Security by architectural design.
Unlike traditional platforms that secure documents by trying to protect their servers, utool secures your documents by eliminating the servers entirely.
No Server Storage
We never upload, stream, or log your file inputs. Processing happens locally in your browser memory via WebAssembly.
Browser Sandboxing
All compilers operate inside standard browser security sandboxes, protecting you against script injections and document corruption.
Firebase Auth
User logins and credentials use Firebase SDK security and encrypted session tokens for rate limits.
Local Browser Processing Details
When you load a document into our workspace, the file is parsed inside the client browser instance using libraries compiled in WebAssembly and vanilla JavaScript. We utilize pdf-lib and qrcode running in memory, meaning that standard server-side vulnerabilities like remote execution vectors, cache leakages, and server database hacks are completely bypassed.
Your documents never traverse the network. Even under a complete server compromise, your files remain safe since there are no document processing pipelines running on our hosts, nor do we store files in any database.
Safe Link Shortener Redirections
Short links are mapped to their target destinations using a high-performance Upstash Redis caching database. When a visitor hits a short code link, the redirection is processed using edge functions that forward the visitor to the target address in milliseconds, ensuring no intermediate proxy redirects or advertisement injections occur.