I’m working on a web app where users can upload documents and view them online. Right now we convert everything to PDF format and show it in an iframe, but this process is really slow. Users have to wait several minutes just to see their files and they’re getting frustrated.
We’re thinking about switching to Google Drive’s document viewer instead since it would be much faster. But I’m worried about privacy issues. If we use Google’s viewer service, could our private documents somehow become public? Is there any risk that these files might show up in Google search results?
Has anyone used this service before? What are the main security risks I should know about when displaying confidential documents through Google’s viewer?
Been there. Built a document system last year and ran into the same thing. Google Drive viewer processes files on their servers, so your docs go through their infrastructure. Google says they don’t index or store viewer API files, but you’re still sending sensitive data to a third party. Compliance is the real killer - healthcare, finance, any regulated industry and you’re probably breaking data protection rules. We went hybrid instead. Used LibreOffice headless mode for server-side conversion and got processing down from minutes to 15-20 seconds. Not instant like Google, but good enough and everything stays in-house. Think hard about your threat model first.
Honestly, i wouldn’t trust google with sensitive stuff. their privacy policy’s pretty vague about what happens to docs going through their viewer. maybe try client-side pdf rendering libraries instead? pdf.js might work better than server conversion and keeps everything local.
We tried Google Drive viewer for internal docs about 18 months ago and had to roll it back fast. Performance was great, but legal shut it down during a security audit. The real problem isn’t privacy policies - it’s data residency and control. Once your files hit Google’s servers, you lose chain of custody that auditors need. We went with a two-tier setup: public docs use Google viewer, confidential stuff gets processed locally with Ghostscript and custom rendering. Slower but keeps legal happy. Also, nobody talks about how Google viewer can be slower if your users are in areas with bad connectivity to Google’s CDN.