airgap

Air-gap principle

Document tools for companies handling sensitive data

Contracts, HR records, financial reports: airgap processes PDFs and images entirely on your employees' devices – following the air-gap principle. No file ever leaves the machine. This page explains how that works technically and how your IT department can verify it.

How this differs from conventional online tools

Conventional online tools

Your device
Upload
Third-party server
Download
Your device
  • File is transferred over the internet
  • Processing by a third party (data processing, Art. 28 GDPR)
  • DPA and approval process required
  • Copies, logs and caches outside your control

airgap

Your device – everything happens here

File
Processing in the browser
Result

No transfer – technically blocked

  • The file stays on the device at all times
  • No third-party processing – no DPA required
  • No copies or logs on remote servers
  • Works offline once the page has loaded

How it works technically

All processing runs inside your browser's sandbox: a Web Worker executes the PDF and image engines as WebAssembly – the same technology banking software uses in the browser. The site itself is static; there is no server that could even receive a file.

Architecture · Your device (air gap)

Select filestays in memory
Web Workerbackground processing
WASM enginePDF & image processing
Savestraight from the browser
CSP barrier
Internet blocked
Content-Security-Policy:
  connect-src 'self';   blocks any data transfer to remote servers
  default-src 'self'; worker-src 'self' blob:; object-src 'none'; …

SELF-HOSTING & SUPPORT

airgap behind your own firewall

  • Signed builds on your domain or intranet
  • Support with response times and LTS releases
  • Compliance documentation for your IT review

The web version here stays free and unlimited.

Schedule a conversation

unternehmen@air-gap.eu · Reply within 24 h

Coming soon: airgap Desktop – with a local LLM, also 100% offline

How your IT department can verify this

Don't take our word for it – check it yourself. Three steps, five minutes:

  1. 1

    Watch the network tab

    Open developer tools (F12), select the network tab, process a PDF: after the page has loaded, no further network requests occur – not even to our own domain.

  2. 2

    Inspect the CSP header

    Our Content Security Policy technically forbids the browser to send data to remote servers. This is not a policy statement – it's a restriction enforced by the browser itself:

    Content-Security-Policy:
      connect-src 'self';   ← blocks any data transfer to remote servers
      default-src 'self'; worker-src 'self' blob:; …
  3. 3

    Offline test

    Load the page, disconnect Wi-Fi, process a file: every tool keeps working without an internet connection – the definitive proof that no server-side processing exists.

GDPR assessment

  • No commissioned data processing: since files never leave the device, we do not process any personal data from your documents. A DPA under Art. 28 GDPR is not required.
  • No cookies, no tracking, no user accounts – no consent-requiring data processing takes place.
  • Static hosting via an EU-reachable CDN; only technical server logs for delivering the website occur (Art. 6(1)(f) GDPR).

Frequently asked questions from companies

Are our files really never uploaded?

No. All processing happens locally in the browser. The Content Security Policy (connect-src 'self') technically prevents uploads, and the tools demonstrably work offline as well.

Do we need a data processing agreement (DPA)?

No. Since no file leaves the device, no commissioned processing within the meaning of Art. 28 GDPR takes place. There is no processor to sign an agreement with.

Does the tool work behind a corporate proxy and firewall?

Yes. Only the static website is loaded – the same kind of request as any normal web page. After that, no connection is needed. Your IT can whitelist the domain specifically.

Which browsers are supported?

All current browsers: Chrome, Edge, Firefox and Safari (16.4+). No installation and no browser extension required.

Can our IT department inspect the code or behavior?

Yes. The behavior is fully inspectable in the browser (network tab, CSP header, offline test). All code is delivered unobfuscated to the browser and can be analyzed.

Ready to try it?

All tools are free and require no sign-up – test them with a non-critical document while watching the network tab.

View all tools