PQ PDF for Enterprise — On-Premise Deployment & Support

Why On-Premise?

Four reasons organisations choose to run PQ PDF on their own infrastructure rather than upload sensitive documents to a cloud service.

Security

Total control over your attack surface

Every file processed by a third-party cloud service is an exposure event. On-premise means your network perimeter is the only boundary that matters. No vendor breach can expose your documents because your documents never leave.

Four-layer processing sandbox — your configuration
Audit logs under your control
Network isolation: air-gapped deployment supported
Zero vendor access to file content — ever

Cost

Predictable cost that doesn't scale with headcount

Per-seat SaaS PDF subscriptions typically cost $10–$30 per user per month. For a team of 50, that's $6,000–$18,000 per year — recurring, compounding, and rising with every hire. On-premise is a one-time installation plus an annual support contract.

No per-seat fees — unlimited internal users
Fixed annual support cost, not headcount-linked
One breach event can dwarf years of on-prem costs¹
No surprise pricing tiers or feature paywalls

Compliance

Meet data residency requirements without compromise

GDPR, HIPAA, NIS2, and sector-specific regulations often require that personal data stays within a defined jurisdiction or system. Uploading to a cloud PDF service creates a new data processor relationship that must be audited, contracted, and justified. On-premise eliminates the relationship entirely.

No third-party data processor agreement required
Data stays in your jurisdiction — always
GDPR Article 83(5): fines up to €20M or 4% global turnover²
HIPAA BAA not required — PHI never leaves your systems

Control

No vendor lock-in, fully auditable stack

Every engine that processes your documents is open-source software. Ghostscript, Poppler, LibreOffice, Tesseract, PyMuPDF, ClamAV, YARA — there is no proprietary black box, no opaque SaaS magic. You can audit exactly what runs on your files.

Open-source processing stack — fully auditable
Configure file size limits to your requirements
Integrate with your internal systems and identity providers
No dependency on our uptime or pricing decisions

Security Architecture

The platform is built around a zero-trust file lifecycle. These are not marketing claims — they are verifiable in the technical security reference.

Zero-Retention File Lifecycle

Every request creates one isolated temp directory (0700 permissions, 24-hex CSPRNG suffix). Files are written only inside it. When processing completes, cleanup() is called immediately after readfile() begins streaming — the directory is deleted while the download is still in flight. No retention window, no cleanup cron, no object storage. Error paths also trigger cleanup before returning.

Four-Layer Processing Sandbox

Files pass through layered isolation before any engine touches them: CSPRNG-randomised temp directory isolation; shell-escaped arguments via escapeshellarg(); hard 120-second OS-enforced process timeout; and network-namespace isolated dynamic sandbox (unshare + strace) for behavioural analysis. No user-controlled string ever reaches the shell interpreter unescaped.

Transport & Headers

TLS 1.3 only (1.0/1.1/1.2 disabled), cipher TLS_AES_256_GCM_SHA384. HTTP/3 + QUIC v1 + WebTransport — A++ "HTTP/3 Ultimate" rating. PQC hybrid key exchange: X25519MLKEM768 where supported. HSTS max-age=63072000; includeSubDomains; preload (2 years). Per-request CSP nonces (128-bit entropy from random_bytes(16)) — no unsafe-inline, no unsafe-eval. All event handlers use addEventListener() in external JS files. Full security header stack: X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Referrer-Policy, Permissions-Policy, CORP, COEP, NEL, Report-To — A+ rating on securityheaders.com.

44-Engine Forensics Scanner

The PDF Forensics Scanner runs 44 independent analysis engines: structural integrity, byte-pattern matching (YARA), metadata (ExifTool), font analysis, CVE patterns, qpdf, PeePDF, dynamic behavioural sandbox (strace + Linux namespaces), ClamAV (700k+ signatures), ML anomaly detection (IsolationForest + RandomForest + LightGBM with SHAP), six-parser differential analysis, polyglot detection, JavaScript AST deobfuscation, offline threat intelligence (6.4M+ indicators), signature forensics, phishing detection, embedded file analysis, campaign attribution (TLSH + pHash), weighted correlation engine (60+ compound patterns), PDF token obfuscation detection, XFA FormCalc parser, action dependency graph, OCG layer cloaking, Unicode/invisible text, trailer chain forensics, codec exploit validation, entropy topology, image steganography, PDF/A compliance fraud, JavaScript behavioural emulation, font CharString emulation, XRef integrity graph, and a self-hosted Qwen 2.5 1.5B AI forensic report engine (llama.cpp, WireGuard-isolated). No file content is stored; only anonymous structural feature vectors are used for model training.

