Skip to main content
Back to Websites
View Live Website 2025 SaaS

PDFStore.co.uk

A privacy-first, invite-only secure file transfer platform built for users who refuse to compromise on data privacy. No ads, no tracking, no nonsense.

PDFStore.co.uk landing page

SaaS

Project Type

Laravel

Framework

20GB

Max Transfer

Invite Only

Access Model

Overview

The Problem

Most file transfer services are riddled with ads, plaster tracking cookies across your browser, and store your data on servers with questionable privacy policies. Users who care about privacy are forced to choose between convenience and control.

PDFStore was built to solve this. A clean, private, UK-based file transfer service where your data is your data. No ads. No tracking. No third-party analytics watching what you send.

The Solution

I designed and built PDFStore from scratch as a full SaaS product: secure file transfers with automatic expiry, optional password protection, download tracking, tiered subscriptions, and an invite-only access model that keeps the community trusted and spam-free.

Every decision, from the infrastructure to the email provider, was made with privacy at the centre. Files are stored in the EU. Emails are sent through a privacy-focused provider. There is no Google Analytics, no Facebook pixel, no third-party tracking of any kind.

Features

What I Built

Secure File Transfers

Upload and send files up to 20GB with optional password protection, automatic expiry, and download tracking. Recipients get a clean, branded download page.

Invite-Only Access

Registration requires an invite code. Users earn invites to share with trusted contacts, creating a community built on trust rather than mass sign-ups.

Subscription Billing

Free and Pro tiers with monthly or annual billing. Webhook-driven plan upgrades, self-service billing portal, and automatic downgrades on cancellation.

Digital Brochures

Upload PDFs and publish them as interactive page-flip brochures with public URLs. Client-side rendering means no server load for viewers.

Partner Programme

Organisations register their domain so employees signing up with a matching email automatically receive Pro access. Custom branding and welcome messages per partner.

UK Compliance

Privacy and security built in from day one. Abuse reporting, content moderation, and transparent data retention policies.

Two-Factor Auth

Optional two-factor authentication with authenticator app support and encrypted recovery codes for account security.

Anti-Abuse Measures

Multiple layers of bot prevention, dangerous file type blocking, duplicate account detection, and rate limiting to keep the platform safe and spam-free.

Admin Dashboard

Full admin panel with user management, transfer moderation, secure file previews, invite tree visualisation, abuse reports, and email audit logs.

Screenshots

The Product in Action

PDFStore features and pricing overview

Features overview with how-it-works steps and pricing tiers.

PDFStore invite request form

Invite request form for new users wanting to join the platform.

PDFStore help centre

Help centre with articles covering security, file management, account settings, and brochures.

Tech Stack

How It Was Built

Backend

Framework Laravel
Language PHP
Database MySQL
Payments PCI-compliant processor
Email Privacy-focused provider
Auth Email verification + 2FA

Frontend & Infrastructure

JavaScript Alpine.js
CSS Tailwind CSS
Build Tool Vite
File Storage S3-compatible, EU region
Hosting UK-based VPS
PDF Viewer Client-side rendering

Architecture

Key Technical Decisions

1

EU-based object storage

Files are stored in an EU-region object store with zero egress fees, which matters when users download large transfers repeatedly. This keeps costs predictable and data within EU jurisdiction for GDPR compliance.

2

Invite-only registration

Rather than fighting spam with CAPTCHAs and blacklists, the invite system solves abuse at the front door. Every user can be traced back through the invite tree. If someone abuses the platform, the entire chain is visible. This also creates a natural viral growth loop as users share invites with trusted contacts.

3

Simplicity over complexity

The architecture deliberately minimises moving parts. Fewer dependencies means fewer things to monitor, back up, and secure. At this scale, simplicity is a feature, not a limitation.

4

Privacy-aligned email delivery

The email provider was chosen specifically for its privacy stance. Every outbound email is logged internally for compliance and auditability. Using a provider that aligns with the product's values keeps the message consistent from code to marketing.

