Most reputable online PDF tools use HTTPS and delete files after a short window, so for non-sensitive documents they are generally fine. The real risk is not the typical case — it is that your file is uploaded to and stored on a third-party server at all, which you cannot fully verify.
If a document is confidential — a contract, an ID, a medical or financial record — the safest option is a tool that never uploads it in the first place.
Does it use HTTPS for the upload? How long are files kept, and are they deleted automatically? Does using it require an account, and what does the privacy policy say is collected? Is the company and its jurisdiction one you are comfortable holding your document?
You usually cannot independently verify retention or access claims — you are trusting the provider's word and infrastructure.
Use a local, browser-based PDF tool. On this site every tool runs entirely in your browser using JavaScript and WebAssembly, so the file is read into memory on your device, processed there, and never sent anywhere.
A strict Content Security Policy and a runtime network guard enforce this, and you can confirm it directly: open your browser's developer tools, watch the Network tab, and you will see no upload while the tool works.