プライバシーポリシー

データ処理に関する約束

• クライアントサイドツールでは生の入力と出力をブラウザ内で処理します。
• 分析イベントにはツールスラッグ、タイムスタンプ、大まかな地域のみを含みます。
• ツールの生コンテンツを取り込み・保持・販売することはありません。
• 機密データを扱う際にローカルで素早く消去できるクリア操作を提供します。

ツール別のプライバシー注意事項

以下のツールは機密入力を完全にクライアントサイドで処理します：

• JWT tools (jwt-encoder, jwt-decoder): header, payload, token strings, and signing secrets are handled client-side.
• HMAC generator (hmac-generator): message payloads and secret keys are hashed locally in your browser session.
• Hash tools (hash-generator, hash-compare-tool): source text and hash values are computed/compared locally.
• Email tools (email-validator, email-extractor): addresses and source text remain in-page unless you copy/export them yourself.
• Base64 image conversion (base64-to-image): Base64 payloads are decoded for preview/download without server upload.

記録する内容

• ツールスラッグ（例：json-formatter）。
• エッジネットワークから推定される国コード（例：US）。
• アクティブなロケール接頭辞（例：/ne/... なら ne）。
• 訪問イベントのタイムスタンプ。

記録しない内容

• ツールの生入力/出力の内容。
• 公開訪問者のアカウントプロフィール。
• 個人情報の販売。

Languages & locale (Visitors)

UtilitySansar is available in multiple languages. When you switch language with the locale picker, we set a small cookie (us_locale) that remembers your preferred locale so we can serve the right translation on your next visit. The cookie stores only the locale code (for example "es" or "ja") — nothing else.

• The active locale prefix (e.g. /es/, /hi/) is included in analytics events alongside the tool slug.
• Locale detection may use the Accept-Language header on the very first visit; this header is not stored.
• You can change or remove the locale cookie at any time from your browser settings.
• Translations are static — your text input is never sent to a translation service.

Accounts & login providers (Signed-in users)

Signing in is optional. We support sign-in with the following identity providers, and we never store your password — the provider verifies you and tells us who you are.

• Google (OpenID Connect)
• GitHub
• Microsoft (Entra ID / personal accounts)

When you complete sign-in, we read only the following from your provider profile and store it on our account record:

• Provider user ID (an opaque identifier from Google / GitHub / Microsoft).
• Email address (used as your account identity).
• Display name, when present.
• Avatar / profile picture URL, when present.

After a successful sign-in we create a short-lived session and set a single HTTP-only, Secure cookie (us_session) that identifies the session on our server. We do not place any third-party cookies, and the session cookie carries no profile data of its own.

We request only the minimum scopes each provider needs to return your email, name, and avatar. We do not post on your behalf, do not read your repositories, mailbox, calendar, or contacts, and we do not request offline-access / refresh tokens.

You can sign out from the account menu at any time, which immediately destroys the session. If you would like your account record removed entirely, contact us through the report page and we will delete the stored profile and any account-scoped data within 30 days.

Third parties

We do not share account data, locale preference, or analytics events with advertisers or data brokers. The only third parties involved in a typical signed-in session are the OAuth provider you chose (Google, GitHub, or Microsoft) and our infrastructure host (Cloudflare). Each is contacted only to the extent needed to authenticate you or serve the page.

保持期間

分析イベントは最長 12 か月保持された後、削除または長期傾向把握用に集計されます。生データへのアクセスは認可された管理者のみに制限されています。

Contact & terms

Questions about privacy, account deletion requests, or other concerns can be raised from our report page. See also our Terms of Use for the rules that govern use of the site.