Trust
Security and Processing Model
Last updated: June 10, 2026
Leafwork is designed around data minimisation, browser-local processing, and reasonable security practices. This page documents what stays local, which providers are involved, and what boundaries users should know.
Processing matrix
| Workflow | Location | Notes |
|---|---|---|
| Merge, split, rotate, watermark, sign, redact, metadata cleanup | Browser-local | PDF bytes are not uploaded for these core tools. |
| PDF to images and images to PDF | Browser-local | Input files and generated exports stay in the local session until you download them. |
| Sandbox workspace | Browser-local session | Files, previews, marked pages, and operations are discarded when the session is cleared. |
| Feedback | Supabase | Message, category, optional contact details, page path, user agent, and account id if signed in may be stored for product support. |
| Authentication | Supabase Auth | Login and session records are handled by Supabase for account-gated workflows. |
| Analytics and performance | Vercel | Page and performance signals load only after analytics are allowed from Privacy Choices. PDF content is not collected here. |
| AI tools | Coming soon | When enabled, extracted text may be sent to an AI provider after the user starts that workflow. |
What Leafwork does
- Runs core PDF operations in the browser.
- Keeps sandbox files session-only in v1.
- Uses HTTPS hosting and keeps service credentials server-side.
- Limits collected support data to the specified product purpose.
- Keeps service-role database access out of public browser code.
What you control
- Your original files remain on your device for core workflows.
- You decide what to download, where to store it, and what to share.
- You can clear the sandbox workspace when finished.
- You should review redactions, signatures, and converted outputs before sending them onward.
Personal data breach approach
If a breach affects personal data processed by Leafwork services, our response should focus on containment, investigation, mitigation, user communication where appropriate, and regulatory steps required by applicable Indian data protection law. Core PDF files processed only in your browser are not stored by Leafwork servers.
Important limitations
Browser-local processing reduces upload exposure, but it does not protect against a compromised device, malicious browser extension, unsafe downloads, screen sharing, local malware, or documents you choose to send elsewhere after export.
Report a vulnerability
Please report suspected security issues through the feedback widget or GitHub. Include reproduction steps, affected pages, browser details, and the smallest safe sample needed to demonstrate the problem. Do not submit private documents through feedback.
Open grievance formSee also: Privacy Policy and Terms of Service.