Privacy Policy
Last updated: June 2026
1. Overview and Scope
This Privacy Policy governs how DevToolsHub ("we", "our", "the site"), operated by Pankaj Kumar, collects, uses, and discloses information when you visit www.devtoolshub.info. It applies to all visitors regardless of location, including residents of the European Economic Area (EEA), the United Kingdom, and the State of California.
We are committed to full transparency. This policy is structured so you can jump directly to the section relevant to your jurisdiction or concern using the Quick Summary sidebar on this page.
2. Data Controller
The data controller for DevToolsHub is:
- Name: Pankaj Kumar
- Entity type: Individual operator / sole proprietorship
- Location: Bangalore, Karnataka, India
- Contact: [email protected]
For EEA and UK residents: we do not have a formal EU/UK representative under Article 27 GDPR at this time as the site does not systematically target EEA/UK data subjects and processes only anonymous usage data. Any privacy enquiries may be directed to the email above and will receive a response within 30 days.
3. What DevToolsHub Does Not Collect
DevToolsHub itself does not collect accounts, credentials, or tool inputs. Specifically:
- No user registration or account creation is required or offered.
- No text you paste into any tool is logged, stored, or retained in any database by us.
- No personal identifiers (name, email, IP address, device fingerprint) are stored by DevToolsHub's own infrastructure.
- No profiling or automated decision-making using your data is performed by DevToolsHub.
- Third-party services we embed (analytics, advertising, session recording) may collect data independently — each is disclosed fully below with opt-out mechanisms.
4. How Tool Processing Works
Tools on this site fall into two categories:
- Fully client-side tools — these execute entirely within your browser using JavaScript and browser-native APIs. Your input never leaves your device. Examples: Colour Picker, Image to Base64, Text Case Converter, Word Counter, CSS Gradient Generator, QR Code Generator, Markdown Preview, Lorem Ipsum Generator, CSS/HTML Minifier.
- API-assisted tools — these send your input over HTTPS to the DevToolsHub API (hosted on Microsoft Azure) to perform the operation server-side, then return the result. Examples: Hash Generator, SQL Formatter, Timestamp Converter, JWT Generator. The API does not log request payloads. Minimal operational logs (HTTP method, status code, response time) are retained for up to 24 hours for infrastructure monitoring and then automatically deleted. No user identifiers are linked to these logs.
Special case — JWT Decoder, Base64 Encoder/Decoder, and String Escape: these tools decode or transform your input entirely within the Blazor Server circuit. The input is processed in-memory on the server during your active session and discarded when the session ends. It is never written to disk or a database.
5. Cryptographic Keys, Tokens, and Sensitive Strings
Several tools are designed to handle security-sensitive input: JWT tokens, cryptographic hashes, Base64-encoded credentials, password strings, and API key values. The following guarantees apply:
- Client-side only (no API call): JWT Decoder, Base64 Encoder/Decoder, URL Encoder/Decoder, HTML Entity Encoder, Password Generator, String Escape, Number Base Converter, and all text manipulation tools execute entirely in-browser. Zero bytes of your input are transmitted to any server.
- API-assisted but input-not-logged: Hash Generator sends your text to the API to compute the hash. The raw input text is not written to any log — only the operation type and a success/failure status are recorded for monitoring.
- No analytics payloads: Google Analytics 4 event data includes page URLs, click positions, and session metadata only. Tool input values, JWT payloads, hash pre-images, and password strings are never passed to GA4 event parameters or to Microsoft Clarity's session recording.
- Practical recommendation: Avoid pasting live production tokens, private keys, or credentials from real systems into any online tool — including this one. Use development or test credentials where possible.
6. Cookies and Local Storage
The table below lists every cookie and local storage entry set by DevToolsHub and our third-party partners.