Business Model

How It Makes Money

Free

£0
  • 2GB max per transfer
  • 5GB active storage
  • 7-day auto-expiry
  • 15 transfers per month
  • 3 invites to share
Pro

Pro

£10 /mo
  • 20GB max per transfer
  • 50GB active storage
  • 30-day auto-expiry
  • 100 transfers per month
  • 10 invites to share
  • 5 digital brochures

Outcomes

What Was Delivered

Production SaaS

A fully functional, live SaaS product with user registration, file management, subscription billing, and an admin panel. Not a prototype, not an MVP. A real product serving real users.

Privacy by Design

Privacy was not bolted on after launch. Every architectural choice, from the storage provider to the email service, was made with user privacy as the primary constraint.

Compliance Ready

Built-in content moderation, abuse reporting, and sensible data retention policies, all baked in from launch.

Growth Engine

The invite-only model, partner programme, and invite request funnel create multiple acquisition channels. The product grows through trust, not ad spend.

Beyond the Code

A website is only as good as the details people never see.

Building the product is half the job. The other half is making sure it loads fast, ranks well, looks right when shared, and works for everyone. After 25 years of building for the web, these are the things I treat as non-negotiable on every project.

Search Engine Optimisation

Every page has a unique title, meta description, and canonical URL. The sitemap is generated automatically. Heading hierarchy is semantic, not decorative. Internal linking is deliberate. These are the basics that most developers skip, and they are the reason most websites never rank.

Performance

Fast pages convert. Slow pages bounce. Assets are minified and bundled, images are lazy-loaded, fonts use display swap to avoid invisible text, and critical CSS loads first. Every millisecond of load time matters, especially on mobile where most of your visitors are.

Structured Data

JSON-LD schema markup tells Google exactly what each page is: an organisation, a FAQ, a help article, a breadcrumb trail. This is how you get rich results in search, not by guessing. I add structured data to every project because it gives your content an edge in the results page.

Social Sharing

When someone shares your link on LinkedIn, X, or WhatsApp, it should look professional. Every page has Open Graph and Twitter Card meta tags with a custom title, description, and image. First impressions happen before anyone clicks through.

Accessibility

Semantic HTML, proper ARIA labels, keyboard navigation, sufficient colour contrast, and skip-to-content links. A website that excludes people is a website that loses customers. Accessibility is not an afterthought, it is part of the build from day one.

Mobile First

Every layout is designed for mobile first and scaled up for larger screens. Not the other way round. Forms, navigation, file uploads, and brochure viewers all work properly on a phone because that is where most people will use them.

Why Work With Me

25+ years of building for the web. Every one of them matters.

I have been building websites and web applications since 1999. That is not a number I put on the page for show. It means I have built through every era of the web: table layouts, Flash, jQuery, responsive design, single-page apps, and now modern full-stack frameworks. I have seen what works, what breaks, and what lasts.

When I build a project like PDFStore, I am not just writing code that works today. I am making decisions informed by decades of watching technologies come and go. I know which corners you can cut and which ones will cost you later. I know that a fast page matters more than a clever animation. I know that SEO is not a phase you bolt on at the end, it is baked into the structure from the first commit.

Every project I deliver comes with the things most developers either forget or do not know how to do: proper meta tags, structured data, Open Graph images, performance optimisation, accessibility, and a codebase that another developer can actually understand. These are not extras. They are the baseline.

What my clients get

  • A website that ranks, not just one that looks good
  • SEO, structured data, and social sharing tags on every page
  • Fast load times that keep visitors and satisfy search engines
  • Mobile-first design that works on every device
  • Accessible to all users, not just the ones with the newest phone
  • Clean, maintainable code that will not fall apart in six months
  • One developer who owns the entire stack, from design to deployment

Want something like this built for you?

I build bespoke web applications from scratch. Let's talk about your project.

Get in touch