Skip to content
All work

Case study · 2026

Pdfed

Privacy-focused PDF editor — edit, annotate, and share without ever uploading your file.

Pdfed hero

Pdfed is a privacy-focused PDF editor. Everything happens in your browser — your file never leaves your machine. Edit, annotate, sign, merge, and share without compromising your data.

The problem

Most online PDF editors upload your file to their servers, then "promise" to delete it. That's a fundamentally broken trust model for sensitive documents. People shouldn't have to choose between convenience and privacy.

Approach

  • 100% client-side using PDF.js + a custom canvas-based annotation layer.
  • File never touches the network — no uploads, no telemetry, no logs.
  • Web Worker offloads heavy operations (rasterization, encryption) to keep the main thread fluid.
  • Streaming export so large multi-hundred-page PDFs don't OOM the tab.

Highlights

  • Secure redaction that actually removes content. Most "redaction" tools just paint a black rectangle over text — copy-paste the PDF and the original characters are still there. Pdfed strips the underlying text and image objects from the file structure, then re-flattens, so a redacted document holds up under inspection. There's a pattern-detection helper for emails, phone numbers, and SSNs that flags candidates before you commit.
  • Bank-grade encryption on save. Optional AES-256 with a password before download. Because everything happens in the browser, the password never crosses the network either.
  • Page organization without a server round-trip. Drag pages between documents, rotate, split, merge — all in-tab, on multi-hundred-page files, without the spinner-and-modal experience that plagues every web PDF tool.
  • Ships as a Chrome Web Store extension — installs in a click, lives in the address bar, no separate site to navigate. Firefox is on deck.

What I'd do differently

  • Extract a headless core. The editor logic and the extension UI are intertwined; pulling out a pdfed-core package would let me also ship a CLI and a desktop wrapper without rewriting the engine. Doubles as a way to support Firefox + Safari faster than rebuilding the extension shell for each browser.
  • Be louder about what "private" means. Marketing-wise, "no uploads" is doing a lot of work that users don't always parse on a first visit. A short, plain-language threat-model page (what the site can see, what it can't, what survives a tab refresh) would build trust faster.