Security

Production should use HTTPS. Supported browser-local tools avoid upload. Local input previews are generated in the browser. Server tools use random internal file identifiers, file-type and signature validation, upload and page-count limits, isolated job workspaces, automatic cleanup, rate limiting, and non-root containers.

Job IDs alone do not authorize access. Status, cancellation, deletion, and download require anonymous ownership tokens, and downloads also require a separate download token.

Please report suspected vulnerabilities by email. Do not test with destructive activity, denial of service, credential attacks, attempts to access other users' files, or public disclosure before the issue is reviewed. There is no bug bounty program unless announced separately.

No public page should be treated as a complete security audit or certification. FreePDFHelp does not claim SOC 2, ISO certification, HIPAA compliance, or absolute anonymity.