Security
The FreeFileFast local-processing security model, its boundaries, and vulnerability reporting guidance.
Local-processing boundary
User-selected file contents are processed by code in the browser and are not intentionally uploaded to FreeFileFast. Temporary object URLs and in-memory processing resources are released when feasible. Normal page and asset requests still reach hosting and network providers and may produce ordinary request and diagnostic records.
Safeguards and maintenance
- No account system, database, file-upload endpoint, or server-side file library is part of the service.
- File types, decoded content, dimensions, page counts, durations, and memory-intensive operations are validated or bounded where practical.
- PDF and audio workers are route-scoped and served from the FreeFileFast application origin.
- Advertising and analytics providers require explicit enablement, valid configuration, and applicable consent before loading.
- Dependencies are pinned for reproducible installs and reviewed with automated update and vulnerability-audit tooling. Security headers and dependency updates are reviewed as the runtime changes.
Security limitations
Local processing reduces server-side file exposure but cannot protect against a compromised device, malicious extension, vulnerable browser, unsafe network, operating-system malware, or mishandling of a downloaded file. Metadata removal is ordinary re-encoding, not a forensic erasure guarantee. No system is completely secure.
Responsible vulnerability reporting
Email support@freefilefast.comwith "Security report" in the subject. Describe the affected route or component, impact, browser and operating system, and safe reproduction steps. Include a minimal proof of concept when helpful, but do not include sensitive files, credentials, personal data, or secrets.
Do not access another person's data, disrupt service, perform denial-of-service or social-engineering tests, evade access controls, or publicly disclose an unresolved issue before allowing reasonable time for review. FreeFileFast does not offer a bug bounty or guarantee a particular response or remediation time.
Safer use
Keep your browser and operating system current, maintain backups, use trusted devices, verify downloaded results, and avoid processing sensitive material on shared or compromised systems. Never email a sensitive file as a support or security example.