We take security seriously. Here's exactly how PDFMagic protects your files — from the moment you upload to the moment they're deleted.
Multiple independent layers of protection — so no single failure can expose your data.
All file transfers use TLS 1.3 encryption. Your documents are never transmitted in plain text between your device and our servers.
Each file is processed in a sandboxed, isolated environment. Your document never touches another user's session or data.
Files are automatically and permanently purged from all servers within 1 hour of processing. No manual deletion needed.
We never read, index, or analyze the content of your documents. Our servers process files mechanically — no humans, no AI training.
Our infrastructure is protected against distributed denial-of-service attacks, ensuring the service stays available when you need it.
We conduct regular security reviews and penetration testing to proactively identify and fix vulnerabilities before they can be exploited.
From upload to deletion — here's exactly what happens to your document.
Your file travels from your device to our server over a TLS 1.3 encrypted connection. Intercepting this would require breaking military-grade encryption.
Your file is placed in a temporary, sandboxed container. This environment is isolated — no other user can access it, and it has no access to other users' files.
Our tools process the PDF mechanically — merging, compressing, converting, etc. No employee or AI system reads your document's content.
The processed file is made available for you to download, again over an encrypted connection. The download link is unique and temporary.
Both the input and output files are automatically purged from all storage within 1 hour. This is not optional — it happens automatically, always.
We implement the same security standards used by leading cloud services and financial institutions.
TLS 1.3 — Latest transport encryption for all connections
AES-256 encryption — For any data at rest during processing
HTTPS everywhere — No mixed content, no HTTP fallback
CSP headers — Content Security Policy blocks malicious scripts
CSRF protection — Cross-Site Request Forgery tokens on all actions
Rate limiting — Prevents abuse and brute-force attacks
Secure headers — HSTS, X-Frame-Options, referrer policy
We take all security reports seriously. If you've discovered a vulnerability in PDFMagic, please tell us responsibly — we'll investigate promptly and credit you for the discovery.
Email us at security@pdfmagic.app with details
We'll acknowledge within 24 hours and investigate
We'll fix verified issues and credit your discovery
Please do not publicly disclose vulnerabilities before we've had a chance to patch them. We appreciate responsible disclosure.