Post-Quantum Encryption — Client-Side Keys

PQC mode performs all key generation and wrapping in the browser using the @noble/post-quantum library before the file is uploaded. 31 post-quantum algorithms are supported, including NIST-standardised ML-KEM-1024 (FIPS 203), HQC-128/192/256, FN-DSA variants, and hybrid classical+PQC modes. The server receives only an already-encrypted .pqcpdf bundle — the plaintext file never traverses the network in PQC mode, and the server has no access to private keys. NIST finalised ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205) on 13 August 2024.³

Open-Source Engine Stack — No Black Boxes

Every processing engine is open-source running locally: Ghostscript, Poppler (pdfunite, pdftoppm, pdftotext), qpdf, LibreOffice, ImageMagick, Tesseract 5, PyMuPDF, ExifTool 12, YARA 4.5, ClamAV 1.4+, PeePDF 0.4, strace + unshare, scikit-learn, acorn (Node.js). No file data is forwarded to any external API. The only outbound call from processing engines is ClamAV pulling signature updates from clamav.net — no file content transmitted.

What You Get

Everything on pqpdf.com, deployed on your servers — plus the operational freedom to configure it for your scale.

No File Size Caps

The public tool caps general uploads at 50 MB and the forensic scanner specifically at 10 MB — a deliberate limit tuned for the public threat profile, where virtually all malicious PDFs are under 3 MB. On your infrastructure both caps are removed. Scan large enterprise documents, PDF portfolios, and any file the public scanner would reject.

Full Throughput, No Rate Limiting

No concurrency caps, no per-IP rate limits, no queuing delays. Process as many documents simultaneously as your hardware supports.

All 46 PDF Tools

Merge, split, convert, OCR, redact, sign, PAdES, PQC encryption, forensics scanner, workflow builder, and every other tool on pqpdf.com.

Your Infrastructure

Installed on your own servers — on-premise, private cloud, or air-gapped environment. Documents never leave your network.

Data Sovereignty

Full control over where your data lives and who can access it. Meet GDPR, HIPAA, ISO 27001, and sector-specific data residency requirements.

Support & Maintenance

Ongoing support contract with the team that built the platform. Bug fixes, security patches, dependency updates, and direct access when you need help.

Updates & Security Patches

New tools and features added to pqpdf.com are available to your deployment. Security patches applied as part of your maintenance agreement.

Configurable & Extendable

Adjust processing parameters, integrate with your internal systems, and extend the platform for your specific document workflows.

The Cost & ROI Case

On-premise has a higher upfront cost. Here is why the total cost of ownership often favours it.

Typical Cloud PDF SaaS

Per-seat subscription

$10–$30 per user / month

50 users → $6,000–$18,000/year
100 users → $12,000–$36,000/year
Cost scales linearly with every hire
Files processed on vendor servers
Vendor breach = your document exposure
Third-party data processor under GDPR — requires DPA
Renewal risk: pricing changes, feature paywalls

PQ PDF On-Premise

One-time install + annual support

Fixed contact us for your scope

Unlimited internal users — no per-seat fee
Cost does not rise when you hire
Files never leave your network
No third-party data processor relationship
Vendor breach cannot affect your documents
No DPA required for internal PDF processing
Fixed annual support contract, no surprise tiers

⚠️ The risk arithmetic matters

$4.88M Average global cost of a data breach (IBM Cost of a Data Breach Report 2024)¹

$9.77M Average cost for healthcare breaches — highest of any industry for the 14th consecutive year (IBM 2024)¹

194 days Average time to identify a breach — plus 64 more days to contain it (IBM 2024)¹

30% Of confirmed breaches involved a third-party vendor — doubled year-over-year from 15% in 2024 (Verizon DBIR 2025)¹⁹

€20M / 4% Maximum GDPR fine under Article 83(5). The largest fine imposed to date: €1.2B (Meta, May 2023)^{2, 20}

PDF as an active attack vector — documented threat intelligence

22% of all malicious email attachments are PDFs — the single largest malicious file category by email delivery. 68% of all cyberattacks begin via email. Check Point Research, April 2025¹¹

11% of endpoint threats caught by HP Wolf Security were PDF-based (Q1 2024 and Q3 2025). PDFs use QR codes and trusted redirect services (Bing, LinkedIn, Google AMP) to evade URL scanners. HP Wolf Security Threat Insights Reports, 2024–2025¹²

