No app-server PDF upload
Imported files, page previews, edits and exports are handled in the browser instead of being sent to a Slay PDF document processing server.
Security model
Slay PDF is built for no-upload PDF work. This page explains what stays in the browser, what is stored locally, and which risks still belong to the browser, device and user.
Imported files, page previews, edits and exports are handled in the browser instead of being sent to a Slay PDF document processing server.
The active workspace can be saved in browser storage so recent work can reopen after refresh. Clearing the workspace removes that app state.
Browser extensions, malware, device backups, downloaded files, shared profiles and network-level hosting infrastructure are outside Slay PDF's control.
PDF imports, image imports, page organization, annotations, signatures, form edits, redaction overlays, OCR work and PDF exports run in the browser. The app is deployed as static files rather than a hosted PDF conversion service.
This local model is useful for contracts, invoices, receipts, school documents, client files and one-off forms where uploading a PDF to an unknown remote processor is the wrong tradeoff.
The active workspace can be stored in browser storage so recent work can continue after refresh. Browser storage is local to the browser profile, not a Slay PDF account. Use New PDF or clear recent work to remove the saved workspace from the app.
Passwords used for encrypted PDF exports are not saved by Slay PDF. They are used for the export being generated and should still be handled like any sensitive secret on the user's own device.
Slay PDF can rasterize pages that contain redaction overlays so covered text and image content is not left selectable behind a rectangle. Always review the exported PDF before sharing sensitive redactions.
A browser-based local editor cannot protect against a compromised operating system, malicious extensions, screen recording, shared browser profiles, cloud-synced downloads, corporate device monitoring or someone with access to the downloaded PDF.
No. Slay PDF is a static client-side web app, and PDF processing runs in the browser instead of on a Slay PDF app server.
Potentially, depending on the extension and browser permissions. Use a trusted browser profile and device for sensitive documents.
No. Export passwords are used for the current export and are never saved by Slay PDF.
No. It removes app-server document uploads from the workflow, but the browser, operating system, downloads folder, backups and user environment still matter.