Zro7 processes files entirely in your browser using WebAssembly. This post lists every category of network request our site makes, so you can verify it yourself in DevTools → Network. Short version: we load code, we do not upload your files. Ever.
What Zro7 sends
- HTML/CSS/JS bundles: the app itself, from our CDN.
- WASM modules: pdf-lib, ffmpeg-core, DuckDB, Tesseract, etc. — one download per tool, cached.
- Fonts: Plus Jakarta Sans woff2.
- Sitemap/robots: crawler traffic only.
What Zro7 does NOT send
- Your files — PDFs, images, video, audio, CSVs. Zero bytes.
- Filenames, sizes, or metadata.
- Analytics beacons keyed to actions inside a tool.
- Cookies with user IDs. Session state stays in localStorage.
- Third-party tracker scripts (Facebook Pixel, Google Ads, Hotjar, etc.).
Tools that DO make network requests
Two categories, both by design, both DNS/protocol lookups that don't touch your files:
- DNS/MX/WHOIS/RDAP tools: hit Cloudflare DoH and IANA RDAP directly from your browser. The query is a domain name you typed; we never see it.
- Barcode / QR generators: purely client-side; no requests once the page is loaded.
Third parties
- CDN: Cloudflare (delivers HTML/JS/WASM, standard access logs).
- Fonts: self-hosted, no Google Fonts request.
- Analytics: none served today. If we add anonymous page-view counting later, it will be listed here first.
How to verify
- Open DevTools → Network in Chrome/Firefox/Safari.
- Clear the panel.
- Load Compress PDF, drop a 20 MB PDF, run compress.
- Look at Uploads (bytes sent). You'll see kilobytes of HTTP headers — not megabytes of file data.
- Repeat for any tool. Big uploads never appear.
Open source & audits
The underlying WASM libraries — pdf-lib, ffmpeg.wasm, DuckDB-WASM, @imgly/background-removal, Tesseract.js — are open source. Anyone can inspect them. Our wrapper code is minified and cache-busted; independent reviewers can diff it across releases.
Updated December 31, 2026 · Zro7 editorial team.
Zro7