Privacy
Every tool on this site is built around one principle: your files never leave your browser. Below: how the data flow works, the single exception, and what platform-level logging looks like.
How tools handle your data
Every tool on this site (color converter, PDF merge/compress, HEIC converter, image base64…) runs entirely inside your browser in JavaScript / WebAssembly. Flow: 1. You drop or paste data in. 2. The browser reads it into JavaScript memory. 3. Local CPU / WASM processes it. 4. The result is handed back as a download. At no point is anything uploaded — we cannot see what you process. When you close the tab or refresh, the browser releases everything.
The one exception: the tw-test-data password gate
/tools/tw-test-data (Taiwan test data generator) has a password gate to prevent abuse. The auth API endpoint does log:
- The password you tried (sent only to a Telegram notification, never written to a database)
- Your IP and User Agent
- Failure count (computed from HMAC-signed cookies)
However: once you're past the gate, the data generation itself (IDs, credit cards, etc.) still runs entirely in your browser — the generated content never touches our server.
Platform-level logs (Vercel)
The site is deployed on Vercel, which automatically logs HTTP request metadata (IP, URL, status code, response time). This is standard CDN / serverless behaviour and cannot be opted out of. Vercel does not log request bodies / upload contents — because there *are* no uploads. We also enable Vercel Analytics + Speed Insights: - Page views and Web Vitals only - No personally-identifying data (GDPR-friendly) - No identifying cookies
Third parties / cookies
We use the following analytics, none of which feed into ad retargeting:
- Vercel Analytics + Speed Insights: aggregate page views and Web Vitals; no cookies used to identify individuals (GDPR-friendly).
- Google Analytics 4 (GA4): page views, browser / device / country / traffic source; uses cookies to keep session state.
GA4 sets the following cookies in your browser:
- _ga (2 years, anonymous visitor ID)
- _ga_W6WN0CFEPB (2 years, session state)
We have none of the following:
- No Facebook / X / TikTok pixels
- No Google Ads / AdSense
- No third-party (cross-site) tracking cookies
- No client-side error reporting (Sentry, etc.)
- No affiliate / referral tracking
Want to opt out of GA? Install the [Google Analytics opt-out add-on](https://tools.google.com/dlpage/gaoptout), any content-blocker (uBlock Origin), or a browser with built-in tracking protection (Brave, Firefox strict mode). The site stays fully functional — every tool keeps working.
The cookies the site itself sets:
- theme: dark / light preference (stored locally, never sent anywhere meaningful)
- twdata_*: HMAC signatures for the tw-test-data password gate (only used by that tool)
Contact / reporting
If something here is unclear, or if you find a tool that violates these claims, please open an issue at [MarkwwLiu/dev](https://github.com/MarkwwLiu/dev). The full source is public and auditable — you can verify there's no upload code.