Storage and Privacy Model

Local-only processing

• PDFs load directly into memory via the browser File API.
• No bytes are transmitted over the network. Network activity remains at zero after the initial page load.
• In future versions, optional IndexedDB persistence will encrypt blobs with Web Crypto before storing them locally.

Temporary memory footprint

• pdf.js parses each page on demand. Only the active page is rasterized in canvas to keep memory usage manageable for large documents.
• Closing the tab releases the ArrayBuffer and clears annotations.

Security headers

• Cloudflare Pages deploys the site. Use an _headers file to set:
  • Content-Security-Policy restricting scripts to self plus the pdf.js worker blob.
  • X-Content-Type-Options: nosniff, Referrer-Policy: same-origin, and Permissions-Policy to disable unnecessary APIs.¹

Future enhancements

• Configurable automatic timeouts to clear annotations after inactivity.
• Optional passcode lock for cached editor data.
• Integration with the Web Share API for direct device-to-device sharing without server involvement.