Your Confidential Documents Never Leave Your Computer

You need to search a document you're not supposed to share. A client contract under NDA. A patient's records. A deal memo that hasn't closed. So you reach for one of those "search this PDF" or "OCR this scan" sites — and to make it work, you upload the file to someone else's server.

For a lot of work, that's a line you can't cross. If you're bound by privilege, confidentiality, or a regulator, the file leaving your computer is the problem, no matter how good the tool is.

Highlighty searches and highlights PDFs in your browser, on your machine. The document doesn't get uploaded to do the work. This post lays out exactly where the line is — including the one narrow case where anything reaches our servers.

TL;DR

• PDF search and highlighting happen in your browser, on your device — the document isn't uploaded to be searched.
• Scanned contracts and records are read by on-device OCR. The page image never leaves your computer.
• Your queries, saved keyword lists, history, and settings stay in your browser's local storage.
• No user tracking of any kind, and no remotely injected code — what's reviewed in the store is what runs.
• You can scope it with Allowed / Disallowed websites, so it never runs where you don't want it.
• The only thing that ever touches our servers is a PRO sign-in: your login details and subscription status. Never your documents, queries, or page contents.

The work happens in your browser

When you open a PDF through Highlighty's viewer and search it, the searching and highlighting run locally in your browser. Highlighty reads the text on the page to find your terms and paints colored highlights over the matches — all on your machine. The file isn't sent anywhere to be processed.

That's a different model from the upload-and-search websites. There's no server in the middle holding a copy of your contract while it does the work. It's also why Highlighty keeps working the same whether you're online or offline.

Scanned contracts and records: OCR with no upload

Plenty of confidential material arrives as a scan — a signed agreement, a faxed record, an exhibit photographed to PDF. Those are images of pages with no selectable text, so ordinary find can't see a word of them.

Highlighty reads them with on-device OCR. The page image is processed on your computer and never uploaded to any server or third-party service to be turned into text. One honest limit worth stating up front: OCR is English-only in this first release.

Your queries and lists stay local too

It isn't only the document. The things that reveal what you're working on — the terms you search, the keyword lists you save, your search history, and your settings — all live in your browser's own local storage, on your device.

None of that is sent to us, because none of it needs to be. If you're searching a record for a list of sensitive names or terms, that list stays on your machine.

No tracking, no remote code

Two commitments matter especially when the documents are sensitive.

No user tracking. There's no analytics watching which files you open or what you search. We don't build a profile of you, because we don't collect the raw material to build one.

No remotely injected code. Some extensions ship a small shell and then download their real behavior from a server after you install — so the code reviewed in the store isn't necessarily the code running on your machine. Highlighty doesn't do that. What's reviewed and published is what runs. (It's a Manifest V3 extension.)

Scope it to the sites and work you choose

You don't have to let Highlighty run everywhere. In Advanced → White/blacklist features, Allowed websites restricts it to run only on domains you list, and Disallowed websites stops it from ever running on domains you name.

So you can keep it active only where you do document work, and entirely off everything else — or block it from specific sensitive systems. Your browser also lets you set any extension to run only on click or only on chosen sites.

The one place anything leaves: PRO sign-in

Being honest means not claiming "nothing ever leaves your device," because that isn't quite true once you use PRO. Here's the real boundary.

The free version needs no account and talks to no server to do its job. If you only use the free features — and PDF search, highlighting, OCR, and the whitelist/blacklist controls are all free — there's no sign-in and nothing to send.

PRO features sign in with a Highlighty account. For that, our servers hold your login details and your subscription status, so we know the account is valid. That is the entire list. We do not receive your documents, your queries, your keyword lists, your search history, or the pages you read.

Who this is for

If you handle other people's confidential information for a living, the upload step is often a dealbreaker. A tool that does the work locally removes it.

• Lawyers reviewing privileged documents and contracts under NDA.
• Accountants and finance teams searching statements, filings, and deal materials.
• Clinicians and staff handling patient records.
• Anyone under a confidentiality obligation who still needs to find things in long or scanned files.

None of this is a substitute for your own compliance review — check it against your obligations. But the design goal is simple: let you search and read sensitive documents without handing them to a server.

Frequently asked questions

Does Highlighty upload my PDF to search it?

No. PDF search and highlighting run in your browser, on your device, when you open the file through Highlighty's viewer. The document isn't sent to a server to be searched — unlike the upload-and-search websites that require a copy of your file.

Are scanned documents uploaded for OCR?

No. Highlighty reads scanned, image-only PDFs with on-device OCR. The page images are processed on your computer and never uploaded to any server or third-party service. OCR is English-only in this first release.

Does anything I search reach Highlighty's servers?

No. The contents of your searches, your keyword lists, and the pages and documents you read never reach us. The free version needs no account at all. PRO features sign in with a Highlighty account, and the only things on our servers are your login details and subscription status.

Can I stop Highlighty from running on certain sites or systems?

Yes. Use Allowed websites to limit it to domains you choose, or Disallowed websites to block it from specific domains (both in Advanced → White/blacklist features). Your browser also lets you set any extension to run only on click or only on chosen sites.

Is it safe to use under privilege, NDA, or confidentiality rules?

Highlighty is built so the document and your queries stay on your device and aren't uploaded to do the work, which removes the upload step that usually causes the problem. That said, this isn't legal advice — check it against your own obligations and your organization's policy before using it on protected material.

Does Highlighty track me or run code downloaded from the internet?

No on both. There's no user tracking and no analytics tied to your searches or the files you open, and Highlighty doesn't use remotely injected code — the code reviewed and published in the store is the code that runs on your machine.