Skip to content
Falcon Pdf

Security · The two paths

Two paths. Two different promises.

The browser tools on this domain make zero network requests after the initial page load. The planned Agent API at agentapi.falcon.enterprises follows a different posture, published below in full. Both are documented here so neither can be misrepresented later.

Security · Browser path · pdf.falcon.enterprises

The file stays on your device.

  • In your tab

    The PDF is opened, parsed, and rewritten inside your browser. There is no endpoint that accepts a file. Open your browser network panel during use — only first-party JS and fonts appear.

  • Operation counts only

    We hold an op_completed tally, used to decide which tools to ship next. The tally does not include filenames, file sizes, contents, or per-operation metadata. Only that the operation happened.

  • First-party only

    The site loads its own React code and nothing else. No analytics, no advertising pixels, no session replay, no error-tracking SDK that touches your DOM.

  • Metadata removed on save

    When you save a file produced by Falcon Pdf, authoring metadata, edit history, EXIF, and embedded thumbnails are dropped. The output carries only the visible pages and any annotations you added.

  • HTTPS + HSTS

    The site is served over TLS with HSTS preload. The browser will refuse to load it over plain HTTP after the first successful visit.

Security · Agent API path · agentapi.falcon.enterprises · planned

A different domain, a published retention policy, opt-in by the user.

The Agent API is for AI agents and developer integrations that need to call our tools programmatically. It accepts uploads — by design. The two architectures live on two domains so neither promise gets muddied. Below is the retention policy the API will honour when it ships.

  • 60-second deletion

    Every uploaded file and its processed output are removed from disk and from memory within 60 seconds of the API response being returned. No long-term storage, no archive.

  • Operation logs only

    The log line for each call holds: API key, operation type, byte count, page count, and a hash of the filename. The bytes of your file are not written to a log line.

  • Per-region isolation

    EU-origin traffic is processed in EU-hosted compute. Indian traffic in India-hosted compute. File bytes do not cross regions.

  • Consent owned by the calling agent

    The agent calling our API must surface to the end user that the file will leave their device and be processed on a Falcon server. This is enforced at API key issuance — agents that do not disclose are in breach of terms.

  • Data processing agreement available

    B2B customers signing the bundle get a Data Processing Agreement and the audit log surface. Contact us at the address below.

Security · Report a vulnerability

Tell us before anyone else does.

If you find a bug that leaks file contents off the device, breaks the no-network invariant on the browser path, or breaches the retention policy on the Agent API, write to security@falcon.enterprises. We acknowledge within 72 hours.

Machine-readable contact is at /.well-known/security.txt.

Security · Related

Pricing →FAQ →Privacy policy →

Last updated · 2026-05-28