Why Blurify Never Sees Your Files

No server processing

Blurify has no backend. There are no servers receiving, storing, or processing your files. The app is pure client-side code.

No account required

Nothing is tied to an identity. You open the tool, process your file, and download the result — no sign-in, no history, no profile.

Your hardware does the work

Your CPU, GPU, and browser engine are the processing units. Blurring, redacting, and video encoding all run on your own machine.

Files stay offline

Your image, video, or PDF is never transmitted over a network. It stays in the browser's memory from the moment you open it to the moment you download the result.

The problem with cloud-based tools for sensitive files

Most online image editors, video processors, and PDF tools follow the same fundamental architecture: you upload your file to their server, their backend processes it, and they send you back the result. They may promise to "automatically delete files after 24 hours," offer HTTPS encryption in transit, or display trust seals — but the fundamental fact remains: your file has left your device and entered someone else's infrastructure.

For processing a photo of your lunch before posting it to Instagram, this is completely fine. But blurring and redaction tools are specifically used for sensitive content — the opposite of casual photos. Consider what people typically use them for:

Screenshots containing passwords, API keys, or authentication tokens
Photos of confidential documents, contracts, or legal filings
Videos that include minors whose faces need to be censored
PDF medical records or insurance documents with patient data
Images from an investigation that could identify a vulnerable source
HR documents containing salary information or personal details
Financial screenshots with account numbers or transaction history

These are precisely the files you don't want to hand to a third-party server, regardless of their privacy policy. A privacy policy is a legal document — it can be updated, violated, breached, or subpoenaed. Architectural privacy is different: if data never reaches a server, there is no policy that could fail to protect it.

How Blurify processes files locally

Blurify uses several browser-native technologies to perform the same operations that cloud-based tools do — but entirely on your own device. Here is exactly what happens when you process a file, with no details omitted.

The Canvas API — for images and PDFs

When you open an image or a PDF page in Blurify, the file is loaded into the browser's memory using a Blob URL — a temporary local reference that points to data stored in RAM. A Blob URL looks like blob:http://localhost/a4f2d0e3-... and exists only within the current browser session. It is never transmitted over a network, and it expires when the tab is closed.

The blur and redact effects are computed using the browser's built-in Canvas API— a hardware-accelerated 2D graphics rendering system that has been part of every major browser since 2008. The Gaussian blur algorithm is executed by the browser's own rendering engine, using your device's GPU where available for acceleration. The resulting composited image is held in memory and offered for download via a second Blob URL — again with zero network activity involved.

You can verify this directly. Open your browser's developer tools (F12 or right-click → Inspect), go to the Network tab, filter by "All", and load an image into Blurify. Apply a blur shape and export. You will see requests for the JavaScript and CSS assets that make up the application, but no outgoing request containing your image data. The image never leaves your browser.

ffmpeg.wasm and MediaRecorder — for videos

Video processing is more complex than image processing, but the privacy guarantee is the same. Here is the complete pipeline:

Your video file is loaded into an HTML <video> element using a Blob URL, exactly as with images.
The video plays through a hidden offscreen HTML5 canvas. For each frame, Blurify composites the blur shapes onto the canvas at the video's native resolution.
For WebM export, the browser's native MediaRecorder API captures the canvas stream in real time and encodes it — using the browser's own built-in codec — directly into a WebM container.
For MP4 export (which most browsers can't natively encode), Blurify uses ffmpeg.wasm — a port of the widely-used FFmpeg video processing library to WebAssembly. WebAssembly runs in a secure, sandboxed environment inside the browser. The ffmpeg binary is downloaded from a public CDN once (approximately 31MB) and cached by your browser for future use. Critically, your video data is processed by this locally-running code — it is never sent to the CDN or any external service. Only the code itself is fetched, not your content.
Audio is preserved by capturing it directly from the video element's own media stream and muxing it with the processed video frames. No audio re-encoding from an external source is involved.

pdf.js and pdf-lib — for PDFs

PDF support is built on two well-established open-source libraries that run entirely in the browser:

pdf.js— Mozilla's open-source PDF rendering engine, used in Firefox and available as a standalone library. When you open a PDF in Blurify, pdf.js renders each page to an HTML canvas at high resolution (3× the screen resolution for crisp text). This rendering happens entirely in memory, with no server involvement. The same library is embedded in tens of millions of browser installations worldwide.
pdf-lib— a JavaScript library for creating and modifying PDF files. After you apply redactions to each page's canvas, pdf-lib assembles the redacted page images into a new PDF document in memory and passes it directly to the browser's download mechanism. The complete round-trip — open PDF, render pages, apply redactions, export new PDF — happens without a single byte of your file's content crossing a network boundary.

MediaPipe — for automatic face detection

The automatic face detection feature uses MediaPipe— Google's open-source machine learning library for media processing. When you click Detect Faces, Blurify loads a small face detection neural network model (a TFLite file, approximately 450KB) into the browser and runs inference on your image using the browser's WebGL graphics API for acceleration. The model runs entirely in the browser sandbox — your image is never sent to Google or any other service for analysis.

What data does Blurify collect?

