DragKit is designed so file processing happens on the client side. That reduces exposure compared with upload-first tools, but it does not remove every browser-side risk.
Local processing by default
Document, image, and media workflows are intended to run in the browser. Files are not meant to be sent to a DragKit backend for core conversion or editing flows.
What still exists around the tool
The site still uses analytics and ads infrastructure. That means page visits, standard browser metadata, and ad delivery signals can exist even when file content stays local.
Practical security guidance
For highly sensitive material, keep your browser updated, use a trusted device, close unused extensions, and verify whether the specific workflow is client-side before processing regulated data.