Privacy language is often vague. “Secure,” “private,” and “zero knowledge” can sound impressive without describing what actually happens to a file. The useful claim is narrower and testable: for QuickMerge’s core local tools, the selected document is read and transformed by code running in your browser, not sent to a QuickMerge conversion server.
This article explains the architecture, what can still travel over the network, where temporary bytes live, and what local processing does not protect against. Transparency is more valuable than an absolute label.
- The app code loads over the network; the selected file does not need to.
- File bytes generally live in tab memory until refresh or close.
- A local architecture reduces one class of risk, not every device risk.
- Developer tools can help technically minded users inspect requests.
What happens after you choose a file
The browser’s File API gives the page permission to read the file you explicitly selected. JavaScript libraries parse those bytes into memory, perform operations such as copying PDF pages or drawing a page onto a canvas, then create a Blob for download. The result is handed back through a temporary browser URL.
That flow does not require the source document to be posted to an application server. Closing or refreshing the tab releases the page’s in-memory state, although the browser and operating system decide exactly when reclaimed memory is overwritten.
What still uses the network
The website’s HTML, CSS, JavaScript, fonts, and third-party libraries must be delivered to the browser, usually through a content delivery network. Analytics or error-reporting services—if present—may also send ordinary page and device information. A privacy-conscious implementation should avoid including file contents, filenames, extracted text, or document-derived data in those requests.
“The file stays local” therefore does not mean the website works with no network at all. It means the selected document is not part of the conversion request. These are different claims, and users deserve the distinction.
How to inspect the claim
Open the browser’s developer tools, choose the Network panel, clear the list, then select a non-sensitive test PDF and run a tool. Look for large POST or PUT requests whose timing and size match the document. A local tool may still fetch a worker script or font when first used, but the file itself should not appear as an outbound payload.
This is an inspection aid, not a complete security audit. Encrypted requests hide their content from simple viewing, service workers can complicate the timeline, and a compromised browser is outside the page’s control. For high-risk workflows, use independent review and managed devices.
Why local processing has limits
Servers can provide abundant memory, specialized native libraries, and long-running jobs. A browser is limited by the user’s phone or computer. Very large PDFs can exhaust memory; advanced office-format reconstruction may need components that are not practical in JavaScript; and older devices can be slow.
QuickMerge should state those limitations at the point of use. The tool pages show file limits and describe when an operation rasterizes text, extracts only content, or cannot preserve a complex layout. Privacy should not be used to hide functional constraints.
Local is one layer of a secure workflow
A local tool cannot stop screen capture, malware, an unsafe browser extension, a shared download folder, or a recipient from forwarding the result. It also cannot guarantee that the source file itself is safe to parse. Keep browsers updated, use trusted files, and follow organizational controls for confidential records.
For sharing, inspect properties with PDF Metadata, remove content you do not need, redact rather than merely cover, and use password protection where it fits the threat model. Store the original and delivery copy separately.
A better standard for privacy claims
A credible tool should say what runs locally, what external assets are loaded, what telemetry is collected, what size limits apply, and what the output changes. It should avoid claiming that no risk exists. Users can then make a real decision based on the sensitivity of the document and the trustworthiness of the device.
Final checklist
- The tool states whether the file is uploaded.
- Limits and transformations are explained.
- Sensitive filenames or text are not placed in URLs.
- The device and browser are appropriate for the document.
- The final download is handled with the same care as the source.
