Security model

What local PDF editing actually protects.

Slay PDF is built for no-upload PDF work. This page explains what stays in the browser, what is stored locally, and which risks still belong to the browser, device and user.

No app-server PDF upload

Imported files, page previews, edits and exports are handled in the browser instead of being sent to a Slay PDF document processing server.

Local browser storage

The active workspace can be saved in browser storage so recent work can reopen after refresh. Clearing the workspace removes that app state.

Honest limits

Browser extensions, malware, device backups, downloaded files, shared profiles and network-level hosting infrastructure are outside Slay PDF's control.

What Slay PDF keeps local

PDF imports, image imports, page organization, annotations, signatures, form edits, redaction overlays, OCR work and PDF exports run in the browser. The app is deployed as static files rather than a hosted PDF conversion service.

This local model is useful for contracts, invoices, receipts, school documents, client files and one-off forms where uploading a PDF to an unknown remote processor is the wrong tradeoff.

What Slay PDF stores

The active workspace can be stored in browser storage so recent work can continue after refresh. Browser storage is local to the browser profile, not a Slay PDF account. Use New PDF or clear recent work to remove the saved workspace from the app.

Passwords and encrypted exports

Passwords used for encrypted PDF exports are not saved by Slay PDF. They are used for the export being generated and should still be handled like any sensitive secret on the user's own device.

Redaction expectations

Slay PDF can rasterize pages that contain redaction overlays so covered text and image content is not left selectable behind a rectangle. Always review the exported PDF before sharing sensitive redactions.

Threats outside the app boundary

A browser-based local editor cannot protect against a compromised operating system, malicious extensions, screen recording, shared browser profiles, cloud-synced downloads, corporate device monitoring or someone with access to the downloaded PDF.

Security FAQ

Does Slay PDF upload files to a PDF processing server?

No. Slay PDF is a static client-side web app, and PDF processing runs in the browser instead of on a Slay PDF app server.

Can browser extensions still access pages or files?

Potentially, depending on the extension and browser permissions. Use a trusted browser profile and device for sensitive documents.

Are PDF export passwords saved?

No. Export passwords are used for the current export and are never saved by Slay PDF.

Is local browser editing the same as perfect security?

No. It removes app-server document uploads from the workflow, but the browser, operating system, downloads folder, backups and user environment still matter.