14%+ of email threats bypass gateway scanners entirely before reaching endpoints. Median time for a user to click a phishing email: under 60 seconds. HP Wolf Q4 2025; Verizon DBIR 2024^{12, 19}

467K malicious files detected per day globally in 2024 — a 14% year-over-year increase. Rising toward 500K/day in 2025. Document formats are among the top 3 threat categories. Kaspersky Security Bulletin 2024¹³

CISA KEV CVE-2023-26369 2023

Adobe Acrobat/Reader — North Korean APT Exploitation

Out-of-bounds write vulnerability enabling arbitrary code execution. Confirmed exploited in the wild by a North Korean APT group per Google Project Zero. Added to CISA's Known Exploited Vulnerabilities catalogue in September 2023, mandating federal agency remediation. Adobe security bulletin APSB23-34.¹⁴

CISA KEV CVE-2023-21608 2023

Adobe Acrobat/Reader — Use-After-Free RCE

Use-after-free vulnerability allowing remote code execution. Active exploitation confirmed. Added to CISA KEV in October 2023. NVD CVSS score: 7.8 (High). Affects both Windows and macOS deployments. Attackers weaponised PDFs to gain code execution on victim machines silently.¹⁴

Multi-Actor Foxit Design Flaw 2024

Foxit PDF Reader — Actively Exploited Design Flaw

Check Point Research (May 2024) confirmed multiple threat actor groups exploiting a logic flaw in Foxit PDF Reader to deliver malware including Agent Tesla, Remcos RAT, NanoCore, and ransomware droppers. The flaw involves misleading dialog prompts that cause users to approve malicious execution. CIS advisory issued.¹⁵

Zero-Day NTLM Credential Leak Dec 2024

Adobe & Foxit — NTLM Hash Exfiltration via PDF

Discovered by EXPMON (December 2024): a zero-day in both Adobe Acrobat/Reader and Foxit PDF Reader allowed PDFs to silently leak Windows NTLM authentication hashes to attacker-controlled servers simply by being opened — no user interaction beyond opening the file required. Both vendors patched after responsible disclosure.¹⁶

APT-Grade PDFSider Jan 2026

PDFSider — Deployed on Fortune 100 Network

Resecurity and BleepingComputer (January 2026) reported a sophisticated Windows malware framework distributed via weaponised PDF lures and deployed on the network of a Fortune 100 company. PDFSider uses DLL side-loading for AV/EDR evasion and was linked to multiple ransomware groups. HP Wolf Security (September 2025) separately documented ultra-realistic AI-generated PDF invoice lures capable of deceiving trained security staff. The sophistication of PDF-based attacks is accelerating with AI-generated content removing traditional quality indicators used to detect phishing.¹⁷

Documented breach costs & regulatory actions

File Transfer Service 2023

MOVEit Transfer

Progress Software / Cl0p ransomware

2,600+ organisations hit

93–96 million individuals affected

A zero-day in MOVEit, a third-party file transfer SaaS, gave the Cl0p ransomware group access to files at Shell, EY, PwC, Siemens Energy, the US Department of Energy, BBC, British Airways, and thousands more. No amount of internal security protected organisations that routed documents through the compromised service. Multiple class-action settlements in the millions are ongoing; Progress Software stated it “cannot reasonably estimate a range of possible losses” (SEC filing, 2024).⁵

→ Using a cloud file-handling service is a shared-fate risk — a breach of the vendor is a breach of your data.

Document Processor 2024

Change Healthcare

UnitedHealth Group / ALPHV ransomware

$3.1 billion total impact

$2.2B direct response costs + $0.9B business disruption

Change Healthcare processes medical claims and documents for a significant share of US healthcare. ALPHV ransomware operators exfiltrated data affecting 190 million individuals — the largest healthcare data breach in US history. UnitedHealth Group reported $2.2 billion in direct response costs and $3.1 billion in total impact in SEC quarterly filings and their full-year 2024 earnings release (January 16, 2025).⁶ Regulatory investigations by HHS OCR and state AGs are ongoing.

→ Centralising document processing at a third party concentrates risk for every downstream organisation.

File Transfer SaaS 2023

GoAnywhere MFT

Fortra (formerly HelpSystems) / Cl0p ransomware — CVE-2023-0669

$27M+ in settlements

~130 victim organisations; Fortra $20M MDL + Brightline $7M (final approvals)

Cl0p exploited a zero-day (CVE-2023-0669) in GoAnywhere MFT, a managed file transfer SaaS. Confirmed victims include Hitachi Energy, Procter & Gamble, Rubrik, Rio Tinto, City of Toronto, Saks Fifth Avenue, and the UK Pension Protection Fund. Fortra's $20M MDL settlement received final approval. Virtual mental health provider Brightline (a GoAnywhere victim) separately paid $7M — final court approval February 2025.²¹

→ The same Cl0p group hit both MOVEit and GoAnywhere within months — file transfer SaaS is a high-priority target.

