How we handle your data
Security & privacy
Every tool on AnytimeConvert runs inside your browser tab. Your input doesn't reach our servers — not because we promise to delete it quickly, but because we never receive it in the first place.
The four things to know
Client-side by default
Every converter, encoder, and calculator runs as JavaScript in your browser tab. The transformation happens on your device, with your CPU. We can't see the input because it never leaves the page.
No uploads
Image tools, PDF tools, CSV tools — all of them read your file with the browser's File API and process it in-memory. No multipart upload to a server, no temporary file on disk, no S3 bucket.
No content logging
Web server logs contain the URL and the status code. They don't contain what you typed into an input field, because that never makes a network request. The only request the server sees is 'GET /hash-generator'.
Two unavoidable exceptions
Live currency rates fetch from frankfurter.app and coingecko.com (we proxy and cache, but the numbers come from there). And the contact form / newsletter send the fields you fill in — by definition, you typed those to reach us.
Verify it yourself in 60 seconds
Don't take our word for it. The browser gives you the tools to check every outbound byte.
- 1
Open DevTools Network tab, use any tool, watch the requests
You'll see the page load, some static assets, and then silence while you paste and click. No payload requests fire during conversion.
- 2
Try it offline
Disconnect your laptop from Wi-Fi and keep converting. Tools that don't need live data (encoders, formatters, hashers, date math) keep working because they don't need a network at all.
- 3
Block our domain and see what stops
Nothing does — unless you were relying on live currency rates. That's the shape of the privacy story: rates are the one thing that can't be done locally.
What we do collect
To be fully honest — there are things we do receive, because any website does:
- HTTP request logs — URL, status code, user-agent, IP (truncated). Kept ~30 days for operational debugging and DDoS protection.
- Anonymous performance metrics via Vercel Speed Insights — page load times, layout shifts. No user identifiers.
- Contact form + newsletter inputs — only when you explicitly submit them. These go to Web3Forms and Buttondown respectively.
- Favorites and recent tools — stored in localStorage on your device only. Never transmitted.
Frequently asked
Is it safe to paste my JWT / API key / password hash here?+
Yes. JWT decoder, hash generator, HMAC generator, and every other encoding/crypto tool runs entirely in the browser. Nothing you paste is transmitted. You can verify this yourself by opening DevTools → Network before clicking anywhere.
What about the image and PDF tools — aren't those uploaded?+
No. Browsers expose a File API that lets JavaScript read a file you select (or drag in) without sending it anywhere. We do the conversion in-memory using the same APIs and download it back to you. The file never goes anywhere.
Do you log IP addresses, cookies, or browsing behaviour?+
The web server logs HTTP requests (URL, status, user-agent) for ~30 days for operational debugging and DDoS protection. That's standard and covers page loads, not content. We don't set advertising cookies. We do use a lightweight first-party analytics signal (Vercel Speed Insights) to measure performance.
Why should I believe any of this?+
Because you can verify it in two minutes. Open any tool, open browser DevTools → Network, and watch: no outbound requests when you use the converter. The source code is minified but the network inspector tells the whole truth — it shows every byte the page sends, and during a conversion, it sends nothing.
What about currency rates?+
Currency is the one case we can't do locally — rates change hourly. Our /api/public/rates endpoint proxies frankfurter.app (free, no account) and CoinGecko. Your input amount stays in the browser; the rate table is public data.
What happens when I use the contact form or subscribe to the newsletter?+
Those fields are meant to reach us, so they are transmitted — the contact form posts to Web3Forms which emails us, and the newsletter posts to Buttondown. By definition that's the point. Neither stores anything the site itself doesn't need.
Questions we didn't answer? We'd rather hear about a specific concern than have you leave unsure.
Ask usSee also our privacy policy and terms.