Does your accountant upload your payslips to random PDF sites?
Your gestoría handles payslips, contracts and tax returns. If they merge or split those PDFs on a random website, your data left the building. Here's the fix.
Think about who has touched your payslip this year. You, your employer, and almost certainly an accountant or a payroll office. Now think about the moment that PDF needed to be combined with last month’s, or split into separate pages for the bank. Where did that happen?
For a lot of professionals, the answer is a free website they found on the first page of search results. They drag your payslip in, click a button, download the result, move on. It works. It also means your salary, your bank details, and your national ID number just travelled to a server you’ve never heard of.
That’s the part worth talking about.
The documents that pass through other people’s hands
You rarely process your own sensitive PDFs. They go through intermediaries.
Payroll offices and accountants see payslips, contracts, tax filings, and bank certificates. HR departments handle ID scans, social security numbers, sick notes, and sometimes medical certificates. Law firms deal with everything from divorce papers to inheritance documents. A clinic’s admin desk merges referral letters and test results into one file for the insurer.
Every one of those people, at some point, needs to do something boring to a PDF. Combine four files into one. Pull pages 3 to 7 out of a 40-page scan. Shrink a file so it fits an email. None of that is glamorous work, and that’s exactly why it gets done on whatever tool is fastest, not whatever tool is safest.
”Deleted after one hour” is not a guarantee
Most online PDF tools upload your file to their server, run the operation there, and send you back the result. The little banner that says “your files are deleted after 1 hour” might be completely sincere. The issue is you can’t check it, and neither can the accountant using it.
Once a payslip is sitting on someone else’s server, even briefly, a few things are out of everyone’s control. Logs and backups can keep copies past the promised window. The server itself can be breached. The tool might run on infrastructure it doesn’t own, passing your file through storage buckets and processing queues that nobody mentioned. A document that never leaves a laptop can’t leak in a breach that happens somewhere else.
For a holiday photo, who cares. For a file with your salary and your ID number on it, the math is different.
What GDPR actually asks of them
Here’s the part professionals sometimes skip. When an accountant or HR office handles your data, GDPR doesn’t treat it as their personal stuff to do whatever with. They’re processing personal data on behalf of others, and that comes with duties.
They’re expected to apply appropriate technical measures to keep that data secure (Article 32). They’re supposed to know who they’re sharing it with, and a random PDF website that receives an uploaded file is a third party in that chain. If they pass your data to a processor, there’s meant to be a contract governing it. And if that website suffers a breach, the people whose payslips were exposed are the ones who pay for it, in stress and in worse.
Uploading a client’s tax return to an unknown free tool to save thirty seconds is hard to square with any of that. Most professionals doing it have simply never thought about where the file goes. The tool felt like a calculator, not a data transfer.
The fix: keep the file on the device
There’s a category of PDF tool that works differently. Instead of sending your file to a server, it runs the whole operation inside the browser. The code downloads to the device once, your PDF is opened and modified in the browser’s own memory, and the finished file is saved straight back to the same machine. The document never goes anywhere.
This is how reader.me works, and it’s the reason it fits sensitive documents. When a payroll office uses our merge PDF tool to combine a stack of payslips, those files are processed on their computer, in their browser. Nothing is uploaded to us, because there’s no server step to upload to. Close the tab and the working memory is gone.
You don’t have to take that on faith either. Open the browser’s DevTools, go to the Network tab, run a merge, and watch: no request carries your file out. If the file isn’t in any request body, it wasn’t sent anywhere.
What to actually do
If you’re the professional, change one habit. Before you put a client’s payslip or contract into a web tool, ask whether it processes in the browser or on a server. If you can’t tell, run the DevTools test once and find out. Pick a client-side tool and make it your default. It’s faster anyway, since there’s no upload and download round trip, and it keeps working when the office Wi-Fi drops.
If you’re the client, you’re allowed to ask. Next time your gestoría or HR handles your documents, ask them how they process your PDFs and whether the files leave their computer. A good answer is “everything stays on our machine.” A shrug is a sign worth following up on. It’s your salary and your ID on those pages, and asking where they go is a completely reasonable thing to do.
The work itself is mundane. Merging a few files takes seconds. The only question is whether those seconds happen on your device or on a stranger’s server, and for a payslip, that’s a question worth getting right.