Security
Your files stay on your machine. Always.
How does it actually work?
Most online file tools upload your files to a server, process them there, and send the result back. FilKlar does it completely differently.
When you open a FilKlar tool, all necessary code is downloaded to your browser — pure JavaScript and WebAssembly. When you select a file, it is read directly from your disk via the browser’s File API. The file content is processed in memory on your own machine, and the result is created locally. The entire process happens without a single byte being sent over the network.
Think of it this way: FilKlar is more like a program you run on your machine than a web service. The difference is you don’t need to install anything — your browser is all you need.
WebAssembly — powerful file processing in the browser
For heavy operations like PDF manipulation and image conversion, FilKlar uses WebAssembly (Wasm) — a technology that lets the browser run compiled code at near-native speed.
WebAssembly runs in the browser’s sandbox, meaning the code is isolated from the rest of your system. It cannot read files you haven’t selected, it cannot install anything, and it has no network access.
Browser sandbox — built-in protection
Modern browsers are built with multiple layers of security. Each website runs in its own isolated process — a “sandbox”. FilKlar inherits all these protections automatically:
- File system access: The browser can only read files you actively choose in the file picker.
- Memory isolation: Processed data lives in browser memory. When you close the tab, data disappears.
- Network restriction: FilKlar tools send no data over the network during file processing.
- Process isolation: FilKlar runs in a separate process, isolated from other tabs and your operating system.
Encrypted transport with HTTPS
Even though your files never leave your machine, the connection to FilKlar is encrypted with TLS/HTTPS. This means the website and tool code are downloaded over a secure channel.
We use modern TLS configurations and HSTS to ensure your browser always connects via an encrypted connection.
No server storage — zero data noise
We deliberately chose an architecture where our servers never receive your files. There is nothing to hack, nothing to leak, and nothing we need to delete.
Many cloud-based tools promise they “delete files after X hours”. But that still means your files spend time on a server you don’t control. With FilKlar, this risk never arises.
Open source — verify it yourself
FilKlar is open source. All code is available for review on GitHub. You don’t need to trust us blindly — you can read the code or have someone you trust review it.
You can also use your browser’s developer tools (F12) to inspect network traffic in real time. You’ll see that nothing is sent during file processing.
Report security issues
We take security seriously. If you discover a vulnerability, we’d appreciate you contacting us discreetly so we can investigate and fix it.