Política de privacidad

Última actualización: 19 de abril de 2026

UtilitySansar está diseñado para mantener privada tu entrada en las herramientas. La mayoría se ejecutan directamente en tu navegador y no almacenamos el texto, los archivos ni los secretos que procesas con ellas.

Solo recopilamos telemetría agregada mínima para entender qué herramientas se usan y desde qué región del país, de modo que podamos mantener y mejorar el sitio.

Garantías de manejo de datos

Las entradas y salidas brutas se procesan en el navegador en herramientas del lado del cliente.
Los eventos de analítica solo incluyen el slug de la herramienta, una marca de tiempo y la región aproximada.
No ingerimos, conservamos ni vendemos tu contenido bruto.
Hay acciones de Limpiar datos en herramientas sensibles para una limpieza local rápida.

Notas de privacidad por herramienta

Estas herramientas tratan entrada sensible totalmente en el cliente:

JWT tools (jwt-encoder, jwt-decoder): header, payload, token strings, and signing secrets are handled client-side.
HMAC generator (hmac-generator): message payloads and secret keys are hashed locally in your browser session.
Hash tools (hash-generator, hash-compare-tool): source text and hash values are computed/compared locally.
Email tools (email-validator, email-extractor): addresses and source text remain in-page unless you copy/export them yourself.
Base64 image conversion (base64-to-image): Base64 payloads are decoded for preview/download without server upload.

Lo que registramos

Slug de la herramienta (ejemplo: json-formatter).
Código de país inferido por la red de borde (ejemplo: US).
Prefijo de idioma activo (ejemplo: ne para /ne/...).
Marca de tiempo del evento de visita.

Lo que no registramos

Sin contenido bruto de entrada/salida de las herramientas.
Sin perfiles de cuenta para los visitantes públicos.
Sin venta de información personal.

Languages & locale (Visitors)

UtilitySansar is available in multiple languages. When you switch language with the locale picker, we set a small cookie (us_locale) that remembers your preferred locale so we can serve the right translation on your next visit. The cookie stores only the locale code (for example "es" or "ja") — nothing else.

The active locale prefix (e.g. /es/, /hi/) is included in analytics events alongside the tool slug.
Locale detection may use the Accept-Language header on the very first visit; this header is not stored.
You can change or remove the locale cookie at any time from your browser settings.
Translations are static — your text input is never sent to a translation service.

Accounts & login providers (Signed-in users)

Signing in is optional. We support sign-in with the following identity providers, and we never store your password — the provider verifies you and tells us who you are.

Google (OpenID Connect)
GitHub
Microsoft (Entra ID / personal accounts)

When you complete sign-in, we read only the following from your provider profile and store it on our account record:

Provider user ID (an opaque identifier from Google / GitHub / Microsoft).
Email address (used as your account identity).
Display name, when present.
Avatar / profile picture URL, when present.

After a successful sign-in we create a short-lived session and set a single HTTP-only, Secure cookie (us_session) that identifies the session on our server. We do not place any third-party cookies, and the session cookie carries no profile data of its own.

We request only the minimum scopes each provider needs to return your email, name, and avatar. We do not post on your behalf, do not read your repositories, mailbox, calendar, or contacts, and we do not request offline-access / refresh tokens.

You can sign out from the account menu at any time, which immediately destroys the session. If you would like your account record removed entirely, contact us through the report page and we will delete the stored profile and any account-scoped data within 30 days.

Third parties

We do not share account data, locale preference, or analytics events with advertisers or data brokers. The only third parties involved in a typical signed-in session are the OAuth provider you chose (Google, GitHub, or Microsoft) and our infrastructure host (Cloudflare). Each is contacted only to the extent needed to authenticate you or serve the page.

Retención

Los eventos de analítica se conservan hasta 12 meses, luego se eliminan o se agregan para informes de tendencias a largo plazo. El acceso a la analítica en bruto está restringido a administradores autorizados.

Contact & terms

Questions about privacy, account deletion requests, or other concerns can be raised from our report page. See also our Terms of Use for the rules that govern use of the site.

Safa privacy summary

Safa is a Chrome extension designed to block ads, trackers, and intrusive overlays while maintaining strong privacy protections.

Key privacy points

Data collection. Safa does not collect, transmit, or store any personal data on external servers during the MVP. The extension stores only locally-managed information like your blocking preferences, site allowlists, and configuration settings — all remaining on your device via chrome.storage.local.
Network activity. The extension itself makes no external requests. Instead, it relies on Chrome's declarative network rules that function within the browser engine itself.
API usage. Safa's API retrieves only public configuration data like profile information and version details. This API does not receive any data from your browser.
Permissions. Five permissions enable core functionality — network rule declaration, local storage, and tab access for the popup feature.
Data retention. Settings persist locally until you uninstall the extension or reset to defaults; nothing remains on UtilitySansar servers.

Users concerned about privacy can report issues via the official report page.