Your documents, completely secure
We process millions of documents daily with bank-grade encryption and an automated, zero-retention data deletion policy.
Platform Protection Standards
Under the hood of heyPDF's document security operations.
SSL / TLS Encryption
All files uploaded to heyPDF are encrypted in transit using secure Transport Layer Security (TLS 1.3) protocols. Your connection is fully encrypted from your browser to our API endpoints.
1-Hour Deletion Policy
We do not store your documents permanently. Every single file uploaded, processed, and generated is automatically and permanently purged from our servers and Cloudflare storage vaults exactly 1 hour after processing.
Isolated Processing Sandboxes
Files are processed inside temporary, isolated memory containers. No persistent server storage is utilized for conversion operations, preventing file cross-contamination or unauthorized access.
No Third-Party Access
Your data is strictly yours. We do not sell, rent, share, or analyze any user-submitted files. Document parsing operations are 100% automated via programmatic logic with zero human intervention.
Our File Lifecycle
An overview of how files flow through our infrastructure.
Upload & Encryption
Files are sent to our API endpoints encrypted via TLS. They are buffered in memory and immediately moved to an isolated Cloudflare R2 storage container.
Isolated Processing
A serverless container reads the file, completes the requested action (merge, split, convert, lock), saves the output file, and marks the original file for deletion.
Immediate Output & Expiry
The user receives a direct download link. A TTL cron task runs periodically, permanently purging files that exceed 1 hour since creation.
Compliance & Privacy Commitments
heyPDF operates in full compliance with the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) guidelines. We believe that privacy is a fundamental human right.