dev101.io

Privacy

The short answer: nothing you type into a Devtools Box tool is recorded, logged, sold, or shared. Every transform runs 100% in your browser tab.

The one-paragraph version

Devtools Box is a static site. Each tool is a React component that runs in your browser and processes whatever you paste locally. Your inputs — JSON payloads, JWT tokens, regex patterns, text you're diffing, anything — never touch our server, never hit a database, never cross a network boundary we control. There is no account system, no analytics on tool inputs, no third-party script that can see what you type.

What stays in your browser

The following data is processed entirely client-side and is never transmitted anywhere:

  • Tool inputs and outputs. Anything you paste into a text area, upload via a file picker, or generate with a tool lives only in the memory of the current browser tab. Close the tab and it's gone.
  • URL-hash shareable state. Some tools encode their inputs into the URL fragment (the #… portion). By HTTP design, URL fragments are never transmitted to servers — they're handled purely by the browser. That means a share link stays between you and the person you send it to, with no intermediate server logging what you shared.
  • Local preferences. Settings like theme or panel layout may be saved to localStorage. They live in your browser only and are never uploaded.

What we log, and why

To keep the site online we operate a standard web server with a reverse proxy. Its access logs record the minimum needed to diagnose outages and defend against abuse: request paths (e.g. /tools/jwt-decoder), response codes, user-agent strings, and IP addresses. These logs are rotated and purged on a short schedule. They do not contain request bodies, query strings carrying user input, or URL fragments — tool data simply never reaches them.

Analytics

We do not run analytics on the content you enter into any tool. Aggregate page-view metrics may be collected to understand which tools are most useful, but these signals are tied to pages — not to inputs — and are never correlated with personal identity.

Third parties

No third-party service has access to your tool inputs. The site does not embed tracking pixels, customer-support widgets, advertising SDKs, or session-replay tools. Fonts and icons are bundled locally; there are no calls to Google Fonts, Gravatar, or similar remote asset hosts on tool pages.

Cookies

The site does not set cookies for tracking or advertising. If a functional cookie becomes necessary in the future (for example, to remember a theme preference) it will be strictly first-party and documented here.

Children's privacy

Devtools Box is a developer utility site with no account system. We do not knowingly collect any personal information from anyone, including minors.

Changes to this policy

If this policy changes in a material way — for example, if we ever add an optional sign-in feature — the change will be announced on this page with an updated effective date. Routine edits for clarity will not be called out.

Contact

Questions, corrections, or concerns about this policy can be directed to Max Dutkin. Include the URL of the tool or page you're writing about so the response can be specific.

Want the backstory behind this stance? See the about page.