6a. First-Party (DevToolsHub)
| Name / Key | Type | Purpose | Duration | How to remove |
|---|---|---|---|---|
dth_theme |
Cookie + localStorage | Saves your chosen accent colour and dark/light mode preference so the server can apply it before the first render (prevents flash of unstyled content) | 1 year | Clear site cookies / localStorage in your browser settings |
dth_recent |
localStorage | Stores slugs of the last 5 tools you visited to populate the "Recently used" section in the sidebar nav | Persistent (localStorage) | Clear site localStorage in your browser settings |
dth_nav_* |
localStorage | Stores which sidebar navigation groups (Formatting, Security, etc.) are expanded or collapsed | Persistent (localStorage) | Clear site localStorage in your browser settings |
dth_activity |
localStorage | Stores a log of the last 10 tool interactions for the activity panel (slug + action + timestamp) | Persistent (localStorage) | Clear site localStorage in your browser settings |
.AspNetCore.Antiforgery.* |
Session cookie | ASP.NET Core anti-forgery token used to protect form submissions from cross-site request forgery (CSRF) | Session (deleted on browser close) | Closes when browser session ends |
6b. Google Analytics 4
| Cookie Name | Purpose | Duration | Opt-out |
|---|---|---|---|
_ga |
Distinguishes unique users (random client ID) | 2 years | GA Opt-out Add-on or browser tracking protection |
_ga_* |
Persists session state for a GA4 property | 2 years | |
_gid |
Distinguishes users (24-hour session) | 24 hours |
6c. Microsoft Clarity
| Cookie Name | Purpose | Duration | Opt-out |
|---|---|---|---|
_clck |
Persists the Clarity User ID and session preferences | 1 year | Enable "Do Not Track" in your browser or use a privacy extension |
_clsk |
Connects multiple page views in a single session | 1 day |
6d. Google AdSense / DoubleClick
| Cookie Name | Purpose | Duration | Opt-out |
|---|---|---|---|
IDE |
Used by Google DoubleClick to record and report the user's actions after viewing or clicking an ad | 13 months | Google Ads Settings · AboutAds.info |
test_cookie |
Checks whether the user's browser supports cookies (set by DoubleClick) | 15 minutes |
7. Analytics — Google Analytics 4
What it collects: Page URLs visited, session duration, events (button clicks, tool usage), browser type, operating system, approximate geographic region (country/city — not precise location), and referring URL. Input values you type into tools are never included in any GA4 event.
Why we use it: To understand which tools are most useful, where users experience friction, and to make informed decisions about which new tools to build.
Lawful basis (GDPR): Legitimate Interest (Article 6(1)(f)) — we have a legitimate interest in understanding how the site is used in order to improve it. GA4 data is anonymised and aggregated; no personal decisions are made based on it. You can object at any time using the opt-out link above.
Data processor: Google LLC — governed by the Google Privacy Policy. Data may be transferred to Google servers in the United States under Standard Contractual Clauses.
8. Session Recording — Microsoft Clarity
What it collects: Mouse movements, click positions, scroll depth, and page interactions in anonymised heatmap and session replay form. Clarity is configured to mask all text input fields — it does not capture keystrokes, passwords, or tool input content.
Why we use it: To identify usability problems — for example, discovering that users are clicking a non-interactive element or abandoning a tool after a particular step.
Lawful basis (GDPR): Legitimate Interest (Article 6(1)(f)) — identifying usability issues to improve the service. You can opt out via your browser's Do Not Track signal or a privacy extension.
Data processor: Microsoft Corporation — governed by the Microsoft Privacy Statement.
9. Advertising — Google AdSense
What it does: Google AdSense serves display advertisements on this site. By default, Google serves personalised advertisements using cookies and browsing history (interest-based advertising). If you opt out, Google will serve non-personalised advertisements instead — ads are still shown but not based on your personal interests or browsing history.
Lawful basis (GDPR): Consent — personalised advertising requires your consent under GDPR. Google manages consent through the IAB Transparency and Consent Framework (TCF). If you are in the EEA/UK, Google's consent banner may appear on your first visit. You can change your consent at any time at Google Ads Settings.
Data processor: Google LLC, publisher ID ca-pub-1618916037375814.
Governed by the Google Privacy Policy.
To opt out of personalised advertising globally, visit
aboutads.info or
optout.networkadvertising.org.
