Offline vs Online Tools: A Privacy Perspective

Online tools that process files on remote servers introduce several privacy considerations that users should understand before uploading sensitive documents.

Network transmission — When you upload a file, it travels across the internet to reach the processing server. While HTTPS encryption protects against interception in transit, the file necessarily becomes available to the service provider once it arrives. This creates a copy of your data outside your direct control.

Server-side storage — Most services store uploaded files temporarily for processing. Retention periods vary from minutes to days, and some services retain files indefinitely. Even with stated deletion policies, verifying actual deletion is difficult from outside the organisation.

Access and logging — Servers typically log operations for debugging, security monitoring, and analytics. These logs may include metadata about your files, IP addresses, timestamps, and other identifiable information. Staff access policies vary by organisation.

Third-party sharing — Services may use subprocessors, cloud infrastructure providers, or analytics tools that gain access to your data. Reading privacy policies carefully reveals these relationships, but they can be complex.

Offline tools that process files locally in your browser eliminate several categories of privacy risk by design.

• No network transmission — Files never leave your device, eliminating interception and server-side exposure risks
• No remote storage — Without uploads, there is no question of retention policies or deletion verification
• No server logs — Local processing creates no server-side record of your activity
• No third-party access — Your files are not shared with cloud providers, subprocessors, or analytics services
• Verifiable operation — You can confirm offline behaviour using browser developer tools

This model is sometimes called "privacy by architecture" or privacy by design—privacy guarantees that stem from technical design rather than policy promises. You do not need to trust the service provider's data handling practices because no data handling occurs.

For sensitive documents—legal contracts, financial records, medical information, confidential business materials—this architectural approach can provide stronger privacy assurance than any policy commitment.

Offline processing addresses network and server-side risks but does not eliminate all privacy or security concerns. Understanding these limitations is essential for making informed decisions.

Device compromise — If your computer or browser is compromised by malware, local processing offers no additional protection. The attacker already has access to your files and can observe your activity.

Browser vulnerabilities — Browsers are complex software with occasional security vulnerabilities. While browser sandboxing provides strong isolation, no system is perfectly secure.

Supply chain risks — The JavaScript code that runs locally could theoretically be compromised at the source. Verifying the integrity of client-side code requires technical expertise.

Physical access — Someone with physical access to your device can access your files directly. Offline tools do not add disk encryption or access controls beyond what your operating system provides.

Output handling — After processing, you still need to handle the resulting files appropriately. Emailing a merged PDF or uploading it elsewhere reintroduces network transmission concerns.

The appropriate choice between online and offline tools depends on your specific context and what you are trying to protect against.

Consider offline tools when:

• Working with confidential or sensitive documents
• Operating under regulatory requirements (GDPR, HIPAA, legal privilege)
• You cannot verify the service provider's data handling practices
• Network transmission itself is a concern (corporate policies, air-gapped environments)
• You prefer architectural privacy guarantees over policy-based ones

Consider online tools when:

• Processing non-sensitive documents where privacy is not a primary concern
• Requiring features that cannot be implemented locally (OCR, AI processing, format conversion)
• Working with very large files that exceed browser memory limits
• Needing cloud storage integration or collaboration features
• The service provider has established trust through certification or reputation

Privacy is not binary. Different tools offer different trade-offs, and the right choice depends on your specific circumstances. Online tools offer convenience and capability at the cost of data transmission and server-side exposure. Offline tools offer architectural privacy guarantees but cannot protect against device-level threats.

Understanding these trade-offs allows you to make informed decisions about which tool to use for which task. For sensitive documents, the privacy advantages of local processing are often worth the potential limitations in features or convenience.

Plain is designed for users who value this architectural approach to privacy—not because online tools are bad, but because some documents deserve the stronger guarantees that local processing provides.