Every PDF site says "secure". Almost all of them upload your file to their servers, process it there, and promise to delete it later. "Secure transfer" is not the same as "never transferred".
Kameleo ships the PDF engines — pdf-lib for writing, pdf.js for rendering, Tesseract for OCR — to your browser as WebAssembly and JavaScript. When you drop a file, it's read into your browser's memory, transformed there, and downloaded from there. There is no server-side copy because there is no server in the loop.
Open your browser's developer tools (F12), switch to the Network tab, and run any Kameleo tool. You'll see the app's static files load — and no request carrying your document. Compare that with any upload-based tool. Kameleo also generates a downloadable privacy receipt per operation: a PDF with SHA-256 hashes of your input and output, computed locally.
Chat, Summarize, Translate and Questions need a language model, and models don't fit in a browser. When you use them, the extracted text (never the file) is sent to the AI endpoint — Cloudflare Workers AI for the free Kameleo AI, or Anthropic directly if you add your own Claude key. It isn't stored or used for training. Every non-AI tool remains 100% on-device.