File Transfer SaaS 2021

Accellion FTA

Accellion / Cl0p ransomware — legacy File Transfer Appliance

$13.1M+ in settlements

~100 organisations; 9.2M+ individuals; Accellion $8.1M + Kroger $5M

Cl0p exploited multiple zero-days in Accellion's legacy File Transfer Appliance used by ~300 organisations. ~100 were breached including ASIC (Australian Securities regulator), Bombardier, Royal Dutch Shell, Kroger, and multiple universities. Accellion's $8.1M class action settlement and Kroger's $5M pharmacy records settlement are separately documented. This was the same Cl0p group that later hit GoAnywhere and MOVEit.²²

→ Three major file transfer services — Accellion, GoAnywhere, MOVEit — breached by one group across three years.

Healthcare Records 2014–2020

Anthem

HHS OCR + multistate AGs + federal class action

$179.2M+ combined

$115M class action + $48.2M AG settlements + $16M HHS OCR HIPAA

Anthem's 2014 breach exposed the health records of 78.8 million people. Three separate enforcement actions: $115M federal class action (Judge Koh, N.D. Cal., final approval August 2018); $48.2M multistate AG settlement ($39.5M + $8.7M CA, announced 2020); $16M HHS OCR HIPAA settlement (record at the time, October 2018). Total documented liability: $179.2M+ excluding internal remediation costs.¹⁸

→ Healthcare breaches attract simultaneous enforcement from federal agencies, state AGs, and class plaintiffs.

MOVEit Victim 2023 / settled 2025

National Student Clearinghouse

Federal class action (District of Massachusetts MDL)

$9.95M settlement

1.5 million+ individuals; US federal judge final approval May 2025

One of hundreds of downstream organisations breached via the MOVEit file transfer service. NSC's $9.95M settlement received US federal court final approval on May 13, 2025. The MDL in the District of Massachusetts consolidates 144+ class actions against Progress Software, NSC, and other downstream victims. Progress Software's own 10-K states it “cannot reasonably estimate a range of possible losses” from the consolidated litigation.⁵

→ Downstream liability from a third-party tool breach lands on every organisation that used it, not just the vendor.

Consumer Records 2017

Equifax

FTC / CFPB / 50-state AG settlement

$575M–$700M settlement

147 million people's personal financial records

Equifax's breach exposed the financial records of 147 million Americans. The FTC/CFPB consent order required a guaranteed minimum of $575 million — $425M consumer fund, $175M to 48 states and territories, $100M CFPB civil penalty — with a ceiling of $700M if the consumer fund was exhausted. FTC press release, July 22, 2019.⁷

→ Regulatory multi-agency pile-ons compound costs far beyond initial remediation.

2019

Capital One

OCC civil penalty + federal class action

$270M combined

$80M OCC fine + $190M class action settlement

A misconfigured AWS S3 bucket exposed the files of 106 million customers. The OCC issued an $80M civil money penalty (consent order, August 2020) for failure to establish an effective risk assessment process before migrating data to cloud. The $190M class action settlement received federal court final approval in 2022.⁸

→ Cloud storage misconfiguration is a structural risk when files leave your perimeter.

2020

British Airways

UK ICO — Final Penalty Notice

£20 million

400,000 customers' payment data diverted to fraudulent site

A Magecart-style supply-chain attack in 2018 diverted customers to a fraudulent site, intercepting payment card and booking data. The ICO's Final Penalty Notice (October 16, 2020) imposed £20M under GDPR — the first major ICO enforcement under the regulation. The initial notice of intent was £183M; the final imposed fine was £20M after mitigating factors.⁹

→ Third-party script injection is a supply-chain risk that scales to regulatory penalties under GDPR.

Data Disposal Failure 2020–2022

Morgan Stanley

OCC + SEC + NY AG + federal class action

$155M+ combined

$60M OCC + $35M SEC + $60M class action + $6.5M NY AG

Morgan Stanley hired unqualified vendors to decommission data centre hardware, leaving 15 million customers' PII on devices resold online — encryption was available but never activated. OCC consent order #2020-134 ($60M), SEC enforcement action #2022-168 ($35M, Regulation S-P violations), $60M federal class action settlement (2022), and $6.5M NY AG multistate settlement (2023). Four separate enforcement actions for one category of failure.¹⁰

→ Four regulators, four separate actions — data handling failures accumulate liability across every jurisdiction with oversight.

