For the curious — and the security-minded — here's how the reader gets its PDFs.
Open-access first
When you add a source, Folio tries to resolve a PDF in this order: a direct arXiv link, the open-access location from Unpaywall (via the DOI), OpenAlex's open-access URL, and finally a best-effort look at the source's own landing page for a linked PDF. We only fetch copies that are openly available — we don't bypass paywalls.
Downloaded server-side, stored privately
PDFs are fetched on our servers (never cross-origin in your browser), checked to be genuine PDFs and within a size limit, and stored in a private bucket. Nothing is public.
Served through short-lived signed URLs
When you open the reader, Folio mints a short-lived signed URL for your file after confirming you own the source. Links expire, and one user can never reach another's files.
Loaded same-origin
As of v1.2.0, the PDF rendering engine is served from Folio itself rather than a public CDN — so the reader keeps working on restricted networks, and nothing about what you're reading is requested from a third party.