Local-first tools
Many MakeMyPDF tools run in your browser. For those tools, the file stays on your device and the output is generated locally.
Security
File handling and deletion
MakeMyPDF is not a document storage product. The goal is to process the file you choose, return the result, and keep the long-term account record limited to billing, entitlement, support, and usage metadata.
Server-processed tools
Some conversions and heavier PDF operations need the API. Those files are sent only for the requested operation and are not added to a permanent MakeMyPDF file library.
Deletion window
Server tools use temporary request storage while processing. Outputs are returned to the browser, and temporary working files are removed when the request finishes or the worker cleanup runs.
Cloud connectors
Google Drive and Dropbox integrations move files directly between your provider account and the current tool flow. They do not create MakeMyPDF-hosted cloud storage.
Accounts and billing
Authentication, Premium state, billing records, usage counters, and AI credit ledger entries live in the shared MakeMyToolkit account system.
What we log
We keep operational metadata such as tool name, status code, file-size counters, plan tier, and daily usage counts. We avoid storing raw IP addresses in usage records.
Production checklist
- Use HTTPS-only production domains for the web app and API.
- Keep Supabase service-role keys server-only and never expose them to the browser.
- Restrict Google and Dropbox app domains to MakeMyPDF production and approved preview origins.
- Rotate provider keys and webhook secrets if they are exposed or copied into the wrong project.
- Send security questions or deletion concerns to [email protected].