PdfWatch.
Verified by Design

Security & Zero-Knowledge Verification

How to independently verify that PdfWatch never sees your documents.

1. How It Works

Explain the zero-knowledge model:

  • You encrypt your PDF in your browser before it leaves your device

  • The encryption key exists only in the URL hash fragment (#key)

  • The hash fragment is never sent to our servers (browser behavior)

  • We store only the encrypted blob — unreadable without the key

  • Even our database administrators cannot read your files

2. How to Verify This Yourself

01

Open browser DevTools (F12) → Network tab

02

Upload a PDF on PdfWatch

03

Watch the network requests — you will see the file uploaded as an encrypted .enc blob, not a readable PDF

04

Open the share link. Inspect the URL — the decryption key is after the # symbol. This fragment never appears in Network tab requests to our server.

05

Go to the Network tab while viewing a document. You will see the encrypted blob downloaded and decrypted entirely in your browser — no plaintext ever sent to PdfWatch servers.

3. Inspect Our Encryption

  • We use AES-256-GCM encryption via the Web Crypto API

  • Key derivation uses PBKDF2 with 600,000 iterations

  • All encryption/decryption happens in your browser

  • Link to MDN Web Crypto API: https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API

  • Link to our open approach: The encryption key is in the URL fragment — if you lose the link, the file is permanently inaccessible to everyone including us.

4. What We Do Store

  • Encrypted file blob (unreadable without key)

  • Encrypted filename (unreadable without vault key)

  • View analytics: country, device type, browser, timestamps

  • Hashed IP addresses (one-way hash, cannot be reversed)

  • No original filename, no plaintext content, no decryption keys

Report a Security Issue

We take security seriously and aim to respond within 48 hours.

[email protected]