隐私政策

数据处理保证

• 客户端工具的原始输入与输出在浏览器中处理。
• 分析事件仅包含工具标识、时间戳和粗略区域。
• 我们不收集、不持久化、也不出售你的原始工具内容。
• 敏感工具上提供清除数据的快捷操作，便于本地快速清理。

工具相关的隐私说明

以下工具完全在客户端处理敏感输入：

• JWT tools (jwt-encoder, jwt-decoder): header, payload, token strings, and signing secrets are handled client-side.
• HMAC generator (hmac-generator): message payloads and secret keys are hashed locally in your browser session.
• Hash tools (hash-generator, hash-compare-tool): source text and hash values are computed/compared locally.
• Email tools (email-validator, email-extractor): addresses and source text remain in-page unless you copy/export them yourself.
• Base64 image conversion (base64-to-image): Base64 payloads are decoded for preview/download without server upload.

我们记录的内容

• 工具标识（例如：json-formatter）。
• 由边缘网络推断的国家代码（例如：US）。
• 当前语言前缀（例如 /ne/... 对应 ne）。
• 访问事件的时间戳。

我们不记录的内容

• 不收集原始工具输入/输出内容。
• 不为公开访客建立账号档案。
• 不出售个人信息。

Languages & locale (Visitors)

UtilitySansar is available in multiple languages. When you switch language with the locale picker, we set a small cookie (us_locale) that remembers your preferred locale so we can serve the right translation on your next visit. The cookie stores only the locale code (for example "es" or "ja") — nothing else.

• The active locale prefix (e.g. /es/, /hi/) is included in analytics events alongside the tool slug.
• Locale detection may use the Accept-Language header on the very first visit; this header is not stored.
• You can change or remove the locale cookie at any time from your browser settings.
• Translations are static — your text input is never sent to a translation service.

Accounts & login providers (Signed-in users)

Signing in is optional. We support sign-in with the following identity providers, and we never store your password — the provider verifies you and tells us who you are.

• Google (OpenID Connect)
• GitHub
• Microsoft (Entra ID / personal accounts)

When you complete sign-in, we read only the following from your provider profile and store it on our account record:

• Provider user ID (an opaque identifier from Google / GitHub / Microsoft).
• Email address (used as your account identity).
• Display name, when present.
• Avatar / profile picture URL, when present.

After a successful sign-in we create a short-lived session and set a single HTTP-only, Secure cookie (us_session) that identifies the session on our server. We do not place any third-party cookies, and the session cookie carries no profile data of its own.

We request only the minimum scopes each provider needs to return your email, name, and avatar. We do not post on your behalf, do not read your repositories, mailbox, calendar, or contacts, and we do not request offline-access / refresh tokens.

You can sign out from the account menu at any time, which immediately destroys the session. If you would like your account record removed entirely, contact us through the report page and we will delete the stored profile and any account-scoped data within 30 days.

Third parties

We do not share account data, locale preference, or analytics events with advertisers or data brokers. The only third parties involved in a typical signed-in session are the OAuth provider you chose (Google, GitHub, or Microsoft) and our infrastructure host (Cloudflare). Each is contacted only to the extent needed to authenticate you or serve the page.

保留期

分析事件最长保留 12 个月，之后会被删除或聚合用于长期趋势分析。原始分析数据的访问仅限授权管理员。

Contact & terms

Questions about privacy, account deletion requests, or other concerns can be raised from our report page. See also our Terms of Use for the rules that govern use of the site.