Security & Privacy Architecture

Your Documents Are Never
Anyone Else's Business

We built DocInspector around one principle: your files should never leave your control. Below is the exact technical algorithm — no marketing fluff — of exactly what happens to your document from the moment you upload it to the moment it vanishes forever.

Zero cloud storage
🗑️ Auto-deleted <5 min
🔒 TLS 1.3 in transit
🤖 No AI — No training data
🇪🇺 GDPR Article 5 compliant
🇩🇪 EU-hosted — Germany
🔍 100% open-source engines
📐 Technical Algorithm
Exactly What Happens to Your File

This is not a marketing promise. This is the actual step-by-step lifecycle of your document when processed by DocInspector Online — visible and auditable.

📤
Upload
You select file in browser. Never auto-sent.
🔒
HTTPS
TLS 1.3 encrypted transit. No plain text.
📦
Sandbox
Unique UUID temp folder. Isolated per job.
⚙️
Process
CLI tools run. No internet calls. No logs.
📥
Download
ZIP sent directly to your browser.
🗑️
Deleted
Entire job folder removed. No recovery.
⏱ T+5 min MAX

⏱ Auto-Delete Timeline

T = 0:00
File arrives on server
Saved to a unique UUID-named temp folder: /tmp_processing/a3f7e92c.../input/
T = 0:02 — 0:30
Processing complete
CLI tools finish. Output ZIP is ready and streamed directly to your browser download.
T = 0:30 — 5:00
Cleanup timer running
A background thread waits 300 seconds from job start. Your session may already be closed.
T = 5:00 MAXIMUM
shutil.rmtree() — permanent deletion
The entire job folder (input + output + temp files) is recursively deleted. There is no recycle bin, no backup copy, no database record.

🖥 Actual Server Code

# This is the actual cleanup code in server.py def _delayed_cleanup(path, delay_secs): # Wait 300 seconds max time.sleep(delay_secs) _cleanup(path) def _cleanup(path): try: if path.exists(): # Recursive delete — no recovery shutil.rmtree( str(path), ignore_errors=True ) except Exception: pass # Called immediately after download starts: threading.Thread( target=_delayed_cleanup, args=(job_dir, 300), # 5 min daemon=True ).start()

⚡ In practice, files are deleted within seconds of your download completing — the 5-minute window is only a safety fallback for slow connections.

🖥️ + 🌐 Two Ways to Process
Desktop App vs Online VPS — Both Secure

DocInspector offers two independent processing environments. You choose based on your security posture. Either way, your data stays under control.

🖥️
Desktop Application
100% Local · Windows Only · Air-Gap Ready
  • Files never leave your PC — zero network calls
  • Works fully offline — no internet required
  • Batch processing of thousands of files locally
  • Perfect for air-gapped networks & classified environments
  • No VPS, no server, no upload — pure local execution
Download App →
🌐
Online Browser Tools
VPS-Powered · No Install · Isolated Sandbox
  • File uploaded via TLS 1.3 to our dedicated VPS
  • Processed in an isolated UUID folder — never mixed
  • No third-party cloud — our own server, our own rules
  • Auto-deleted within 5 minutes — no backup, no trace
  • Zero database records, zero file-name logs
Try Online Free →
🔐
About Our VPS Infrastructure
Our online tools run on a dedicated private VPS located in Germany 🇩🇪, European Union — not a shared cloud provider. The server runs exclusively DocInspector's processing stack. Files are written to /tmp_processing/<uuid>/ and destroyed by shutil.rmtree() after a maximum of 5 minutes. No AWS, no Google Cloud, no Azure. We control the hardware. We wrote the deletion code. You can verify this on the timeline above.
🏆 Comparison
DocInspector vs The Alternatives

Every competitor listed below has publicly documented data practices. Here is what the research shows.

Security Feature 🛡 DocInspector Smallpdf ILovePDF Adobe PDF Google Docs
📦 Data Storage
Zero cloud storage of content
Auto-delete after processing <5 min ⚠ 1 hour ⚠ 2 hours ⚠ varies ✗ stored
Files stored on third-party CDN Never ⚠ AWS S3 ⚠ AWS S3 ⚠ Adobe Cloud ✗ Google Cloud
🤖 AI & Data Use
Document content used for AI training Never ⚠ opt-out ⚠ unclear ⚠ Adobe AI TOS ✗ yes
AI processing of your content Zero AI ✗ uses AI ✗ uses AI ✗ Adobe AI ✗ Gemini
🔒 Security
Encrypted in transit (TLS) TLS 1.3
Processing engine open-source & auditable 100% ✗ proprietary ✗ proprietary ✗ proprietary ✗ proprietary
Server-side activity logs of file content Zero logs ⚠ metadata ⚠ metadata ⚠ logs ✗ full logs
🇪🇺 Compliance
GDPR — Data Minimization (Art. 5.1.c) ✓ by design ⚠ partial ⚠ partial ⚠ complex ⚠ complex
No account required to process files ⚠ free limit ⚠ free limit ✗ account ✗ Google acc.
Works 100% offline (desktop app) ⚠ partial

Sources: Smallpdf Privacy Policy (2024), ILovePDF Terms of Service (2024), Adobe Generative AI ToS (2023), Google Workspace ToS. Data as of 2025.