May 2023

Meta (Facebook)

Irish Data Protection Commission / EDPB Binding Decision 1/2023

€1.2 billion

Largest GDPR fine ever imposed — unlawful EU→US data transfers

The Irish DPC adopted its final decision on May 12, 2023, implementing EDPB Binding Decision 1/2023 (Article 65 dispute resolution). Violation: Article 46(1) GDPR — transferring EU/EEA personal data to the US without adequate safeguards post-Schrems II. Fine: €1,200,000,000. This demonstrates that data transfer violations — not just security breaches — attract maximum GDPR enforcement. Official source: dataprotection.ie; edpb.europa.eu.²⁰

→ Routing EU personal data through a non-EU cloud processor is itself a GDPR violation — independent of whether a breach occurs.

All figures above are documented from public regulatory orders, SEC filings, court records, and official press releases — not industry estimates. MOVEit and Change Healthcare are highlighted because they involve third-party file transfer and document processing services specifically. Individual outcomes vary; these are cited cases, not predictions. See references 5–10 below.

Compliance Framework Coverage

On-premise deployment eliminates the third-party processor relationship that creates compliance complexity across these frameworks. We do not claim certification — we describe what deploying on your own infrastructure enables you to control.

EU

GDPR

General Data Protection Regulation

When files are processed on-premise, there is no third-party data controller or processor to contract under Article 28. Data stays within the EU (or wherever you deploy). No cross-border transfer issues. Your DPO has a clear, auditable data flow with no external dependencies.

US

HIPAA

Health Insurance Portability & Accountability Act

PHI processed on your own HIPAA-compliant infrastructure does not require a Business Associate Agreement with a third-party PDF service. You control the administrative, physical, and technical safeguards entirely. No vendor audit required for this workload.

INTL

ISO 27001

Information Security Management

Annex A controls for data classification, access control, and supplier relationships are simpler when document processing runs on infrastructure you already manage and audit. On-premise eliminates a supplier risk entry for document processing workflows.

EU

NIS2

Network and Information Security Directive 2

For essential and important entities under NIS2, supply chain security is a mandatory risk management measure. Processing sensitive operational documents through an external SaaS increases supply chain exposure. On-premise removes this vector.

UK

UK GDPR / DPA 2018

Data Protection Act 2018

Post-Brexit UK GDPR mirrors EU GDPR obligations around data processors and transfers. On-premise deployment keeps document data within UK jurisdiction, removing any adequacy decision dependency for international transfers.

GOV

Government & Classified

Air-Gapped & High-Security Environments

For classified, OFFICIAL-SENSITIVE, or operationally restricted environments, air-gapped deployment is supported on request. No part of the platform requires internet access for operation once installed.

Public UI vs Enterprise Deployment

The public UI stays free — always. Enterprise is a separate, paid on-premise installation.

Feature	pqpdf.com (Public)	Enterprise (On-Premise)
Cost	✔ Free — always	Paid installation & support contract
Account required	✔ Never	✔ Never (same UI)
File size limit	50 MB per file 10 MB for forensic scanner	Configurable — no hard cap
Rate limiting	Per-session: 10 ops / 5 min	None — full throughput
Data retention	✔ Zero — files deleted during download	✔ Zero — same behaviour
Data location	PQ PDF servers	Your servers — never leaves your network
All 46 tools	✔ Yes	✔ Yes
44-Engine Forensics Scanner	✔ Yes	✔ Yes
Post-Quantum Encryption (31 algorithms)	✔ Yes	✔ Yes
ML anomaly detection	✔ Yes (shared model)	Your own isolated model, trained on your scan data
Support & maintenance	Community / self-serve	Included in contract
Air-gapped deployment	Not applicable	Supported on request
Third-party data processor	PQ PDF (requires consideration)	None — you are the processor

How PQ PDF Compares to Cloud PDF SaaS

A factual comparison against the category of cloud-hosted PDF processing tools. We do not fabricate features or misrepresent competitors — only verifiable differences are listed. See references below.

