EcomInsides

eCommerce Fulfillment

Privacy and Security of Shipping Data: What Sellers Should Know

By Nikunj Maniya · 24 May 2026 · Updated 9 June 2026 · 3 min read

Minimal desk with notepad and glasses — privacy and security when handling shipping label PDFs
If a tool uploads your label PDF, assume customer data left your control — verify with your browser network tab.

Every shipping label PDF is a privacy minefield. It contains the customer's full name, pin code, address, partial phone number (proxy on Amazon, but full elsewhere), order ID, and the product they bought. Multiply by 100 orders/day, multiply by 365 days, and a single PDF batch held for a year is a high-value target for harvesting.

"Free online label cropper" tools are everywhere. Most upload your PDF to a server, process it there, and return the cropped output. What happens to the original on the server? Often nothing visible to you — but the file sat on someone else's disk. This article gives you the framework to evaluate which tools are safe and which are not.

The three architectures

1. Client-side (in-browser)

The tool runs entirely in your browser. The PDF is read with the FileReader API, parsed with JavaScript libraries (pdfjs-dist, pdf-lib), and the output is generated locally. The network panel during processing is silent — no upload, no download.

Examples: the Ecom Insides cropper, some open-source desktop tools.

2. Server-side with deletion claim

The PDF is uploaded to a server, processed, returned to you, and the server "claims" to delete the file. You have no way to verify. Server logs may retain metadata. Backups may retain the file for weeks. Sub-processors (CDN, storage providers) may have their own retention.

Examples: most "online PDF tools".

3. Server-side with explicit retention

The tool stores the PDF for a defined period (e.g., 24 hours, 30 days) for "convenience" or "support purposes". Marginally more honest than the previous category. Still risky.

How to verify a tool is truly client-side

  • Open browser DevTools → Network panel before uploading the PDF.
  • Run the cropping flow.
  • Watch the network panel. A truly client-side tool makes zero PDF-sized requests during processing.
  • The only network activity should be small JS chunk loads (under 500KB each), telemetry pings, or analytics pixels.

If you see a 5MB+ request matching your PDF size — the file was uploaded.

Test with the airplane-mode trick: switch off Wi-Fi after the page has loaded, then run the cropping flow. A truly client-side tool keeps working. A server-side tool fails.

What is at risk in a server-side tool

  • Customer addresses — useful for direct-marketing scrapes.
  • Customer phone numbers — sold to telemarketers.
  • Order IDs — useful for impersonation in customer-service phishing.
  • Product names + SKUs — competitive intelligence about what you sell.
  • Volume signals — your daily order count is a business metric.

Indian regulatory context (DPDP 2023)

The Digital Personal Data Protection Act 2023 makes you (the seller) responsible for customer data even when processed by third parties. If a tool you use leaks customer addresses, you are the data fiduciary that the regulator notifies. Penalties under DPDP can reach ₹250 crore for serious breaches.

Choosing client-side tools removes this risk vector entirely because the data never leaves your device.

What "100% client-side" actually means

  • The PDF is read with browser APIs, not uploaded.
  • Processing libraries run as JavaScript in your tab.
  • The output PDF is generated in your browser's memory.
  • The tool's server, if any, only serves static HTML, CSS, JS — no application API.
  • You can use the tool offline after first page load.

Other privacy practices to adopt

Don't email PDFs unencrypted

Inbox archives keep PDFs forever. If you must share, use encrypted file-sharing or password-protected ZIPs.

Wipe processed PDFs after dispatch

Once orders are dispatched, you don't need the original PDF. Delete from Downloads and empty Trash.

Protect printer queues

Shared office printers retain print jobs in queue history, sometimes for days. Use a dedicated thermal printer for shipping labels.

Restrict marketplace seller hub access

Seller hub access tokens in the wrong hands can re-download every order. Use 2FA on every marketplace account. For the trust details of this site, see our privacy policy.

Frequently asked questions

Is client-side processing as fast as server-side?

For most workloads, yes. Modern browsers compile JS and run heavy code in Web Workers off the main thread. A 100-label PDF processes in 5-10 seconds in-browser, comparable to or faster than a server round-trip.

How do I know the Ecom Insides cropper is truly client-side?

Open DevTools → Network panel before opening a PDF. Drop the PDF, run the flow. You will see only static asset loads (JS chunks). No request matching the PDF size. You can also test with airplane mode after page load.

What about analytics?

Lightweight analytics (page views, click events) are common in client-side tools. They do NOT contain your PDF or its data — only aggregate usage signals.

Related guides

Try the free Shipping Label Cropper →