Security

Security practices and limitations for the pdfToMarkdown API.

Transport security

pdftomarkdown.dev is served over HTTPS. API requests should be sent only to https://pdftomarkdown.dev.

Server-side processing

PDF conversion is performed server-side. Requests pass through Cloudflare and are processed by a RunPod GPU worker. Do not use the service for documents that require local-only or air-gapped processing.

API keys

Developer API keys are bearer tokens. Store them in server-side environment variables or secret stores, never in public client-side code.

Document handling

The service is designed to process submitted documents and return Markdown, not to publish or index uploaded files. Avoid submitting highly sensitive documents until your data-handling requirements match the service's server-side processing model.

Reporting issues

Report security concerns to security@pdftomarkdown.dev. Include enough detail to reproduce the issue, but do not include third-party secrets or sensitive documents.