← Back to blog
Privacy

Why Signing in Your Browser Is Safer Than You Think

April 2026 · 6 min read

When most people use an online PDF tool, something happens that they don't think too carefully about: their file gets uploaded to a server. That server belongs to a company. The company has a privacy policy. The privacy policy says something reassuring in general terms about how your file is deleted after processing — usually within 24 hours, sometimes within an hour, sometimes immediately.

Maybe that's fine. Maybe the company is trustworthy. Maybe their servers are secure, their employees are honest, and their deletion policies are genuinely enforced. But maybe isn't certainty, and for a lot of documents — a lease, a medical form, a legal agreement — maybe isn't good enough.

SignHere takes a different approach: your document never leaves your device in the first place.

What "client-side processing" actually means

Modern browsers are remarkably powerful. They can run sophisticated software — not just displaying web pages, but executing code that manipulates files, processes images, and generates new documents, all within the browser itself. This is called client-side processing, meaning the computation happens on the client (your computer) rather than on a server somewhere else.

SignHere uses three open-source JavaScript libraries that run entirely in your browser:

📄
PDF.jsDeveloped by Mozilla, used in Firefox. Renders your PDF to a canvas element so you can see and interact with it — no server needed.
✏️
pdf-libReads and writes PDF files in JavaScript. Used to embed your signature image into the document and produce the final signed PDF, all locally.
🖼️
Canvas APIBuilt into every browser. Used to process your signature image — stripping the background and preparing it for embedding — without any external service.

These libraries are loaded from a CDN (a content delivery network) when you first open SignHere — that's the only external network request the tool makes. After that, everything runs locally. Your PDF and your signature image are read into browser memory, processed there, and the result is offered for download. At no point does any byte of your document travel across the internet.

What this means in practice

The implications are more significant than they might first appear.

"When a tool says 'your file is deleted after processing,' there are several things that still could have happened to it: it was logged, it was cached, it was indexed, it was backed up, it was accessed by an employee. None of these things can happen if the file never leaves your machine."

Consider a few scenarios:

You're signing a rental agreement that includes your full name, address, ID number, and monthly income. You'd rather this not transit through a third-party server.

You're a freelancer signing an NDA that covers a client's confidential project details. Your client expects discretion. Uploading the NDA to a PDF processing service to sign it is a bit ironic.

You're helping an elderly parent sign a medical power of attorney. That document contains sensitive personal and medical information. Its contents should stay between the people it concerns.

In all of these cases, SignHere's architecture provides a genuine guarantee: nothing was uploaded, nothing was stored, nothing can be breached.

You can verify this yourself

We don't just ask you to trust our word. You can verify what SignHere does — or doesn't do — using your browser's built-in developer tools.

Open SignHere, press F12 to open DevTools, go to the Network tab, and filter by "Fetch/XHR." Then use the tool normally — upload a document, upload a signature, sign it, download the result. Watch the network tab throughout. You'll see the three library files load at startup, the Google Fonts stylesheet, and nothing else. No uploads. No API calls. No outbound requests carrying your document.

This is what "private by design" actually looks like, as opposed to "private by policy."

The tradeoff worth knowing about

Client-side processing does have one constraint worth mentioning: since everything runs in your browser, large documents may take a moment to process on older hardware. A heavily-formatted 200-page PDF with many images will take longer than a simple two-page agreement. This is the same tradeoff that gives you the privacy guarantee — no server means no server's resources either.

For the vast majority of signing use cases — documents of typical length with a signature on one page — this makes no practical difference. The tool is fast on any modern device.

See for yourself. Open DevTools and watch the network tab while you sign.

Try SignHere →

Related: The print-sign-scan story · Who is SignHere for?