← Back to app

Integrity Verification

HeyMark is an open-source, privacy-first PDF to Markdown converter. All PDF parsing, OCR, and conversion happen locally in your browser. No file content is ever transmitted to any server.

How to verify using DevTools

• Open HeyMark in your browser, then open DevTools (F12 or Cmd+Option+I).
• Go to the Network tab. Make sure "All" is selected.
• Upload a PDF and perform a conversion.
• Verify that all requests go only to heymark.pages.dev (or your custom domain). There should be zero requests to any third-party origin.

How to verify the app hash

• On the main app page, click VERIFY in the footer.
• The app computes a SHA-256 hash of the loaded HTML and all scripts/styles.
• It fetches /release-hash.json — a static file deployed alongside each release — and compares the hashes.
• If they match, the code running in your browser is identical to the published release.

How to verify manually

• Clone the repository: git clone https://github.com/oliverstills/heymark
• Check out the release tag matching the version shown in the footer.
• Build the project (instructions in BUILD.md) and compare the SHA-256 of the output files to those in the GitHub release notes.

Source code

The full source is published on GitHub under the MIT license. Builds are intended to be reproducible — the binary you run should match what's in the repository.

github.com/oliverstills/heymark ↗

What this page does NOT protect against

• A compromised host OS or browser extension that intercepts data before it reaches this app.
• Physical access to your machine.
• The CDN or hosting provider serving different code than what's in the repository (mitigated by the hash check above).