GhostX — free browser tools that disappear after they help you
Getting ghosted has never felt this good.
Compress, resize, convert, sign, and send your files — free, with no signup and no watermark.
Drop any file — we'll show you what you can do
PDF · image · audio · video · spreadsheet — click to browse, nothing uploaded
Everything you can do
Your file never leaves your device — everything runs locally.
Why is GhostX free?
The "free" tier of every other PDF / signing / secret-sharing tool is a funnel. The watermark is a tax. The trial period is a hostage situation. We thought the basic things people do with files every day should just work.
Your browser does the work
Compute happens locally. We don't need warehouses of servers, so our costs are tiny. We don't need your subscription to break even.
Tips, not subscriptions
If a tool saves you time, throw a few bucks in the jar. If it doesn't, no charge. No 'cancel anytime' chase, no surprise renewals.
Open & auditable
Open DevTools and watch the Network tab — your files are never uploaded. The single-signer flows have no upload endpoint. The code is what it claims to be.
How we stay secure
Security isn't a marketing layer here — it's the architecture. The whole point of running in your browser is that we genuinely cannot see your files even if we wanted to.
-
End-to-end encryption where it matters
GhostSend and multi-signer GhostSign use AES-GCM 256 with the key living only in the URL fragment. We hold ciphertext, never the key.
-
No upload endpoint for solo flows
GhostPDF, GhostQR, and single-signer GhostSign literally don't POST your files to any server. Verify it yourself in DevTools.
-
No account, no email, no log of you
We don't collect names, emails, IPs, fingerprints, or any of the usual identity exhaust. Nothing to leak, nothing to subpoena.
-
Hardened browser security policy
Strict CSP, HSTS preload, frame-ancestors lockdown, no third-party scripts beyond what is required for analytics. Standards-compliant headers across every page.
-
Auto-deletion on every server-backed flow
The few products that do touch our backend (GhostSend, multi-signer GhostSign) reap their data on a TTL the moment it is served — not later.
-
Cryptographic verification
Every signed document carries a SHA-256 audit hash you can re-verify any time on the verify page. Tamper a single byte and the hash won't match.