Privacy policy

Data-handling guarantees

• Raw inputs and outputs are processed in-browser for client-side tools.
• Analytics events include tool slug, timestamp, and coarse region only.
• We do not ingest, persist, or sell your raw tool content.
• Clear-data actions are available on sensitive tools for fast local cleanup.
• Signing in is always optional — every tool works without an account.

Tool-specific privacy notes

These tools handle sensitive input entirely client-side:

• JWT tools (jwt-encoder, jwt-decoder): header, payload, token strings, and signing secrets are handled client-side.
• HMAC generator (hmac-generator): message payloads and secret keys are hashed locally in your browser session.
• Hash tools (hash-generator, hash-compare-tool): source text and hash values are computed/compared locally.
• Email tools (email-validator, email-extractor): addresses and source text remain in-page unless you copy/export them yourself.
• Base64 image conversion (base64-to-image): Base64 payloads are decoded for preview/download without server upload.

What we track (Visitors)

• Tool slug (example: json-formatter).
• Country code inferred by edge network (example: US).
• Active locale prefix (example: ne for /ne/...).
• Timestamp of the visit event.

What we do not track

• No raw tool input/output content.
• No account profiles for anonymous visitors.
• No sale of personal information.
• No advertising identifiers, no cross-site tracking pixels.

Languages & locale (Visitors)

UtilitySansar is available in multiple languages. When you switch language with the locale picker, we set a small cookie (us_locale) that remembers your preferred locale so we can serve the right translation on your next visit. The cookie stores only the locale code (for example "es" or "ja") — nothing else.

• The active locale prefix (e.g. /es/, /hi/) is included in analytics events alongside the tool slug.
• Locale detection may use the Accept-Language header on the very first visit; this header is not stored.
• You can change or remove the locale cookie at any time from your browser settings.
• Translations are static — your text input is never sent to a translation service.

Accounts & login providers (Signed-in users)

Signing in is optional. We support sign-in with the following identity providers, and we never store your password — the provider verifies you and tells us who you are.

• Google (OpenID Connect)
• GitHub
• Microsoft (Entra ID / personal accounts)

When you complete sign-in, we read only the following from your provider profile and store it on our account record:

• Provider user ID (an opaque identifier from Google / GitHub / Microsoft).
• Email address (used as your account identity).
• Display name, when present.
• Avatar / profile picture URL, when present.

After a successful sign-in we create a short-lived session and set a single HTTP-only, Secure cookie (us_session) that identifies the session on our server. We do not place any third-party cookies, and the session cookie carries no profile data of its own.

We request only the minimum scopes each provider needs to return your email, name, and avatar. We do not post on your behalf, do not read your repositories, mailbox, calendar, or contacts, and we do not request offline-access / refresh tokens.

You can sign out from the account menu at any time, which immediately destroys the session. If you would like your account record removed entirely, contact us through the report page and we will delete the stored profile and any account-scoped data within 30 days.

Third parties

We do not share account data, locale preference, or analytics events with advertisers or data brokers. The only third parties involved in a typical signed-in session are the OAuth provider you chose (Google, GitHub, or Microsoft) and our infrastructure host (Cloudflare). Each is contacted only to the extent needed to authenticate you or serve the page.

Retention

Analytics events are retained for up to 12 months, then deleted or aggregated for long-term trend reporting. Account records (email, name, avatar, provider user ID) are retained while your account is active and removed within 30 days of a deletion request. Access to raw analytics and account data is restricted to authorized administrators.

Contact & terms

Questions about privacy, account deletion requests, or other concerns can be raised from our report page. See also our Terms of Use for the rules that govern use of the site.