How ToolBox works - full transparency
ToolBox is privacy-first, but we want to be honest about exactly what that means. Here is how everything works, with nothing hidden.
Client-side vs server-side tools
Most tools on ToolBox run entirely in your browser. Your data never leaves your device for tools like JSON Formatter, Base64 Encoder, Password Generator, Image Compressor, and the vast majority of our 165+ tools.
However, some tools need to reach external services that browsers can't contact directly (due to CORS restrictions). These tools send data through our server as a proxy:
- DNS Lookup - sends the domain name to Google/Cloudflare DNS and RDAP
- SSL Checker - sends the domain to crt.sh for certificate history
- IP Address Lookup - queries ipapi.co
- Link Checker - sends URLs to check for broken links
- Grammar Checker - sends your text to LanguageTool API
- Text Translator - sends your text to MyMemory Translation API
- SEO Analyzer - fetches HTML of the URL you enter
- PageSpeed Checker - queries Google PageSpeed Insights API
- HTTP Headers / Redirect / Speed Test - fetches data from the URL you enter
- Exchange Rates - fetches currency data from ECB (no user data sent)
For all of these, your data passes through our edge servers (Cloudflare) but is processed in memory and discarded immediately. We do not log or store the data.
Accounts and what we store
Free tools do not require an account. You can use them without providing any personal information.
If you create an account (required for Pro), we store the following in our database (Supabase):
| Data | Stored where | Why |
|---|---|---|
| Email address | Supabase (our database) | Login via magic link |
| Display name (optional) | Supabase | Shown in your profile |
| Subscription status | Supabase | Pro access control |
| Favorites, presets, settings | Supabase (if logged in) | Sync across devices |
| Workspace data | Supabase (if logged in) | Save and restore tool states |
| Credit card, billing address | Dodo Payments (payment processor) | Payment processing |
| Tool input/output data | Your browser (RAM only) | Not stored anywhere |
You can delete your account and all associated data at any time from your account settings.
How payments work
We use Dodo Payments as our payment processor. When you subscribe to Pro:
1. You sign in and click "Get Pro"
You are redirected to Dodo Payments' secure checkout page. Your payment details go directly to Dodo Payments' servers. We never see your card number or billing address.
2. Dodo Payments processes the payment
Dodo Payments charges your card and sends you a receipt. They store all billing data on their end.
3. Your subscription is linked to your account
We store your subscription ID and status in our database so Pro access works across all your devices when you sign in.
4. Pro features unlock automatically
Sign in on any device and Pro features are available. No manual ID entry needed.
How your data is handled with Pro features
Pro unlocks batch processing, higher file limits, API access, and AI tools. Here is how each works:
Batch processing
All files are processed entirely in your browser. Files are handled one at a time in memory. No files are uploaded to any server.
AI tools (WebLLM)
AI Chat, AI Code Explainer, AI Summarizer, and other WebLLM tools run large language models directly in your browser using WebGPU. Your prompts and responses never leave your device.
API access
API requests are processed on our edge servers (Cloudflare). Request data is processed in memory and discarded after the response is sent.
What this means in practice
- If you never create an account, we have zero data about you. Free tools work without any personal information.
- If you create an account, we store your email, profile, and subscription status. You can delete everything from your account settings.
- We never see your credit card or billing details. Dodo Payments handles all payment processing.
- Tool input/output data is never stored on our servers, even for tools that use server proxies. Data is processed in memory and discarded.
Verify this yourself
You can confirm everything on this page:
- Open your browser's DevTools (F12) and go to the Network tab. Use any client-side tool and confirm no requests are made to our servers.
- For server-proxy tools (DNS, SSL, Grammar, etc.), watch the Network tab and see the request go to our API and come back. No data is persisted.
- During checkout, payment data goes to
dodopayments.com, not our domain.
Related
Last updated: March 2026