Security First Platform

Your documents, completely secure

We process millions of documents daily with bank-grade encryption and an automated, zero-retention data deletion policy.

Platform Protection Standards

Under the hood of heyPDF's document security operations.

SSL / TLS Encryption

All files uploaded to heyPDF are encrypted in transit using secure Transport Layer Security (TLS 1.3) protocols. Your connection is fully encrypted from your browser to our API endpoints.

1-Hour Deletion Policy

We do not store your documents permanently. Every single file uploaded, processed, and generated is automatically and permanently purged from our servers and Cloudflare storage vaults exactly 1 hour after processing.

Isolated Processing Sandboxes

Files are processed inside temporary, isolated memory containers. No persistent server storage is utilized for conversion operations, preventing file cross-contamination or unauthorized access.

No Third-Party Access

Your data is strictly yours. We do not sell, rent, share, or analyze any user-submitted files. Document parsing operations are 100% automated via programmatic logic with zero human intervention.

Our File Lifecycle

An overview of how files flow through our infrastructure.

1

Upload & Encryption

Files are sent to our API endpoints encrypted via TLS. They are buffered in memory and immediately moved to an isolated Cloudflare R2 storage container.

2

Isolated Processing

A serverless container reads the file, completes the requested action (merge, split, convert, lock), saves the output file, and marks the original file for deletion.

3

Immediate Output & Expiry

The user receives a direct download link. A TTL cron task runs periodically, permanently purging files that exceed 1 hour since creation.

Compliance & Privacy Commitments

heyPDF operates in full compliance with the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) guidelines. We believe that privacy is a fundamental human right.