Capability	Typical Cloud PDF SaaS	PQ PDF On-Premise
Data location	Vendor's cloud — region varies by provider	✔ Your own servers — your jurisdiction
Pricing model	Per-seat subscription ($10–$30/user/month typical)	✔ One-time install + fixed annual support
Post-quantum encryption	Not available in mainstream tools as of 2025⁴	✔ 31 PQC algorithms including NIST ML-KEM-1024 (FIPS 203)³
PDF threat analysis	Basic or not available	✔ 20-engine scanner: YARA, ClamAV, dynamic sandbox, ML anomaly detection
Air-gapped deployment	Not available — requires internet	✔ Supported on request
Processing engine transparency	Proprietary — engines undisclosed	✔ Fully open-source stack, publicly listed
File retention policy	Varies — typically minutes to hours in cloud storage	✔ Zero — deleted during response stream
Account required	Usually required for business tiers	✔ Never — same as the public UI
GDPR third-party processor	Yes — DPA required with vendor	✔ None — you process your own data
CSP / application security hardening	Varies — rarely disclosed	✔ Per-request nonces, no unsafe-inline, full header suite — documented

⚠️ “Typical cloud PDF SaaS” describes the category, not any single vendor. Specific features, pricing, and data handling practices vary between providers and change over time. Verify independently before making procurement decisions.

How It Works

From enquiry to running installation — a straightforward process.

Tell us what you need

Contact us with your infrastructure details, document volumes, and any specific requirements — file sizes, throughput targets, compliance constraints, air-gap requirements.

We scope and quote

We assess your environment and provide a clear quote covering installation, configuration, and the ongoing support and maintenance contract.

Installation on your servers

We deploy the complete PQ PDF platform on your infrastructure — all engines, dependencies, sandboxing, and security hardening configured for your environment.

Ongoing support & updates

Your maintenance contract covers security patches, dependency updates, new tool releases, and direct support from the team that built the platform.

Who It’s For

Any organisation that needs the tools but can’t send documents to a third-party server — or needs more capacity than the public UI provides.

Legal Firms

Large discovery documents, privileged client files, and redaction workflows that cannot leave the firm's network.

Healthcare

HIPAA-sensitive patient records and clinical documents. Process PDFs on your HIPAA-compliant infrastructure without third-party data exposure.

Government & Public Sector

Sovereign data requirements and classification constraints. Air-gapped deployments supported for high-security environments.

Financial Services

Regulated institutions handling contracts, filings, and client documents that must stay within the firm's own systems.

High-Volume Operations

Publishing, print, or document-intensive workflows where public rate limits, the 50 MB general cap, or the 10 MB forensic scanner cap create a bottleneck.

Data Sovereignty & Compliance

Organisations with GDPR, NIS2, ISO 27001, or sector-specific requirements mandating that document data never leaves a defined jurisdiction.

What Stays Free — Always

The public pqpdf.com UI is free — and that never changes.

Enterprise is a separate offering. It is not an upgrade tier of the public service — it is a private on-premise installation of the same platform on your own infrastructure.

pqpdf.com will always be free. No accounts, no signups, no data retention — ever.
We do not offer increased file size limits or rate limit removal on the public UI — for anyone.
If you need to scan PDFs larger than 10 MB, or process files over 50 MB on any tool, the answer is an on-premise deployment — not a paid tier on the public site.
Every tool on pqpdf.com remains available to everyone, always free, with no feature gating.

Licensing Model

Licensed per organisation — not per user, per server, or per core. Deploy as many instances as you need on your own infrastructure.

What’s Included

Unlimited users
Unlimited servers / containers / instances
No usage metering
No cloud dependency
Full on-premise deployment
Priority support
Installation & configuration assistance

What You Pay For

A one-time licence or annual subscription — your choice
Optional ongoing support & maintenance contract

What You Never Pay For

Per-user fees
Per-core fees
Per-server fees
Data storage
File volume
API metering

Why infrastructure-based licensing?

Traditional enterprise SaaS pricing compounds with scale: every new user, server, or core adds cost, and every renewal is a renegotiation. Our model removes that friction entirely. Once licensed, your organisation controls the infrastructure. Scaling up means adding your own hardware, not a purchase order to us. There are no vendor metering calls, no usage dashboards, no per-request fees. Your cost is fixed, predictable, and completely within your control.

💬 Tell Us What You Need

Costs depend on your infrastructure, scale, and support requirements. There’s no standard price list — we scope each deployment individually. Contact us with your requirements and we’ll come back with a clear picture of what’s involved and what it will cost.

Get in Touch →

No commitment. No sales funnel. Just a conversation about what you need.

