README claims “nothing ever leaves your device”, but PDF tool sends analytics & document fingerprints to third parties

[Mouri-P]

What I observed (verifiable)

When loading a local PDF, the app sends the following requests to SimplePDF endpoints.

1. Analytics events

Event: Loaded an on-device PDF

{
  "type": "ANALYTICS",
  "name": "Loaded an on-device PDF",
  "data": {
    "hasInteractiveForm": false,
    "pagesCount": 1,
    "isMobile": false
  }
}

Event: Loaded from iFrame

{
  "type": "ANALYTICS",
  "name": "Loaded from iFrame",
  "data": {
    "referrer": "http://localhost:8080/",
    "isMobile": false
  }
}

2. Document fingerprint–based queries

query DocumentQuery($documentFingerprint: String!) {
  document(documentFingerprint: $documentFingerprint) {
    documentId
    permission
    documentFingerprint
    uploadUrl
    url
    formUrl
    ...
  }
}

This happens without explicit user consent or disclosure.

---

Why this is a problem

• A document fingerprint (content-derived hash) is sent to a third party
• Analytics events are emitted automatically
• Outbound network calls happen even for local files
• This contradicts the expectation of local-only processing

Even if the PDF content itself is not uploaded, a stable fingerprint combined with analytics still constitutes third-party document tracking.

For users who:

• care about privacy
• use Omni Tools for sensitive documents
• chose Omni Tools specifically because it is local

…this behavior is unexpected.

---

Expected behavior

One of the following (any would be acceptable):

1. True local-only mode

• No outbound network calls by default
• No analytics or fingerprinting unless explicitly enabled

2. Explicit opt-in

• Clear UI toggle (e.g. “Enable SimplePDF integration / analytics”)
• Disabled by default

3. Clear disclosure

• Documented in the README and/or UI
• Clearly explain that SimplePDF services are used and what data is sent