Security Policy

Effective Date: June 8, 2026

OptaPDF is built with security and privacy as core design goals. This page explains, in plain terms, the concrete measures we use to protect the files you process.

1. Encryption in Transit

All traffic between your device and our platform — including uploads and downloads — is encrypted using HTTPS (TLS 1.2 or higher). This protects your files from being read in transit over the network.

2. Access-Controlled Downloads

Each processed file is tied to a unique, randomly generated job identifier. Files are served only for that job and are removed by our automated cleanup within 30 minutes, so links are short-lived by design.

3. Zero Permanent Storage

Uploaded and generated files are written to temporary working directories only. An automated cleanup job runs on a schedule and permanently deletes all files older than 30 minutes. We do not create permanent backups of user files.

4. Process Isolation

Our web server, queue, and Python processing engine run as separate services (isolated in their own Docker containers in production). File parsing happens in this contained processing layer rather than on the public web tier.

5. Automated Processing, Validated Uploads

Conversions, edits, and signatures are performed entirely by automated code — no human reviews your files. Uploads are validated against an allowed file-type list and a maximum size before processing, and the API is rate-limited to deter abuse.

6. Honest Tool Limitations

Consistent with high EEAT guidelines, we clearly disclose that perfect, 100% accurate visual layout conversion of some complex files is mathematically unachievable on open-source libraries. If a file fails to process, we show a clean user alert rather than crashing or exposing server logs.