References

IBM Security & Ponemon Institute. Cost of a Data Breach Report 2024. Global average: $4.88M; Healthcare average: $9.77M. Published July 2024. Available at ibm.com/reports/data-breach.
European Parliament. Regulation (EU) 2016/679 (GDPR), Article 83(5). Maximum fine: €20,000,000 or 4% of total worldwide annual turnover for the preceding financial year, whichever is higher. Official Journal of the European Union, 4 May 2016.
National Institute of Standards and Technology (NIST). Post-Quantum Cryptography Standards. FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA) finalised 13 August 2024. Available at nist.gov/pqcrypto.
Post-quantum encryption is not a feature of mainstream cloud PDF tools (Adobe Acrobat, Smallpdf, iLovePDF, DocHub) as of March 2026. This reflects independent review of publicly available feature documentation for each product. Verify current feature sets directly with each vendor before making procurement decisions.
Emsisoft Malware Lab. Unpacking the MOVEit Breach: Statistics and Analysis. Tracked 2,559+ confirmed victim organisations and 66M+ individuals as of October 2023; later tallies reached ~2,600–2,773 organisations and 93–96 million individuals. Progress Software disclosed in SEC filings (2024) that it “cannot reasonably estimate a range of possible losses” from consolidated class-action litigation. SEC declined enforcement action against Progress Software (2024).
UnitedHealth Group. Full-Year 2024 Earnings Release (January 16, 2025, filed with SEC via BusinessWire). $2.2 billion direct response costs; $3.1 billion total cyberattack impact. HHS Office for Civil Rights: 190 million individuals affected (updated January 2025). Prior quarterly figures: $872M (Q1 2024 10-Q), ~$2.3–2.45B full-year estimate (Q2 guidance), ~$2.9B (Q3 10-Q). No regulatory fine finalised as of March 2026.
Federal Trade Commission. Equifax to Pay $575 Million as Part of Settlement with FTC, CFPB, and States Related to 2017 Data Breach. Press release, July 22, 2019. Consent order entered U.S. District Court for the Northern District of Georgia. $425M consumer fund; $175M to 48 states, D.C., and Puerto Rico; $100M CFPB civil penalty. Maximum ceiling $700M. Available at ftc.gov.
Office of the Comptroller of the Currency. OCC Consent Order #2020-134, August 2020 ($80M civil money penalty). U.S. District Court for the Eastern District of Virginia. Capital One class action final settlement approval, 2022 ($190M). 98 million U.S. consumers; 3 years identity theft protection included.
Information Commissioner's Office (UK). Final Penalty Notice: British Airways plc, October 16, 2020. £20,000,000 imposed under UK GDPR. Initial notice of intent (July 2019) was £183,390,000; final imposed fine was £20M after mitigating factors including cooperation, remediation, and COVID-19 financial hardship reduction. Available at ico.org.uk.
OCC Consent Order #2020-134 / OCC Enforcement Action EA2020-058 (October 8, 2020): $60M civil money penalty. SEC Enforcement Action #2022-168 (September 20, 2022): $35M penalty for Regulation S-P Safeguards Rule and Disposal Rule violations; 15 million customers' PII on unaccounted devices (sec.gov/newsroom/press-releases/2022-168). Federal class action settlement: $60M (2022, resolving suits from 2016 and 2019 incidents — BankInfoSecurity; Top Class Actions). New York AG multistate settlement: $6.5M (2023, ag.ny.gov press release). Total across four actions: $155M+.
Check Point Research. The Weaponization of PDFs: 68% of Cyberattacks Begin in Your Inbox, with 22% Hiding in PDFs. blog.checkpoint.com/research, April 2025. Based on Check Point's own email scanning telemetry. Also cites 87% of organisations use PDFs for business and 400 billion+ PDFs opened globally per year.
HP Wolf Security. Threat Insights Reports: Q1 2024 (May 2024), September 2024, December 2025. threatresearch.ext.hp.com. PDFs accounted for 11% of threats in Q1 2024 and Q3 2025 endpoint telemetry. Q4 2025 report: at least 14% of email threats bypass gateway scanners. September 2025 press release: ultra-realistic AI-generated PDF invoice lures documented in active campaigns.
Kaspersky. Security Bulletin 2024: Statistics. securelist.com/ksb-2024-statistics, December 2024. Press release: “The Cyber Surge: Kaspersky detected 467,000 malicious files daily in 2024.” kaspersky.com/about/press-releases.
