A privacy audit for local PDF tools should test behavior, not just copy. The important question is whether the selected document or extracted content leaves the device during a local workflow.

For ClearPDF Phase 1 local tools, the expected evidence is a clean Network tab: app shell assets, analytics without file content, and no request body containing the PDF, file name, page text, or extracted document data.

This audit does not cover future cloud, AI, OCR, API, account storage, or support workflows. Those modes require their own retention, deletion, and provider disclosures.

Key details

What counts as proof

A reproducible network trace, code review of upload paths, analytics-field review, and retention copy that matches actual behavior.

What does not count

A generic privacy promise without tool-specific mode labels, payload inspection, or deletion behavior for non-local workflows.

Audit cadence

Re-run checks when adding new tools, analytics fields, AI extraction, cloud fallbacks, or worker-side processing.

Practical checklist

Load the tool page in a fresh browser session.
Open the Network tab and preserve logs.
Run the workflow with a test PDF that contains a unique marker string.
Search request payloads for the PDF name, marker string, and extracted text.
Record whether only app assets, telemetry events, and download generation are visible.