Most free PDF mergers ask you to upload the very documents you want to keep private. For confidential paperwork (signed agreements, performance reviews, financial statements) that is the wrong trade-off. A local merger keeps the file on your machine from start to finish.
Confidential Merging, On Your Machine Only
PDF Merge & Split runs entirely in your browser. No account, no upload, no watermark.
Add to Chrome, FreeWhy "we delete files in 1 hour" is not enough
Many upload tools advertise short retention windows. The trouble is that you cannot verify it. By the time the file is on their server, it has crossed the trust boundary, retention policy, server logs, and CDN caches are out of your control. For non-sensitive PDFs that is fine. For an NDA, a signed offer letter, or a medical record it is not.
A local merger has no upload step, so retention is a non-issue.
How the extension keeps things local
The extension is a static bundle running in the browser sandbox. When you drop a file in, the browser's File API hands it to the extension as bytes in memory. The merge happens in JavaScript on those bytes, then the result is offered as a download. There is no fetch or XHR with file content as the body, you can verify in DevTools' Network panel.
The extension can run with the network completely disabled. Try it: turn off Wi-Fi, do a merge, the merge still completes.
When upload tools are still acceptable
For documents that are already public (marketing PDFs, conference handouts, published reports), uploading is a fine trade-off and you get more features. The privacy concern is specific to documents you should not be sharing.
Beyond the merge, what else stays local
The same reasoning applies to all of the extension's actions:
- Splitting a confidential 200-page report stays on your machine.
- Reordering pages of a contract draft stays on your machine.
- Rotating a sideways scan of an HR document stays on your machine.
None of these operations send file content anywhere.
Useful for compliance scenarios
Local-only processing is useful for environments where uploading documents to third-party services is restricted by policy: certain healthcare contexts, legal practices handling client documents, finance teams handling pre-public information, and government work. The extension does not promise compliance with any specific framework, but it removes the upload step that most frameworks flag.
How to Merge Confidential PDFs Privately, Tools Compared
| Tool | Upload required | Server log risk | Works offline | Cost |
|---|---|---|---|---|
| PDF Merge & Split (extension) | No | None | Yes | Free |
| iLovePDF (web) | Yes | Yes | No | Free tier |
| Smallpdf (web) | Yes | Yes | No | Free tier |
| Acrobat (desktop) | No | None | Yes | $14.99/mo |
| macOS Preview | No | None | Yes | Built-in |
Get It Done in Under a Minute
Install the free Chrome extension and process your PDFs locally. Works on Windows, Mac, Linux, and Chromebook.
Add PDF Merge & Split to ChromeRelated Guides
- Combine PDFs Without Uploading
- PDF Merger That Works Offline
- Merge Encrypted PDF Files
- PDF Merger With No Email or Signup
Frequently Asked Questions
Can my IT department block this extension?
Yes, like any Chrome Web Store extension. If your environment uses managed Chrome policies, the extension can be allowlisted or blocklisted by admins. The privacy properties only matter if it is allowed in the first place.
Is encrypted data still safe during merge?
For password-protected PDFs, the extension prompts for the password and decrypts in memory only. Nothing decrypted is written back unless you explicitly choose to save without the password.
How do I prove no upload happened?
Open Chrome DevTools, go to the Network tab, perform a merge. You will see no requests carrying the PDF content. You can also disconnect from the internet and merge anyway, the merge still completes.
Does the extension log file names anywhere?
No. File names are not transmitted. Anonymous install/usage counts (no file content, no file names) can be sent for product improvement and can be turned off in settings.
Is this audit-friendly?
For most internal audits, yes. For specific regulatory frameworks (HIPAA, SOC 2, etc.), have your compliance team review the extension's privacy policy and the absence of network activity.