CVE-2023-26369: Adobe Security Bulletin APSB23-34; Google Project Zero 0days-in-the-wild (North Korean APT confirmation); CISA KEV added September 2023 (cisa.gov/known-exploited-vulnerabilities-catalog). CVE-2023-21608: NVD nvd.nist.gov/vuln/detail/cve-2023-21608; CISA KEV added October 2023; The Hacker News (October 2023). Both vulnerabilities mandated remediation for US federal agencies under BOD 22-01.
Check Point Research. Foxit PDF Flawed Design Exploitation. research.checkpoint.com, May 2024. Confirmed multiple threat actor groups exploiting Foxit PDF Reader logic flaw to deliver Agent Tesla, Remcos RAT, NanoCore, and ransomware droppers. CIS Multi-State Advisory issued (cisecurity.org, 2024-105). The Hacker News: “Foxit PDF Reader Flaw Exploited by Multiple Threat Actors,” May 2024.
EXPMON (justhaifei1.blogspot.com). Zero-Day Behavior in Adobe Acrobat and Foxit PDF Reader — NTLM Leak. December 2024. Both Adobe and Foxit confirmed the behaviour and issued patches after responsible disclosure. cybersecuritynews.com: “Zero-Day Vulnerability in PDF Files Leaking NTLM Data in Adobe & Foxit Reader,” December 2024. No user interaction required beyond opening the PDF.
Resecurity. PDFSider Malware: Exploitation of DLL Side-Loading for AV and EDR Evasion. resecurity.com/blog, January 2026. BleepingComputer: “New PDFSider Windows Malware Deployed on Fortune 100 Firm's Network,” January 2026. SecurityWeek: “APT-Grade PDFSider Malware Used by Ransomware Groups,” January 2026. HP Wolf Security press release (September 2025): AI-generated PDF invoice lures documented in active campaigns.
Anthem $115M class action: U.S. District Judge Lucy Koh, N.D. Cal., Case No. 15-md-02617, final approval August 15, 2018 (Hunton Andrews Kurth; HIPAA Journal). Anthem AG settlements ($48.2M): NY AG press release (ag.ny.gov, October 2020) — $39.5M multistate (43 states + DC, led by Connecticut AG); California AG press release (oag.ca.gov) — $8.69M. Anthem HHS OCR HIPAA settlement: $16M, October 15, 2018, record HIPAA penalty at the time (hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/anthem). Total across three enforcement actions: $179.2M+. 78.8 million records. 2014 breach.
Verizon. 2025 Data Breach Investigations Report. Third-party involvement in breaches: 30% (doubled year-over-year from 15% in the 2024 DBIR). Ransomware in 44% of confirmed breaches (up from 32%). Phishing in 16% of breaches; human element in 60%. verizon.com/business/resources/reports/dbir/; Executive Summary PDF: verizon.com/business/resources/reports/2025-dbir-executive-summary.pdf. Verizon 2024 DBIR (prior year): supply chain attacks 15% of all breaches, 68% YoY increase. Verizon DBIR 2024: phishing in 14% of credential-related breaches; median click time under 60 seconds.
Irish Data Protection Commission. Final Decision: Meta Platforms Ireland Limited. Adopted May 12, 2023. Fine: €1,200,000,000 — the largest GDPR fine ever imposed as of March 2026. Violation: Article 46(1) GDPR, unlawful transfers of EU/EEA personal data to the US post-Schrems II. Implementing EDPB Binding Decision 1/2023 (adopted April 13, 2023, Article 65 dispute resolution). Official DPC source: dataprotection.ie/en/news-media/press-releases. EDPB source: edpb.europa.eu/news/news/2023/12-billion-euro-fine-facebook-result-edpb-binding-decision_en.
GoAnywhere MFT / Fortra: CVE-2023-0669 exploited by Cl0p beginning January 25, 2023; ~130 victim organisations. Fortra $20M MDL settlement: final approval confirmed (HIPAA Journal; classaction.org). Brightline $7M settlement: final approval February 2025, S.D. Fla. (TechTarget HealthTech Security; brightlinedatasecuritysettlement.com). Named victims include Hitachi Energy, P&G, Rubrik, City of Toronto, Saks Fifth Avenue, Rio Tinto, UK Pension Protection Fund.
Accellion FTA: multiple zero-days exploited by Cl0p; ~100 of ~300 FTA customers breached; 9.2M+ individuals. Accellion $8.1M class action settlement ($4.6M + $3.5M tranches) — SecurityWeek; HIPAA Journal; TechTarget. Kroger $5M settlement (July 2021) for 1,474,284 patient pharmacy records — ComplianceJunction. Confirmed victims: ASIC (Australia), Bombardier, Royal Dutch Shell, Kroger, Flagstar Bank, universities. Flagstar Bank separately received a $3.5M SEC fine (December 2024) for making “materially misleading statements” about this breach in its 2021 Form 10-K (Cybersecurity Dive; SEC enforcement order).