Privacy Policy — esignmypdf

The short version. The PDF you sign at esignmypdf is never uploaded to our servers. All editing happens in your browser, using JavaScript that runs on your own machine. We do not see, store, or process your file. The longer version below explains everything in detail.

1. Who we are

esignmypdf.com ("esignmypdf", "we", "us") is a free, browser-based PDF signing tool, operated as a small independent project by the team behind EuKosmos. You can reach us at our contact page.

2. What does not happen to your PDF

When you open a PDF in the tool at esignmypdf.com/sign:

The file is not uploaded to any server, including ours.
The file is read directly by your browser using JavaScript (Mozilla's PDF.js library).
Annotations are baked into a new copy using the PDFLib JavaScript library, also running entirely in your browser.
The "Download" button saves that new copy from your browser's memory to your device — there is no server round-trip.

As a structural consequence, we have no way to access, view, log, scan, share, or recover the contents, filename, page count, or any other property of any PDF you sign with esignmypdf.

3. What is stored in your browser (locally)

The tool uses your browser's localStorage to remember small pieces of information so you don't have to re-enter them on every visit:

Author name — the name you provided once for comment authorship.
Annotations in progress — your signatures, comments, highlights, and text boxes for the current PDF, so a refresh doesn't lose your work.
Last-used signature — if you drew or uploaded one, it's kept so you don't have to redo it next time.

This data lives only on your device, in your browser, under the esignmypdf.com origin. You can clear it at any time using the "Clear Saved" button inside the tool, or via your browser's site-data controls.

4. What we do collect

We use simple, privacy-respecting tools to understand how the site is being used and to keep the site running:

4.1 Server access logs

Our hosting provider (Cloudflare) records standard web-server access logs when you load a page: the date and time of the request, the URL requested, your IP address, your user-agent string (browser and OS), and the referring URL. These logs are used to detect abuse, monitor uptime, and understand aggregate traffic patterns. We do not link these logs to any personal identity, and they are not used for advertising.

4.2 Cookies and similar technologies

esignmypdf itself does not set tracking cookies. Cookies that may be present in your browser come from third-party services we use, described below.

5. Third-party services

5.1 Google AdSense (on guide pages)

To keep the tool free, the site displays advertisements supplied by Google AdSense on guide articles and on certain marketing pages. No ads are shown on the signing tool page itself.

Google, as a third-party vendor, uses cookies to serve ads based on prior visits to this and other websites. Google's use of advertising cookies enables it and its partners to serve ads to users based on visits to this and other sites on the internet. Users may opt out of personalised advertising by visiting Google's Ads Settings.

You can also opt out of a third-party vendor's use of cookies for personalised advertising at aboutads.info.

For users in the European Economic Area, the United Kingdom, and Switzerland, we use Google's consent management system to request your consent for personalised advertising before any non-essential cookies are set. You can change your choice at any time using the privacy controls on this site.

5.2 Google Fonts

Fonts are loaded from fonts.googleapis.com when you visit the site. Google may log the request as part of standard web traffic. We do not share any other information with Google through this loading.

5.3 CDN-hosted libraries

The signing tool loads two JavaScript libraries from Cloudflare's public CDN the first time you open it: PDF.js (Mozilla) and PDFLib, both fetched from cdnjs.cloudflare.com. These requests are subject to Cloudflare's privacy practices. After the first load, your browser caches the libraries and they are not re-fetched on subsequent visits.

6. What we do not collect

We do not ask for an account, email address, or phone number.
We do not run session recorders, heatmaps, or any kind of in-page user behaviour tracking on the signing tool.
We do not sell or rent any data to anyone.
We do not have a marketing list, because we have no addresses to email.

7. Children

The tool is not directed at children under 13, and we do not knowingly collect personal information from children. If you believe a child has provided us with information through the contact form, please contact us and we will delete it.

8. Your rights

Because we operate no user database, we do not have a stored profile of you to provide, correct, or delete on request. The data that does relate to you — primarily, your browser's localStorage entries on this site — is under your direct control and can be cleared by you at any time.

For users in the EEA, UK, Switzerland, California, or other jurisdictions with statutory data-protection rights, you may contact us at any time with questions about how we handle data. We will respond within a reasonable period.

9. Security

The site is served over HTTPS. The signing tool is a static page running JavaScript on your device — there is no server-side processing of your PDF that could be intercepted. We rely on your browser and operating system's own security model for the local handling of your file.

10. Changes to this policy

If we change this policy, we will update the "Last updated" date at the top of this page and, for material changes, post a notice on the homepage. Continuing to use the site after a change indicates your acceptance of the revised policy.

11. Contact

Questions, requests, or complaints about privacy can be sent through our contact page.