (by design) |
The GDPR Compliance Context
Under GDPR Article 28, if you use a third party to process personal data on your behalf, you need a Data Processing Agreement (DPA) with that third party. The DPA specifies what data is processed, for what purpose, for how long, and what security measures the processor implements.
Free online PDF tools almost never offer DPAs. They are not positioned as data processors β they are consumer utilities. This creates a compliance gap: the moment you upload a document containing personal data about an EU citizen (or if you are in the EU), you are potentially in violation of GDPR without a DPA.
The maximum GDPR fine under Article 83 is β¬20 million or 4% of global annual turnover, whichever is higher. The more immediate risk for most small businesses is reputational damage following a breach β a customer contract discovered on a third-party server is a serious client relationship problem regardless of regulatory consequences.
The Shadow IT Problem in Document Management
βShadow ITβ refers to software used by employees outside IT department approval. Document management is one of the highest-risk Shadow IT areas because:
- The tools look harmless (a text box or a file drop area)
- The processing is invisible (employees do not see the HTTP upload)
- The use is frequent (merging PDFs is a daily task for many roles)
- The data is sensitive (HR, legal, finance, contracts)
The solution is not a blanket ban on browser tools β that creates friction without solving the problem. The solution is providing approved local-first alternatives that are as convenient as the risky tools, documented clearly in team runbooks.
A Practical Document Handling Policy
- 1Classify the document first. Does it contain personal data, financial records, or legally privileged information? If yes, use a client-side or approved on-premise tool.
- 2Check the Network tab before using any unfamiliar tool. If you see an upload request when processing a file, the tool is server-side. Stop and find an alternative.
- 3Bookmark approved client-side tools. Having an already-open local tool prevents the impulse to search for a quick online alternative under time pressure.
- 4For bulk operations, use command-line tools. Ghostscript, qpdf, and pdf-lib via Node.js work locally without any browser. They are auditable, scriptable, and have no upload step.
For the technical details of how browser-based PDF tools actually work without a server, our PDF merge guide covers the pdf-lib architecture and the edge cases. For the general case of file upload risks beyond PDF-specific tools, our file upload risk guide covers what Terms of Service clauses actually say.
GDPR-friendly PDF tools β no upload required.
Merge, split, and process PDFs in your browser. Your documents never leave your device.
Open PDF Tools β