The short version: your files never leave your device. All 17 PDF tools run inside your browser using WebAssembly. We never see your file contents because the file is never uploaded. The rest of this page explains what we do collect (mainly: anonymous analytics on this page itself), why, and what rights you have.
1. Your files
When you use any tool on imisspdf.com — merge, split, compress, convert, sign, edit, OCR, watermark, redact, or any of the others — the PDF or other document is processed entirely within your browser tab. The browser reads the file from your local disk into its own memory, runs the operation locally via JavaScript and WebAssembly (built on top of the open-source pdf-lib), and offers the result for download.
What this means in practice:
- Your file is never uploaded to imisspdf servers (we don't have file-processing servers).
- Your file is never stored, neither during processing nor after.
- We cannot read the contents of your file. We can't recover it for you if you lose it; we can't hand it over in response to a subpoena.
- When you close the browser tab, the file is gone from memory.
You can verify this yourself: open your browser's developer tools, switch to the Network tab, run any tool on imisspdf, and watch — there is no request that uploads your file. Files transferred over the network appear as POST requests with file content; you won't see any.
The one exception, made explicit: if you click Download, the resulting file is written to your device's downloads folder by the browser. That's your local disk, not our servers.
2. What we collect about visits to this site
We collect a small amount of standard analytics data about your visit to the website itself (separate from your file contents, which we never see). Specifically:
Google Analytics 4 (page views & basic interactions)
We use Google Analytics 4 to understand which pages get traffic and which tools are most used. GA4 collects: page URL, page title, referrer, approximate location (country / region level — not city or street), device type (desktop / mobile), browser name and version, and a randomly-assigned client identifier (a cookie or local-storage value). It does not read your file contents because your file is never in scope of any analytics tag.
You can opt out of GA4 by enabling "Do Not Track" in your browser, installing the Google Analytics opt-out add-on, or using any standard ad/privacy blocker (uBlock Origin, Brave Shields, Firefox Enhanced Tracking Protection).
Cloudflare Pages (hosting access logs)
Our hosting provider, Cloudflare Pages, keeps standard HTTP access logs containing your IP address, user agent, requested URL, and timestamp. These logs are used to detect abuse, debug performance, and produce aggregate request-volume reports. They are retained for a short period (Cloudflare's default; typically a few days). We do not have a direct way to look up a single user's activity in these logs; they're only useful in aggregate.
Optional: Cloudflare Web Analytics
If we have enabled Cloudflare Web Analytics (a cookieless analytics product), it collects the same kind of high-level traffic data as GA4 but without setting any cookies and without sending data to Google.
3. Cookies and similar storage
We use very few cookies:
- Google Analytics cookies (
_ga,_gid) — for measuring repeat visits. Lifespan: up to 2 years for_ga. You can clear these at any time from your browser settings. - Google Tag Manager cookies (if used) — auxiliary to GA4.
We do not use:
- Advertising / retargeting cookies (no Facebook Pixel, no Google Ads, no LinkedIn Insights)
- Session-recording / heatmap tools (no Hotjar, no FullStory, no Mouseflow)
- Third-party A/B testing services
- Cross-site tracking cookies
Some of our tool pages briefly use localStorage or sessionStorage as scratch space (for example, to remember the order of files you've dragged in for merging) — these never contain your file content, only metadata like file names, and they're cleared when you close the tab.
4. Advertising
We display one non-intrusive banner ad on every page (homepage, tool pages, blog, marketing pages) to fund the free tier. The slot sits below the page's main content — never inside the tool you're using, never above the fold on mobile, never as a popup or interstitial.
The ad runs in an iframe that is denied permission to navigate or redirect your browser tab (we omit allow-top-navigation from its sandbox), so a malicious ad cannot hijack you to another site. More importantly: your file never becomes part of the page. It is held in your browser's memory inside the tool's own code and processed there — it is never written into the page the ad can see. So no ad code can read, intercept, or upload your file. That is structural — enforced by how the tool is built, not a promise we could quietly change.
Our ad provider (currently Adsterra) sets its own cookies and may track impressions and clicks. We have configured them with reasonable defaults to avoid invasive ad formats — no popups, no auto-play video, no malware-adjacent inventory.
Ad networks are imperfect; if you encounter an ad you consider deceptive or inappropriate, email us at support@imisspdf.com with a screenshot and we'll investigate.
5. Third-party services we use
- Cloudflare Pages — hosting and CDN (US/global)
- Google Analytics 4 — site analytics
- Google Fonts — Inter font family delivered via Google's CDN. Google may log a request when your browser fetches the font; we use the standard public Google Fonts endpoint.
- Tabler Icons — icon font delivered via jsDelivr CDN
- Adsterra (when ads are enabled) — ad serving
None of these third parties ever see your file contents because your file never leaves your browser.
6. Data sales and AI training
We do not sell any data to third parties.
We do not use your files to train AI models. We cannot, because we never see the files. This is structural — not a policy choice we could quietly change later.
7. Your rights (GDPR, CCPA, PDP Law)
Even though we collect very little personal data, the regulations that apply to international web services give you rights you can exercise:
GDPR (EU/UK residents)
- Right to access: ask us what personal data we hold about you
- Right to rectification: correct any inaccurate data
- Right to erasure: ask us to delete data we hold
- Right to data portability: receive a copy of your data in machine-readable form
- Right to object: opt out of analytics collection
- Right to lodge a complaint with your national Data Protection Authority
CCPA / CPRA (California residents)
- Right to know what personal information we collect and disclose
- Right to delete personal information we hold
- Right to opt out of "sale" or "sharing" of personal information (we don't sell or share, but the right exists)
- Right to non-discrimination for exercising any of the above
Indonesian PDP Law (Law No. 27/2022)
- Right to be informed about processing of personal data
- Right to access, update, and correct personal data
- Right to delete or destroy personal data
- Right to withdraw consent
- Right to data portability
How to exercise these rights
Email privacy@imisspdf.com with a clear description of the request and verification that you are the data subject. We respond within the timelines required by your jurisdiction (typically 30 days under GDPR, 45 days under CCPA, 3 days under PDP Law for verification + 14 days for fulfillment).
In most cases, our answer will be "we don't hold any data about you that we could identify as yours" — but we'll confirm that explicitly.
8. Children
imisspdf is a tool for adults. We do not knowingly collect personal data from children under 13 (or 16 in some EU jurisdictions). If you believe a child has used our service and want their data removed, email privacy@imisspdf.com.
9. Changes to this policy
We may update this policy as we add features, integrations, or jurisdictions. Material changes will be announced via a notice on the homepage and an update to the "last updated" date at the top of this page. The policy version in force when you processed a file is the policy that applies to that interaction.
10. Contact
- General questions: support@imisspdf.com
- Privacy & data requests: privacy@imisspdf.com
- Legal & compliance: legal@imisspdf.com
One more time, for clarity: this page covers what we collect about visits to this website. Your file contents are processed entirely in your browser and we have no access to them at any point. That's the architectural promise, and it doesn't require you to trust our policy — it's verifiable in your browser's network tab.