I Built a PDF Tool That Never Touches a Server - Here's the Architecture

Most online PDF tools share a dirty secret: your files are uploaded to a remote server, processed, and hopefully deleted. For sensitive documents, this is a massive privacy risk. I set out to build a different kind of suite — one that processes PDFs entirely in the browser with zero server-side processing.

The result is ZeroCloudPDF, a privacy-first PDF platform. Here is the technical breakdown of how I built it, the architecture decisions I made, and the SEO trap I avoided.

The Core Principle: Pure JavaScript, Zero WebAssembly

The foundation of ZeroCloudPDF is strict: pure JavaScript only. Many modern browser-based tools rely on WebAssembly (WASM) or dynamic imports to handle heavy computational tasks. While WASM is powerful, it introduces complexity, larger bundle sizes, and dynamic loading overhead.

By sticking to pure JS, we ensure maximum compatibility and transparency. All heavy lifting happens client-side using established libraries loaded from cdnjs.cloudflare.com:

  • pdf.js 3.11.174 — for rendering and extracting PDF pages.
  • jsPDF 2.5.1 — for generating PDFs from images and Word documents.
  • mammoth.js 1.6.0 — for parsing .docx files cleanly.

These libraries load via deferred script tags on every page. Before any conversion runs, the app checks that each library is ready; if not, the user sees a clear toast notification rather than a silent failure.

For Word-to-PDF conversions that need image-based output, html2canvas 1.4.1 loads dynamically on demand only when Word Image mode is selected. It is not fetched for any other tool.

HEIC Without a Server Roundtrip

Apple devices save photos as HEIC files. Most online tools send these to a server for decoding. ZeroCloudPDF does not. It uses the browser’s native createImageBitmap() and drawImage() APIs on a canvas. Safari and iOS decode HEIC natively. Chrome and Firefox desktop may silently fail if the browser lacks native HEIC support, but the file still never leaves the device.

You can test this yourself with the HEIC to PDF converter.

Privacy by Architecture, Not by Policy

Because the heavy lifting happens client-side, the privacy guarantees are architectural, not contractual:

  • No server-side processing: your documents never touch our infrastructure during conversion.
  • No AI training on documents: because files are processed locally, they are never harvested for model training.
  • No metadata harvesting: EXIF, GPS, and timestamps remain on your device.
  • No server-side conversion logs: what happens in the browser stays in the browser.

The conversion tools require no account and no sign-in. The transaction is strictly between your browser and your hard drive.

The SEO Trap: Firebase Wildcard Rewrites

Building a static site on Firebase taught me a hard lesson about canonicalization. Early on, I used a Firebase wildcard rewrite:

{ "source": "**", "function": "..." }

This caused Google Search Console to flag pages as “Alternative page with proper canonical tag.” Google had cached the wildcard behavior and became confused about the true canonical URL, even after I deployed explicit HTML files for every route.

The fix required patience, submitting a clean sitemap, and requesting re-indexing page by page. The wildcard rewrite was implicitly telling Google that all URLs were identical. Lesson: if you are building a multi-page static site for SEO on Firebase, skip wildcard rewrites entirely and serve individual HTML files with static canonical tags.

ZeroCloudPDF vs. The Competition

See how a browser-native, pure JavaScript approach compares to traditional server-based PDF tools.

Feature ZeroCloudPDF iLovePDF Smallpdf PDF24
Processing Location 100% Browser (Pure JS) Remote Servers Remote Servers Remote Servers / Desktop App
Technology Stack Pure JS (No WASM) Server-side Server-side Server-side / Desktop
File Upload Required No (Local processing) Yes Yes Yes (for online tools)
HEIC Support Native Browser APIs Server Conversion Server Conversion Server Conversion
Account Required No Optional / Required for some Optional / Required for some No (online)

What You Can Do With It Today

If you want to experience true privacy-first document management, you can start using these tools right now. No installations, no server uploads, and no compromises:

  • Compress PDF — shrink bank statements, pension documents, or visa paperwork before uploading to government portals.
  • Merge PDF — combine semester marksheets or client invoices into one file.
  • Word to PDF — convert .docx files without installing Microsoft Office or uploading to a cloud converter.
  • PDF to JPG and PDF to PNG — extract pages as images for presentations or print previews.
  • Compress PDF on iPhone — a dedicated flow for mobile Safari users who need to reduce file size before emailing.

For a deeper technical read on how browser-native conversion works under the hood, see the guide on how browser PDF conversion works. If you want to audit any other PDF tool for privacy leaks, the hidden privacy risks guide walks through a simple checklist you can apply to any competitor.

Comments

Popular posts from this blog

ZeroCloudPDF vs Smallpdf, iLovePDF, PDF24 & Adobe: Der datenschutzfreundliche PDF-Vergleich für Deutschland

How to Use ZeroCloudPDF in Airplane Mode: The Offline PDF Test Big Players Can't Pass