🇪🇺 GDPR Compliance
How We Comply — Article by Article

GDPR is not a checkbox. These are the specific articles that apply to document processing and exactly how DocInspector addresses each one.

GDPR Art. 5.1(a)
Lawfulness, Fairness & Transparency
Data must be processed lawfully. We only process the data you explicitly upload for the explicit purpose you selected.
✓ No hidden processing. Every operation is user-initiated and visible.
GDPR Art. 5.1(b)
Purpose Limitation
Data cannot be used for anything other than the purpose it was collected for. Your PDF uploaded to sanitize metadata is used only for that.
✓ Files are never read for analytics, indexing, training, or any secondary purpose.
GDPR Art. 5.1(c)
Data Minimization
Only the minimum data necessary should be collected. We collect nothing except the file bytes needed for processing.
✓ No name, no email, no IP logged, no account. Zero identification data collected.
GDPR Art. 5.1(e)
Storage Limitation
Data must not be kept longer than necessary. Processing has a defined maximum duration after which all data is purged.
✓ Maximum 5-minute retention. Files are usually deleted within seconds of download.
GDPR Art. 25
Privacy by Design
Privacy must be built into the system architecture from the start, not bolted on afterward.
✓ Zero-retention is the default architecture — not an option or a plan tier.
GDPR Art. 32
Security of Processing
Appropriate technical measures must be implemented. TLS for transit, isolated sandboxes, no persistent storage.
✓ TLS 1.3 transit + per-job UUID isolation + shutil.rmtree() deletion.
🚫 Zero List
What We Absolutely Do Not Do

These are hard technical constraints — not policy promises that could change with a ToS update.

No AI processing
Zero large language models, zero machine learning inference. ExifTool, qpdf, and Ghostscript are deterministic CLI tools.
No content logging
Our server logs only HTTP method + status code. File names, sizes, and content are never written to any log file.
No database records
We have no database of your uploads. There is no table of "jobs processed." Each job exists only as a temp folder.
No third-party storage
Files never touch AWS S3, Azure Blob, Google Cloud Storage, or any CDN. Processing is self-hosted.
No account or tracking
The daily limit counter uses localStorage in your browser. We never know your IP is linked to any job.
No training data collection
Your documents are never used to train, fine-tune, or evaluate any machine learning model — ever.
No external API calls during processing
The server makes zero outbound HTTP calls while processing your file. Completely network-isolated job execution.
No file content in analytics
Google Analytics and Microsoft Clarity track only page views. They receive zero information about what files you processed.
⚙️ Technical Stack
100% Open Source Processing Engines

Every tool that touches your document is open source, battle-tested, and auditable by anyone. No black boxes.

ExifTool v13.43
Reads and removes all metadata embedded in PDF, DOCX, XLSX files. Used by digital forensics professionals and intelligence agencies worldwide.
✓ Open Source — Phil Harvey — 20+ years
qpdf v11.9
PDF structural transformation: encryption, linearization, repair. Processes the PDF binary format directly at the object level.
✓ Open Source — Apache 2.0 License
Ghostscript v10.03
Rasterizes PDF pages to image-only output (text layer removal), applies watermarks via PostScript, converts formats.
✓ Open Source — AGPL / Commercial
MuPDF v1.24
High-performance PDF rendering and manipulation. Used when Ghostscript's rasterization is not required.
✓ Open Source — AGPL License
Python Flask 3.x
Lightweight web server that routes your uploaded files to the correct CLI tool and streams the result back. No ORM, no database.
✓ Open Source — BSD License
openpyxl latest
Generates the Excel Bundle Summary report server-side. Pure Python, no COM automation needed for the online version.
✓ Open Source — MIT License
Tesseract OCR v5.x
Converts scanned or image-based PDF pages into real, selectable, and searchable text. Tessdata language models run entirely server-side — no external API calls.
✓ Open Source — Apache 2.0 License — Google
ImageMagick v7.x
Handles image conversion, DPI rendering, and format normalization. Used in the flatten and repair pipelines to process PDF page rasters.
✓ Open Source — ImageMagick License
xpdf / pdfinfo v4.x
Extracts structural PDF metadata — page count, version, encryption flags, font list, and producer fields. Used in bundle reports and evidence generation.
✓ Open Source — GPL License — Glyph & Cog
Our Security Promise
We cannot read your documents. We don't want to. Every architectural decision — from the choice of CLI tools to the 5-minute auto-delete to the lack of any database — was made so that even we cannot access your content after it has been deleted.
✓ File deleted before you close the tab
✓ No account = no data trail
✓ Open source stack = fully auditable
✓ GDPR compliant by architecture
✓ Zero AI involvement