Security Policy

PDFJPG's client-side processing approach
and multi-layered security system.

Core Security Principle

All file processing occurs only in the user's browser, and no data is transmitted to servers.

1. Client-Side Processing Security

PDFJPG's biggest security feature is that all file processing occurs only in the user's local environment. This fundamentally blocks the possibility of data leakage.

Security Processing Flow

1. Local File Selection
User selects file from their own device
2. Browser Memory Load
Selected file is loaded only into browser RAM
3. Local Processing
File conversion executed with JavaScript
4. Result Download
User directly saves the converted file
5. Automatic Cleanup
All data automatically released from memory

1.1 Technical Implementation

JavaScript Libraries

Implements complete local processing using only trusted open source libraries such as PDF.js, jsPDF, and PDF-lib

HTML5 Canvas API

Uses browser's standard Canvas API for image processing to minimize external dependencies

File API

Accesses local files safely and standardly through HTML5 File API

2. Security Comparison with Traditional Methods

Compares traditional server-based file processing methods with PDFJPG's client-side approach to explain security advantages.

Security Element Traditional Server Method PDFJPG Client-Side Method
File Server Upload
Required
Not Required
Server Storage Risk
Exists
None
Network Transmission Security
Encryption Required
No Transmission
Server Hacking Risk
Exists
None
Data Leak Possibility
Possible
Source Blocked
Third Party Access
Possible
Impossible
Processing Speed
Network Dependent
Local Processing
Internet Connection Dependency
Essential
Not Required During Processing

3. Multi-Layer Security System

In addition to the fundamental security of client-side processing, we apply additional technical security measures.

3.1 Web Application Security

HTTPS Connection

All website communications are protected through TLS/SSL encryption, preventing man-in-the-middle attacks.

CSP (Content Security Policy)

Strict content security policies prevent XSS attacks and code injection.

SameSite Cookies

SameSite cookie policies are applied to prevent CSRF attacks.

Input Validation

Pre-blocks malicious files or incorrectly formatted file uploads.

3.2 Browser-Based Security

  • Same-Origin Policy: Browser's default security policy blocks access from other domains
  • File API Limitations: Access only to files explicitly selected by users
  • Sandbox Environment: Isolated execution in browser's sandbox environment
  • Memory Isolation: Memory protection through browser process isolation

3.3 Code Security

  • Open Source Libraries: Ensuring transparency by using only verified open source libraries
  • Regular Updates: Using latest version libraries including security patches
  • Code Minimization: Reducing attack surface by removing unnecessary features
  • Error Handling: Preventing information disclosure through proper error handling

4. Threat Analysis and Response

We analyze possible security threats and present response measures for each.

Potential Threats

  • Malicious File Upload: Processing files containing viruses or malware
  • Memory-Based Attack: Attacks targeting browser memory
  • XSS Attack: Attempts to inject malicious scripts
  • DoS Attack: Service disruption through mass file processing

Response Measures

  • File Format Validation: Restricting to process only allowed file formats
  • File Size Limitation: Size restrictions to prevent memory overflow
  • CSP Policy: Strict content security policy to limit script execution
  • Rate Limiting: Usage restrictions to prevent excessive requests

4.1 Security Monitoring

  • Error Logging: Monitoring and response when security-related errors occur
  • Performance Monitoring: Detection of abnormal usage patterns
  • Update Notification: Immediate application of security patches and updates

5. Privacy Protection

Specific measures to protect user privacy and file contents.

5.1 Data Collection Minimization

Information Not Collected

We do not collect any sensitive data such as file contents, personal information, account information, or payment information.

Minimal Analytics Data

We collect only minimal anonymized usage pattern analysis data for service improvement.

5.2 Memory Security

  • Immediate Release: Data release from browser memory immediately upon file processing completion
  • Garbage Collection: Automatic memory cleanup through JavaScript garbage collector
  • Session Management: Complete deletion of all session data when browser tab is closed
  • Cache Prevention: Prevents sensitive data from being stored in browser cache

5.3 Legal Compliance

  • Personal Information Protection Act: Full compliance with Korean Personal Information Protection Act
  • GDPR: Compliance with European General Data Protection Regulation
  • CCPA: Compliance with California Consumer Privacy Act
  • Transparency: Providing complete transparency in data processing

6. User Security Guidelines

Security guidelines recommended to help users use our service more safely.

6.1 Recommendations

Use Latest Browser

Use browsers with the latest security patches applied, such as Chrome 80+, Firefox 75+, Safari 13+.

Safe Network

We recommend processing important documents on a private network rather than public Wi-Fi.

Backup Original Files

Back up your original files separately before conversion to prepare for potential loss.

Result Review

Always check the content and quality of converted files before using them for important purposes.

6.2 Precautions

Please pay attention to the following items

  • Confidential Documents: Consider using offline tools for extremely sensitive confidential documents
  • Public Computers: Clear browser history and download folders when using public computers
  • File Sharing: Check for unintended information inclusion when sharing converted files
  • Browser Extensions: Disable unknown browser extension programs

7. Security Incident Response

Reporting and response procedures when security issues or suspicious activities are discovered.

7.1 Report Targets

  • Security Vulnerabilities: Security vulnerabilities discovered in the service
  • Malicious Activities: Suspicious activities that abuse the service
  • Data Anomalies: Data processing results different from expectations
  • System Errors: System errors related to security

7.2 Response Procedure

  1. Immediate Report: Report with detailed information through the contact page
  2. Initial Response: Report receipt confirmation and initial analysis within 24 hours
  3. Detailed Investigation: In-depth analysis and investigation by expert team
  4. Response Measures: Necessary security patches and system improvements
  5. Result Sharing: Sharing investigation results and response measures

7.3 Prevention Measures

  • Regular Security Checkup: Monthly regular security status checkup
  • Library Updates: Immediate application of updates including security patches
  • Monitoring Enhancement: Operating automatic detection system for suspicious patterns
  • Security Education: Regular security training for development team

Security Inquiries and Reports

If you have security-related inquiries or have discovered suspicious activities, please contact us immediately.

Security Report

When vulnerabilities or security issues are discovered

Bug Report

Security-related errors or bugs

Security Inquiry

Questions about security policies

Contact for Security