Privacy Policy

Last updated: 30 April 2026.

What stays on your device

JustKit's developer tools — JSON formatter, JWT decoder, regex tester, hash generator, base64 encoder, UUID generator, password strength checker, and the rest — run entirely in your browser. Whatever you paste, encode, or generate stays in JavaScript memory and (optionally) in your browser's localStorage so the page reopens with your last values. The content you put into a tool is never sent to a server we operate.

This is the part that matters for developers: a JWT you decode here, a hash you compute, a token you generate — none of it leaves your browser. The cryptographic operations use the browser's native WebCrypto API and CSPRNG; we don't proxy them through anything.

What does leave your browser

• The page itself loads from our CDN (Cloudflare). Standard request metadata: IP, timestamp, user-agent, requested URL.
• Google AdSense serves advertising on most pages. AdSense places cookies and identifiers to serve relevant ads and measure performance. AdSense sees the URL you're on and standard browser metadata; it does not see the contents of any tool field.
• Self-hosted fonts ship with the page from the same domain — no third-party font CDN is involved.

Cookies and similar technologies

JustKit itself sets no cookies. Third-party services may:

• Google AdSense — cookies and identifiers for ad serving, frequency capping, and measurement. Opt out of personalised advertising at adssettings.google.com, or block all advertising with a browser extension like uBlock Origin (the tools continue to work without ads).
• Cloudflare — may set __cf_bm for bot protection. No personal data; expires after the session.

What we don't do

• No accounts. No email collection, no signup, no profile.
• No content fingerprinting. The strings, JWTs, hashes, and other inputs you process here are not logged, hashed, or transmitted by us.
• No selling data. What AdSense sees is governed by Google's own privacy policy.
• No analytics on tool inputs. We don't measure what you decode or generate; only that the page was visited.

Your rights

• Opt out of personalised ads: adssettings.google.com.
• Block all advertising / cookies via browser extension. The tools work without ads.
• Clear local data: clear browser site data for justkit.app.
• Right of access / deletion: we hold no personally identifying account data. For requests against Cloudflare's edge logs, contact [email protected].

Children

JustKit is intended for general audiences. We do not knowingly collect data from children under 13. AdSense is configured to comply with COPPA and GDPR-K frameworks where they apply.

Changes

If we make material changes, the "Last updated" date above will change and the change will be summarised here.

Contact

Questions or concerns: [email protected].