Security

Last updated: July 3, 2026

Designed to never touch your files

Our security model isn't a policy — it's the architecture. File processing runs on your device, not our servers, so there's no server upload surface to attack, no storage to breach, and no third party that can access your documents.

Our security model

The most important thing to know about DukPdf's security is what we don't do. We don't upload your files. We don't store them. We don't see them. Every PDF tool — merge, split, compress, convert, sign, redact — runs entirely on your device: in your browser using WebAssembly, or natively inside the desktop app.

This isn't a promise we're asking you to trust; it's how the tools are built. The simplest way to say it: no server upload means nothing to breach.

How your files stay safe

Zero transmission.Your files are processed on your device. They don't travel over the network when you use a DukPdf tool.
No retention surface. We have no file storage — no S3 bucket, no database column, no cache. There is nothing to delete because nothing is saved.
No third-party exposure.Because we don't have your files, we can't share them with any partner, vendor, or legal request.

Infrastructure security

The parts of DukPdf that do run on servers — authentication, usage limits, billing, and the marketing site — are built with standard best practices:

  • HTTPS everywhere. All traffic between your device and our servers is encrypted in transit with modern TLS.
  • Minimal server surface. We intentionally don't expose file endpoints. The backend handles accounts, free-tier usage counts, billing metadata, and email — never files.
  • Payments handled by specialists. Checkout runs on Dodo Payments, our PCI-DSS-compliant merchant of record. Your full card number never touches DukPdf systems — we store only the payment metadata described in the Privacy Policy.
  • Reputable cloud hosting. We use established cloud infrastructure with regular security patching and isolation between tenants.
  • Logs. We keep minimal application logs for debugging and abuse prevention. Logs do not contain file content or file names, because those never reach our servers.

Account security

  • Password hashing. Passwords are hashed with a modern, slow algorithm (bcrypt/argon2). We never store or log plaintext passwords.
  • Session tokens. Sessions use short-lived tokens delivered over HTTPS, with secure and HTTP-only flags.
  • Rate limiting. Login, signup, and password-reset endpoints are rate-limited to slow down credential-stuffing and brute-force attacks.
  • Two-factor authentication. 2FA is on the roadmap. We'll announce it when it ships.

Desktop app security

  • Signed builds. macOS builds are code-signed with an Apple Developer ID and notarized by Apple; Windows builds ship through the same release pipeline.
  • Signed updates. Auto-updates are cryptographically signed and the app verifies the signature before installing anything — a tampered update is rejected.
  • Sessions in the OS keychain. Your sign-in session is stored in the macOS Keychain or Windows Credential Manager, not in a readable file.
  • No analytics. The desktop app sends no analytics — its only telemetry is crash reporting, scrubbed of paths and file names before it leaves your machine.

Compliance posture

DukPdf is designed around GDPR's core principles: data minimisation (we collect as little as possible), purpose limitation (we use data only for what it was collected for), and explicit user rights (access, rectification, erasure, portability — see the Privacy Policy).

We don't currently hold ISO 27001 or SOC 2 certifications — those are audits we'll pursue as DukPdf grows. We'd rather not claim a certification we haven't earned.

Vulnerability reporting

If you've found a security issue in DukPdf — the website, the web app, or anywhere in between — please tell us. We'll acknowledge any good-faith report within 72 hours and work with you to confirm and fix the issue.

Email: support@dukpdf.com(mark the subject line “Security report” so it doesn't get lost in general support).

We don't have a paid bounty program yet, but we'll publicly credit researchers (with your permission) once the fix is shipped.