For regulated work: the file's contents never leave your device

If you handle protected health information, privileged legal documents, financial records, or HR files full of personal data, you already know the problem with most online file tools: to use them, you have to upload your document to someone else's server. For the documents that matter most, that's exactly the thing you can't do.

AntiUpload is built the other way around. Every tool — convert, compress, merge, split, sign, edit — runs in your browser, on your own device, using WebAssembly. Your file is read locally and processed locally. Its contents are never transmitted to us, and never to any third party. There is no upload step to opt out of, because there is no upload step for your file at all.

What that means, stated plainly

We never receive your file.There is no account to create and no server-side copy of your document anywhere on our infrastructure. We can't see its contents, can't store them, and have no copy to hand over if someone asks. This isn't a promise we're choosing to keep — it's a property of how the tool is built. There's simply no copy of your document on our side to lose.

Because we never receive the file, there's no copy of it to breach.Cloud tools create a second copy of your document on infrastructure you can't inspect — a copy that can be retained, leaked, breached, or produced under subpoena. A tool that never receives your file creates no such copy. (Your own copy still lives on your device and remains yours to govern, subject to your own retention and legal obligations.)

What this means for your compliance — and what it doesn't

We're careful here, because honesty is the whole point. We are not going to tell you this tool is "HIPAA compliant" or "GDPR compliant." No tool can truthfully say that.Compliance is a property of your organization's overall practices — your policies, your safeguards, your agreements — not something a piece of software confers on you. And there is no official "HIPAA certified" status for a product: HHS does not review, approve, or endorse tools. (GDPR does allow voluntary certification schemes under Article 42, but we have not pursued one.) Any badge claiming a government certification is marketing, not fact.

What we can tell you is exactly how the tool behaves, which is the part that's actually relevant to you:

The contents of your file are never transmitted to us. Because the document is processed in your browser, anything inside it — health information, personal data, privileged content — never reaches our servers. We never receive it.
For this file, we don't act as a business associate.A HIPAA business associate is an entity that creates, receives, maintains, or transmits PHI on a covered entity's behalf. A tool that never receives or stores your file does none of those things for that file, so no business-associate relationship arises and there's no BAA to sign. This describes how the tool works; it isn't legal advice, and your organization remains responsible for confirming, as part of its own risk analysis, that no PHI leaves your device in your specific environment.
It can support your own data-minimization goals.Keeping a document on your device, instead of sending it to an outside service, means there's no third-party transfer for you to inventory. That can advance your organization's minimum-necessary and data-minimization efforts — efforts that remain yours. We just don't add a new place your data can go.
For legal and HR users: no third-party disclosure of the document.Sending a privileged or confidential file to an outside cloud service discloses it to a third party — a real confidentiality concern. Processing it in your browser means no outside party receives the document in the first place. We can't determine a legal outcome like privilege — that depends on your conduct and circumstances, not ours — but we can tell you truthfully that the document's contents are never transmitted to us.

Verify it yourself

You don't have to trust this page. The core claim is checkable in under a minute:

Network tab.Open your browser's developer tools (press F12), switch to the Network tab, and run a file through any tool. You'll see normal requests for the page, fonts, ads, and scripts — but none carrying your document. (Tip: open the Network tab before you load your file and keep it open while the tool runs.) This is a spot-check you can repeat anytime, not a substitute for your own security review.
Offline.Once a tool has loaded, disconnect from the internet and use it. It still works, which means it isn't uploading your file during that session. (A few tools, such as auto subtitles and image OCR, download a model from a public CDN on first use and need a connection that one time — never your file.)

A note on the rest of the site, so we're square

The claim above is scoped exactly: your document's contents are never uploaded to us.To be fully honest about everything else, the broader website loads ordinary things other websites load — banner ads (Google AdSense, which can set advertising cookies), system fonts, Cloudflare analytics and hosting (which logs IP addresses), and a spam check on the feedback form. We also log anonymous usage metadata when you run a tool — which tool, the file's size in KB, its page count, how long it took, and whether it succeeded — stored on our servers to keep the tools working and improve them. None of that ever includes your file, its name, or its contents. Our Privacy pagespells out exactly what the site collects and how to opt out of personalized ads. We'd rather show you the boundary than paint over it.

The honest version of the pitch

We're not selling you a compliance status. We're removing one risk: the risk that comes from handing your sensitive documents to one more server you don't control. Your file's contents never leave your device — verify it yourself — so there's no copy of your client's, patient's, or employee's document sitting on our infrastructure. What you do with that is your compliance decision. Our job is simply to never be the place your document leaks from.

Browse the tools →