Security Protocol

1. Zero-Server Architecture

FormFix is built on a "Zero-Server" paradigm. Unlike traditional web utilities that upload your files to a cloud server for processing, FormFix uses WebAssembly (WASM) and the Canvas API to perform all operations directly in your browser's sandbox.

This means your sensitive documents, signatures, and photos never touch our disks or any third-party infrastructure.

2. Data Encryption & Transmission

Since no data is transmitted for processing, there is no risk of interception during transit (Man-in-the-Middle attacks). The website itself is served over HTTPS, ensuring that the code you run is authentic and hasn't been tampered with.

3. Browser Isolation

We leverage the modern browser's security model. Each tool runs in its own isolated context. Once you close the browser tab or refresh the page, all sensitive data is purged from the volatile memory (RAM) and is not persisted anywhere on your device or ours.

4. Third-Party Libraries

We carefully audit the libraries we use (such as `pdf-lib` or `@imgly/background-removal`). We prioritize open-source libraries with large community backing and transparent codebases to ensure no "phone-home" behavior exists.

5. Security Compliance

FormFix is ideal for preparing documents for government portals (SSC, UPSC), banking, and legal applications because it satisfies the highest requirements for data residency and privacy—by simply not having any data residency at all.

6. Vulnerability Reporting

If you discover a security vulnerability, we encourage you to report it to us immediately at: security@formfix.pages.dev