10. Data Retention Schedule
| Data type | Retained by | Retention period |
|---|---|---|
| API request operational logs (method, status, latency — no payloads) | DevToolsHub / Azure | 24 hours, then auto-deleted |
| Browser session (Blazor Server SignalR circuit) | DevToolsHub / Azure | Active session only — discarded on disconnect |
Theme preference cookie (dth_theme) |
User's browser | 1 year (user-controlled) |
localStorage entries (dth_recent, dth_nav_*, dth_activity) |
User's browser | Until user clears browser data |
| GA4 analytics data | Google LLC | 14 months (GA4 default — configured in Google Analytics) |
| Clarity session recordings | Microsoft Corporation | 90 days (Clarity default) |
| Support emails you send to [email protected] | Email provider | Until manually deleted; not shared with third parties |
11. GDPR Rights for EEA and UK Residents
If you are a resident of the European Economic Area or the United Kingdom, the General Data Protection Regulation (GDPR) grants you the following rights. To exercise any of these rights, email [email protected]. We will respond within 30 days.
| Right | Article | What it means for DevToolsHub |
|---|---|---|
| Right of Access | Art. 15 | You may request a copy of any personal data we hold about you. Because we store no personal data directly, we will confirm this in writing and identify which third-party processors may hold data. |
| Right to Erasure ("Right to be Forgotten") | Art. 17 | We hold no personal data to erase. We will provide written confirmation. For third-party data (GA4, Clarity, AdSense), we will direct you to their individual deletion mechanisms. |
| Right to Data Portability | Art. 20 | Not applicable — we hold no personal data processed by automated means based on consent or contract. |
| Right to Object to Processing | Art. 21 | You may object to processing based on legitimate interest (GA4 analytics, Clarity). Use the opt-out mechanisms in Sections 7 and 8 above, or email us to document your objection. |
| Right to Restrict Processing | Art. 18 | You may request we restrict processing while a dispute is resolved. Email us with details. |
| Right to Lodge a Complaint | Art. 77 | You have the right to lodge a complaint with your national data protection authority (e.g., ICO in the UK, DPC in Ireland, CNIL in France) if you believe your rights have been violated. |
12. CCPA Rights for California Residents
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:
- Right to Know (§1798.100): You may request disclosure of what personal information we collect, use, disclose, and sell. As stated above, DevToolsHub itself does not collect or store personal information. Third-party services (Google, Microsoft) may collect data as described in their own privacy policies.
- Right to Delete (§1798.105): You may request deletion of personal information we have collected. We hold none. For third-party data, use the opt-out links provided in each service's section above.
- Right to Opt Out of Sale or Sharing (§1798.120): DevToolsHub does not sell personal information. Displaying interest-based advertising via Google AdSense may constitute "sharing" under CPRA. You can opt out at Google Ads Settings.
- Right to Non-Discrimination (§1798.125): We will not discriminate against you for exercising any CCPA right. All tools remain free and fully functional regardless of your privacy choices.
- Right to Correct Inaccurate Information (§1798.106): Not applicable — we do not maintain a profile of your personal information.
To submit a CCPA request, email [email protected] with the subject line "CCPA Privacy Request". We will respond within 45 days as required by law.
13. Children's Privacy
DevToolsHub is a developer utility site intended for adults and professional use. We do not knowingly collect any personal information from children under the age of 13 (COPPA), or under the age of 16 where required by applicable law (GDPR Article 8, UK GDPR). If you believe a child has submitted personal information through this site, please contact us immediately and we will take steps to identify and delete it.
14. International Data Transfers
DevToolsHub's infrastructure is hosted on Microsoft Azure (region: Central India / Southeast Asia). Third-party services (Google Analytics, Microsoft Clarity, Google AdSense) may process data on servers located in the United States and other jurisdictions. Google and Microsoft participate in the EU-U.S. Data Privacy Framework and use Standard Contractual Clauses (SCCs) approved by the European Commission for international transfers from the EEA/UK.
15. Changes to This Policy
We may update this policy when we add new tools, change infrastructure providers, or in response to changes in applicable law. Material changes will be reflected on this page with an updated "Last updated" date. We recommend checking this page periodically if you have privacy concerns. Continued use of the site after a policy update constitutes acceptance of the revised policy.
16. Contact and Complaints
For any privacy-related question, request, or complaint, contact us:
- Email: [email protected]
- Response time: Within 30 days for GDPR requests; within 45 days for CCPA requests
- EEA/UK supervisory authority: You may also contact your national data protection authority directly
Quick Summary
- No accounts — no registration required
- Tool inputs not stored or logged by us
- JWT, Base64, and password tools run entirely in-browser
- API tools (Hash, SQL Formatter) send input over HTTPS — not logged
- GA4 analytics: page visits + clicks only — no input values
- Clarity session recording: input fields masked
- AdSense: personalised ads by default; opt out at Google Ads Settings
- Theme + nav state saved in your browser only
- DevToolsHub does not sell your data