Security and File Processing
CompressFree is built around clear processing labels, minimal retention, and practical browser-first security controls.
Browser-first tools
When a tool is labeled as browser processing, the file or text is processed locally by your browser after the page loads. This is the preferred mode for image compression, resizing, QR generation, text tools, developer tools, and calculators.
Server-side tools
Some advanced PDF, OCR, large-file, batch, or API workflows may require server-side processing later. Those tools should disclose upload behavior before the user selects files and should avoid persistent storage by default.
Upload controls
Server-side upload workflows should use extension allowlists, file-signature validation, random filenames, file-size limits, storage outside the web root, abuse throttling, and malware or sandbox checks where practical.
Retention policy
Client-side tools do not store output on CompressFree servers. Temporary server-side uploads should be deleted after successful processing when possible, usually within 15 to 60 minutes. Failed jobs or quarantine artifacts should be kept no longer than 24 hours unless support requires otherwise.
Download safety
Generated downloads should be served with accurate file types, safe content-disposition behavior, and nosniff headers when server delivery is used. Browser-generated downloads should avoid adding watermarks or hidden tracking files.
Report an issue
Report security concerns to support@compressfree.click with the affected URL, browser, reproduction steps, and impact summary. Do not include private files or user data unless a secure channel is arranged.