Being completely transparent about this is important. Blurify is funded by advertising, and like virtually every website, it uses standard web analytics. Here is a precise breakdown of what is and is not collected:

What IS collected

Google Analytics 4 — standard page-level analytics: which pages are visited, session duration, approximate location (country/region level, not GPS), browser type, device category, and traffic source. None of this includes file contents, filenames, or editor activity. Google Analytics sees the same data on Blurify that it sees on any other website.
Google AdSense — serves display advertisements. AdSense uses contextual signals from the page content and, if you have personalized advertising enabled in your Google account settings, your browsing profile to select relevant ads. No file data is shared with AdSense — it has no access to anything inside the editor.
Vercel Analytics and Speed Insights — performance monitoring for the web application: page load times, Core Web Vitals scores, and server-side rendering performance. No file data or user behavior inside the editor is captured.

What is NOT collected

The contents of any file you open or process in Blurify
The filename, file size, or format of any file you open
What blur shapes you drew, their positions, sizes, or what they covered
Any account information (no accounts exist)
Any session history, processing logs, or audit trails
What pages of a PDF you viewed or edited
Any aspect of the content you are editing

The analytics services Blurify uses can only see page-level behavior — the same information they would see on any other website. They have no access to, and no visibility into, what happens inside the editor or what files you process.

Why this architecture matters beyond privacy

Building Blurify as a fully client-side application is significantly more technically challenging than deploying a simple server-side processing pipeline. The engineering effort was deliberate. Beyond privacy, it produces several other practical benefits:

Works offline after initial load

Because Blurify's processing does not require a server connection, it continues to work in environments with limited or no internet connectivity after the initial page load. The application's JavaScript is cached by the browser. If you're on an airplane, working in a restricted corporate network environment, or dealing with an unreliable connection, image and PDF processing continues to work without interruption.

No rate limits or artificial size restrictions

Server-based tools impose file size limits, daily processing quotas, and rate limits because server-side processing costs real money. Every megabyte you upload is bandwidth, and every second of video processing is compute time that the service pays for. Blurify's processing runs on your hardware, at your expense. There are no server costs to pass on to you, no artificial limits to encourage upgrades, and no paywalls to unlock larger files.

No data breach surface for your files

Cloud services are regularly breached. Even services with strong security practices and good intentions are targets. The only complete protection against a data breach exposing your files is ensuring your files were never stored by the service in the first place. Blurify eliminates this risk entirely by design.

GDPR and data protection compliance

Under the EU General Data Protection Regulation (GDPR), a photograph of an identifiable person is personal data. Uploading such a photograph to an online tool makes you a data controller sharing personal data with a third-party data processor, triggering obligations around data processing agreements, cross-border transfer rules, consent documentation, and breach notification requirements.

When the processing stays entirely on your device — as it does with Blurify — the photograph never becomes a third-party data processing issue. This is particularly relevant for organisations in healthcare, law, education, journalism, and social work, where handling photographs of individuals is routine but uploading them to external servers may be restricted or legally complex under sector-specific regulations like HIPAA, the UK Data Protection Act, or various national health data laws.

How to verify it yourself

You don't have to take our word for it. The most convincing demonstration of Blurify's local-only processing is an empirical one — you can verify it directly in your browser.

Open any modern browser (Chrome, Firefox, Safari, Edge).
Press F12 (or right-click anywhere and select Inspect) to open the developer tools.
Click the Network tab in the developer tools panel.
Open Blurify. You'll see requests for the JavaScript, CSS, and font files that make up the application.
Load an image, video, or PDF into the editor.
Draw a blur shape, adjust the settings, and click Export.
Watch the Network tab throughout. You will not see any outgoing request containing your file data — because none is ever made.

The Network tab will be quiet after the initial page load. Your file stays entirely within the browser's memory. This is the technical reality of how Blurify works — not a marketing claim.

Frequently asked questions

Does Blurify work if I disconnect from the internet after loading it?

Yes. Once the page has loaded and the application code has been cached by the browser, image and PDF processing continue to work without a network connection. Video export using ffmpeg.wasm requires the WebAssembly binary to be cached first (it downloads automatically on first use). After that, video export also works offline.

The ffmpeg.wasm binary is downloaded from an external CDN — doesn't that mean my video goes there?

No. Only the code — the ffmpeg binary — is fetched from the CDN. Your video data is processed locally by that code after it has been downloaded to your browser. The CDN serves the tool, not the data. This is the same as installing any desktop application from the internet: the installer comes from an external server, but after installation, the software runs locally on your machine.

Can Blurify access my camera or microphone?

No. Blurify does not request camera or microphone access. It only reads files you explicitly open through the file picker or drag-and-drop interface.

What happens to my file if I close the browser tab?

The file and all edit state are cleared from memory when you close the tab. Blurify does not save files to local storage, IndexedDB, or any other persistent browser storage. Closing the tab is equivalent to the session never having happened, from a data persistence perspective.

Is Blurify open source?

Blurify is not currently open source, but it is built entirely on open-source dependencies — pdf.js, pdf-lib, ffmpeg.wasm, and MediaPipe — all of which are publicly auditable. The processing logic can also be empirically verified by inspecting network traffic in the browser developer tools, as described above.