PDF Sanitizer privacy policy
Summary. PDF Sanitizer processes the PDFs you open entirely on your device. It makes no network connections by default, has no servers, and Whiteforge Technologies never receives your documents, sanitization choices, telemetry, or any other data from the app. An optional auto-update check (off by default) makes a single HTTPS request to GitHub if you enable it — see Network activity for the full detail.
1. Introduction
This policy explains how PDF Sanitizer handles your data. PDF Sanitizer is a macOS application published by Whiteforge Technologies Ltd (“Whiteforge”, “we”), a company registered in England and Wales (company number 17224707). It inspects, sanitizes, and verifies PDF files to remove hidden data before sharing.
This policy is for the PDF Sanitizer app. The whiteforgetech.co.uk website has its own privacy policy.
2. Data the app processes locally
PDF Sanitizer processes the documents you open with it. While a document is open, the app holds in memory:
- The contents of the PDF file you opened, including all text, images, fonts, metadata, scripts, attachments, form fields, and other PDF structures the file contains.
- The inspection report — a structured summary of which hidden structures were detected in the file.
- Your sanitization profile choice (Metadata Only, Standard Clean, Strict Privacy, or Inspector Only) and any per-run options.
- The output path you select for the sanitized copy.
All of the above stays on your device. None of it is transmitted off the device.
3. Data Whiteforge receives
None. PDF Sanitizer does not send your documents, inspection reports, sanitization choices, or telemetry to Whiteforge. There are no Whiteforge servers in the data path. The app does not contain analytics SDKs, advertising SDKs, or third-party tracking libraries. The optional auto-update check (described below) goes directly to GitHub — Whiteforge does not see those requests.
4. Network activity
By default, PDF Sanitizer makes no outbound network connections. The auto-updater is off out of the box. The app shows a first-run modal explaining this; if you do not opt in, the app never touches the network.
In Settings → Updates (or via the first-run modal), you can enable two things:
- “Check for updates automatically on launch” — off by default. If you turn it on, PDF Sanitizer makes a single HTTPS request per app launch to
https://github.com/whiten1968/PDFSanitizer-downloads/releases/latest/download/latest.json. This is a static text file describing the current latest release. If a newer version is available, the app offers to download and install it; the download itself is also an HTTPS request to GitHub. - “Check for updates now” — a manual button. Makes the same request, once, only when you click it.
The requests contain no PDF content, no document filenames, no inspection results, no usage statistics, no user identifier, and no telemetry of any kind. They are ordinary HTTPS GETs identical to any user requesting that URL in a browser. The only data GitHub receives is your IP address (visible to any server you connect to) and the fact that something is requesting the PDF Sanitizer update manifest.
You can revoke consent at any time by turning “Check for updates automatically” off. Settings preferences are stored locally on your device only.
5. Where data is stored
- The PDF file you open — remains where you opened it from. PDF Sanitizer does not copy your input files into its own storage, and never overwrites the original.
- The inspection report and your profile choice — held in memory while the document is open. When you close the document or quit the app, this state is discarded.
- The sanitized output PDF — only created when you choose to save and pick a destination. PDF Sanitizer writes to the location you specify (typically alongside the original with a
-sanitizedsuffix) and nowhere else. - JSON or Markdown verification reports — only created when you explicitly export them, and only at the path you choose.
6. Temporary files
To analyse and sanitize a PDF, PDF Sanitizer’s engine may write short-lived temporary files (the input document and a JSON description of the sanitization options) to your user account’s temporary directory (typically /var/folders/.../T/). These files are created at sanitization time, read once by the engine, and deleted before the call returns. They are not written to iCloud Drive, are not synced anywhere, and are not retained.
7. Crash reports and diagnostics
PDF Sanitizer does not collect or transmit crash reports, performance metrics, or diagnostic data. macOS itself may collect crash logs at the operating-system level and offer to share them with developers; that behaviour is controlled by your macOS privacy settings (System Settings → Privacy & Security → Analytics & Improvements), not by PDF Sanitizer.
8. Deletion
- Closing a document — drops the in-memory state for that document, including any inspection report you had not exported.
- Quitting the app — drops all in-memory state.
- Uninstalling PDF Sanitizer — remove the PDF Sanitizer.app bundle from Applications. The app does not install components elsewhere on the system. Move the app to the Trash and empty it, and everything PDF Sanitizer touched is gone.
The documents you opened, and the sanitized outputs and reports you saved, are unaffected by uninstalling the app — they live where you put them.
9. Children
PDF Sanitizer is not directed at children under 13. We do not knowingly collect personal information from children.
10. Your rights
If you are in the UK or the EU, you have rights under the UK GDPR and the EU GDPR — including the rights of access, rectification, erasure, restriction, objection, and the right to lodge a complaint. Because PDF Sanitizer does not transmit your data to us, these rights are effectively under your direct control through the app and the file system on your device. If you have a question about your data in PDF Sanitizer, email us at the address below.
You can complain to the UK Information Commissioner’s Office at ico.org.uk.
11. Changes to this policy
If we change this policy, we will update the “Last updated” date at the top. Material changes will be summarised at the top of the policy for a reasonable period.
12. Contact
For privacy questions about PDF Sanitizer:
Whiteforge Technologies Ltd
support@whiteforgetech.co.uk