Security & Data Protection

OnPremPDF is designed for use in security- and privacy-sensitive environments. Operation takes place exclusively on your own infrastructure, without any cloud connectivity or external dependencies.

Architecture & Data Flow

Minimal, explicit servlet-based architecture. OnPremPDF uses a traditional Java Servlet architecture with explicit web.xml configuration to ensure deterministic behavior, minimal dependencies, and long-term stability.

• Server-side PDF generation via a local REST API
• In-memory processing of incoming data
• No storage of user data or documents
• No database for content data

Generated PDFs are streamed directly to the client and never stored on the server.

Source Code Access (Optional)

OnPremPDF is provided as proprietary software. For security or compliance requirements, source code access can be provided upon request under a non-disclosure agreement (NDA) for review purposes only.

Offline Operation

• No internet access required for operation
• No external API calls
• No access to third-party servers
• Suitable for isolated networks

Data Protection (GDPR)

• No transfer of personal data to third parties
• No data processing by external service providers
• No transfer to third countries
• No telemetry or usage analytics

All processing takes place exclusively within the local environment and remains under the responsibility of the respective operator.

Logging & Monitoring

OnPremPDF does not log document content.

• No logging of JSON payloads
• No logging of PDF contents
• Optional technical audit logs (license-dependent)

Audit Logs

Depending on the license in use, technical audit logs can be enabled.

• Logging of technical events (e.g. timestamps, status codes)
• No storage of personal or document content
• Optional time-limited retention (audit retention)

Access Control

• Administration interface accessible locally only
• Protected via HTTP Basic Authentication
• Credentials generated automatically during installation
• No default passwords

Summary

• 100% on-premise operation
• No cloud access
• No telemetry
• No content logging
• Suitable for public authorities and regulated organizations

Why On-Prem PDF Generation Matters

In compliance-critical environments, document generation is part of the data processing pipeline and must follow the same security boundaries as the originating systems.

Cloud-based PDF services require transmitting document payloads to external systems, which introduces additional risks and compliance overhead.

• Data leaves the internal network
• Additional contractual and regulatory requirements
• External availability and dependency risks

With an on-premise PDF renderer, all document generation remains inside the organization's infrastructure and security perimeter.