PDF security is often reduced to a single question — 'does it have a password?' — but there is more nuance worth understanding, especially when it comes to choosing which tools to trust with sensitive documents.

Two different kinds of PDF passwords

An 'open' password prevents a file from being viewed at all without the correct password. A separate 'permissions' password can restrict actions like printing or editing while still allowing the document to be viewed — these serve very different purposes and are not interchangeable.

What encryption actually protects against

A properly encrypted PDF protects the file itself if it falls into the wrong hands — lost on a USB drive, intercepted in transit, or found on a discarded device. It does not protect the file while it is open and being actively viewed or edited on a screen.

Why processing location matters just as much as encryption

Even a strongly encrypted PDF has to be decrypted somewhere to be edited, merged, or converted. If that decryption happens on a remote server, the unencrypted content exists, even briefly, on infrastructure you do not control. If it happens locally in your browser, the decrypted content never leaves your device at any point.

A simple rule for sensitive documents

For anything genuinely sensitive — tax documents, medical records, signed contracts — prefer tools that explicitly process files locally in the browser over ones that require an upload, regardless of what security promises the upload-based service makes about deleting files afterward.

Advertisement Paste your AdSense in-article unit here

Process your files locally.

Browse all tools