Free Privacy & Security Tools
Tools for the data you least want on someone else's server — which is why these run entirely in your browser. Redact secrets from config files, strip PII from scanned documents, inspect JWTs, and generate compliance policies with nothing uploaded, ever.
.env Deep Sanitizer
Redact secrets from any config file instantly
Paste or drop your .env, .yaml, .json, or .ts file. API keys, tokens, and passwords are instantly redacted. Zero uploads. Zero servers.
OCR Privacy Redactor
Redact PII from scanned documents using local OCR
Upload a scanned document or screenshot. OCR runs locally in your browser (Tesseract.js WebAssembly), auto-detects emails, phone numbers, SSNs, credit cards, and more, then exports a redacted PNG — nothing ever leaves your device.
JWT Debugger
Decode, inspect, and verify JWT tokens client-side
Paste any JWT and instantly see the decoded header and payload, all standard claims, expiry status, and verify an HMAC-SHA256 signature with your secret — entirely in your browser. No tokens ever leave your device.
Privacy Policy Generator
Generate GDPR & CCPA privacy policies in seconds
Fill in your company details, select data types collected and third-party services, and instantly get a GDPR- and CCPA-compliant privacy policy in Markdown. Download or copy. 100% client-side — not legal advice.
Image EXIF Stripper
Drop any JPEG or PNG to strip EXIF metadata — GPS coordinates, camera model, timestamps, and author info. Preview the metadata before and after, then download the clean image. No uploads, ever.
🕵️ Verify, don't trust
Open DevTools → Network while using any of these tools. Zero requests fire while you work — that's the whole point.
🔁 Rotate after exposure
Redacting a leaked .env is step one; the leaked keys are still live. Rotate every credential that was ever committed or shared.
📋 Compliance is ongoing
A privacy policy generated once goes stale as your stack changes. Re-generate whenever you add a data-touching service.
FAQ
Is it safe to paste real secrets into the sanitizer?
The .env sanitizer runs 100% client-side — your file never leaves the browser tab, and you can verify that in the Network panel. The same engine is open source as the @aarunyaapps/env-redact npm package if you'd rather run it in your terminal or CI.
How does the OCR redactor keep documents private?
OCR runs locally via Tesseract.js compiled to WebAssembly. The scanned image, recognized text, and redacted output all stay in browser memory — nothing is transmitted.
Can I verify a JWT signature without exposing my secret?
Yes — HMAC-SHA256 verification happens in your browser via the Web Crypto API. Neither the token nor the secret is sent anywhere.
Is the generated privacy policy legally binding?
It's a solid GDPR/CCPA-aware starting point, not legal advice. Have a qualified attorney review it before publishing.