Security
How we protect your files and data
Encryption in Transit
All connections to PDFWhirl use TLS 1.3 encryption. Files are transmitted securely between your browser and our servers. We enforce HTTPS on all pages and API endpoints.
Encryption at Rest
Files stored temporarily on our servers are encrypted at rest using Cloudflare R2's server-side encryption. Database records are stored in encrypted PostgreSQL databases.
Automatic Deletion
All uploaded and processed files are permanently deleted from our servers within 2 hours of upload. A scheduled cleanup process runs every 30 minutes to ensure no files persist beyond this window.
No File Access
PDFWhirl staff cannot and do not access the content of your uploaded files. Files are processed by automated systems only. We have no manual review process for uploaded content.
Infrastructure Security
Our infrastructure includes rate limiting to prevent abuse and DDoS protection via Cloudflare. API requests are validated, sanitized, and size-limited. Security headers (HSTS, X-Content-Type-Options, X-Frame-Options) are enforced on all responses.
Responsible Disclosure
If you discover a security vulnerability in PDFWhirl, please email security@pdfwhirl.com. We take all reports seriously and will respond within 48 hours.