Designed to never touch your files
Our security model
The most important thing to know about DukPdf's security is what we don't do. We don't upload your files. We don't store them. We don't see them. Every PDF tool — merge, split, compress, convert, sign, redact — runs entirely on your device: in your browser using WebAssembly, or natively inside the desktop app.
This isn't a promise we're asking you to trust; it's how the tools are built. The simplest way to say it: no server upload means nothing to breach.
How your files stay safe
Infrastructure security
The parts of DukPdf that do run on servers — authentication, usage limits, billing, and the marketing site — are built with standard best practices:
- HTTPS everywhere. All traffic between your device and our servers is encrypted in transit with modern TLS.
- Minimal server surface. We intentionally don't expose file endpoints. The backend handles accounts, free-tier usage counts, billing metadata, and email — never files.
- Payments handled by specialists. Checkout runs on Dodo Payments, our PCI-DSS-compliant merchant of record. Your full card number never touches DukPdf systems — we store only the payment metadata described in the Privacy Policy.
- Reputable cloud hosting. We use established cloud infrastructure with regular security patching and isolation between tenants.
- Logs. We keep minimal application logs for debugging and abuse prevention. Logs do not contain file content or file names, because those never reach our servers.
Account security
- Password hashing. Passwords are hashed with a modern, slow algorithm (bcrypt/argon2). We never store or log plaintext passwords.
- Session tokens. Sessions use short-lived tokens delivered over HTTPS, with secure and HTTP-only flags.
- Rate limiting. Login, signup, and password-reset endpoints are rate-limited to slow down credential-stuffing and brute-force attacks.
- Two-factor authentication. 2FA is on the roadmap. We'll announce it when it ships.
Desktop app security
- Signed builds. macOS builds are code-signed with an Apple Developer ID and notarized by Apple; Windows builds ship through the same release pipeline.
- Signed updates. Auto-updates are cryptographically signed and the app verifies the signature before installing anything — a tampered update is rejected.
- Sessions in the OS keychain. Your sign-in session is stored in the macOS Keychain or Windows Credential Manager, not in a readable file.
- No analytics. The desktop app sends no analytics — its only telemetry is crash reporting, scrubbed of paths and file names before it leaves your machine.
Compliance posture
DukPdf is designed around GDPR's core principles: data minimisation (we collect as little as possible), purpose limitation (we use data only for what it was collected for), and explicit user rights (access, rectification, erasure, portability — see the Privacy Policy).
We don't currently hold ISO 27001 or SOC 2 certifications — those are audits we'll pursue as DukPdf grows. We'd rather not claim a certification we haven't earned.
Vulnerability reporting
If you've found a security issue in DukPdf — the website, the web app, or anywhere in between — please tell us. We'll acknowledge any good-faith report within 72 hours and work with you to confirm and fix the issue.
Email: support@dukpdf.com(mark the subject line “Security report” so it doesn't get lost in general support).
We don't have a paid bounty program yet, but we'll publicly credit researchers (with your permission) once the fix is shipped.