Trust you can verify in 60 seconds.
Your files are processed on your device and never uploaded. You don't have to take our word for it. Open your browser's network tab and watch it stay true.
The safest place for your file is the one we never receive.
Most online PDF tools upload your file to a server to do the work. KeptPDF does the work right where the file already is: your browser.
A copy on someone else's server can be logged, breached, or subpoenaed long after you forget it was there. KeptPDF never receives the file in the first place, so there is nothing for us to leak, sell, or lose.
This is the difference between a promise and a fact. A server that never receives your document cannot betray it, no matter who asks.
Here is exactly where your file goes.
Everything happens inside your device. The only things that ever reach us are a tool name and your account, never the document.
- The tool's name and a usage count, to enforce the free daily limit
- Your account and payment, if you choose to create one
Never your file, its name, or its contents.
What leaves your browser, and what never does.
We would rather list every byte we send than wave it away with a slogan.
Never leaves your device
- Your file's contents
- Its name and size
- The text and images on the page
- Any fingerprint or hash of your file
- The redacted data itself
What we do send
- A daily usage count, to enforce the free limit
- Which tool you opened, never its contents
- Your account and sign-in, if you make one
- Payment, handled by Stripe, so we never see your card
- A file you choose to import from Google Drive, where Google's terms apply
No third-party analytics, no advertising pixels, no cross-site trackers. The full list is above.
Don't trust us. Check for yourself.
Every claim on this page is something you can confirm in a minute, with no special tools.
Watch the network tab
Open DevTools, switch to Network, and process a file. Your document is never in a single request. See the step-by-step guide.
Read the source
The code that does the work is already in your browser. Inspect it line by line, nothing is hidden on a server. Browse the client files.
Unplug your internet
Turn off your wifi and redact a file anyway. It still works, because the work was never happening on a server.
Prove what you removed, without showing anyone the file.
Every redaction produces a certificate: a SHA-256 fingerprint of the finished file, plus the list of what was scanned and removed. Anyone can check a redacted PDF against its certificate on the verify page, and that check runs in their browser too, so the document is never uploaded to confirm it.
Redaction flattens each page to an image, so the underlying text is gone, not hidden behind a box that can be copied out or peeled off. The certificate is built to line up with FRCP 5.2 and the HIPAA Safe Harbor method.
We will also tell you what we can't promise.
Automatic detection is a strong first pass, not a replacement for your own review. KeptPDF scans 45 kinds of sensitive data, from names and Social Security numbers to medical record and account numbers.
Some things a text scanner can't see on its own: handwriting, a face in a photo, text baked into a scanned image. The tool flags those pages and asks you to look. For HIPAA Safe Harbor, that means 14 of the 18 identifier types are scanned automatically and the rest need a human. Your certificate records exactly what was scanned, so you can show a reviewer the real scope.
For security and compliance reviewers.
The detail your IT team or a procurement review will ask for.
| Subprocessor | What it does | Receives your document content |
|---|---|---|
| Vercel | Hosts the site and serves the static code | Never |
| Stripe | Processes payments | Never. We never see your card either |
| Resend | Sends account and receipt emails | Never |
| Neon | Stores accounts, billing, and usage counts | Never |
Document content is never collected, so there is nothing to retain. We keep your account details while your account is open, payment records for as long as the law requires, and sanitized first-party usage counts. No third-party analytics or advertising trackers run on the site. Because protected health information never reaches our servers, your counsel may conclude no agreement is needed; if your policy still calls for one, the HIPAA page includes a BAA template to review with your own counsel.
Questions skeptics ask.
Does my file get uploaded?
No. Every tool runs in your browser using WebAssembly and JavaScript. Open DevTools, switch to the Network tab, and process a file: your document is never in a request. Sign-in, payment, and a small usage ping (the tool's name, never your document) do reach our servers. Your file does not.
Is the redaction really permanent?
Yes. KeptPDF flattens each redacted page to an image, so the text underneath is removed from the file, not hidden behind a box that can be copied out or dragged off. Each redaction also ships a SHA-256 certificate, so you can prove the file wasn't changed afterward.
What do you store about my documents?
Nothing. We never receive your file, so there is nothing to store, back up, or hand over. The only data we keep is what you give us directly: your email if you sign in, your payment status, and an anonymous daily count for the free limit.
Do you sign a BAA?
Because protected health information never reaches our servers, your counsel may conclude no agreement is needed. If your policy requires one, the HIPAA page includes a BAA template based on HHS sample provisions for you to review and adapt with your own counsel. This is information, not legal advice.
Is it safe to paste into ChatGPT after redacting?
KeptPDF removes the detected text on your device before you ever share the file, and strips hidden metadata in the same pass. Always review the result first. Automatic detection is a strong first pass, not a substitute for your own check.
What happens if I lose internet?
The tools keep working. After your first visit, KeptPDF runs offline, which is also the simplest proof that the work happens on your device and not on a server.
Who can see my files?
No one but you. They never leave your device, so there is no copy on our side for an employee, a subpoena, or a breach to reach.