bytefork

Privacy

Short version: this site is private by default. Nearly every tool processes your input entirely in your browser — your data is never sent to a server, never logged, never shared. A small, deliberate set of tools need a server because the browser physically can't do the job. Each is labeled in the app and documented below. We only add a backend when there's no client-side way to do it, and only while it stays free on Cloudflare's tier (cost to you: $0).

What we do not collect

Tools that use a server

Two tools currently use a server, in two different ways. Each carries a badge on its page — [SAVES_DATA] if it stores your input, [USES_SERVER] if it only relays a request and keeps nothing.

To stop bots from draining the free server budget, the server-backed actions (URL shortener and the opt-in AI modes) may show a Cloudflare Turnstile bot check. Turnstile is a privacy-preserving CAPTCHA alternative: it sets no tracking cookies, builds no advertising profile, and is not used to identify you. It only appears on those actions, never on the client-side tools.

URL shortener — stores your link [SAVES_DATA]

A short link has to resolve to the original URL from any device, at any time, which is impossible to do inside your browser alone. So the URL shortener uses a small backend (Cloudflare Pages Functions + Workers KV). When you shorten a link it stores exactly three things:

You choose how long it is kept (1 hour up to permanent); timed links are deleted automatically when they lapse. Short links are public — anyone with the code can open the destination — so do not shorten private or sensitive URLs. Nothing else is stored: no name, no email, nothing you did not type.

DNS lookup — relays a query, stores nothing [USES_SERVER]

A browser can't issue raw DNS queries. The DNS lookup tool runs the query on Cloudflare's edge via DNS-over-HTTPS and returns the records. The domain you enter is forwarded to the resolver to answer the request, then discarded — it is not stored, logged to a database, or associated with you. There is no account, no history, no cookie. Like any web host, Cloudflare may log standard request metadata (IP, timestamp) at the network layer; that applies to every site you visit and is outside this tool's control.

Optional AI modes (opt-in) [OPTIONAL CLOUD AI]

Some tools run entirely on your device by default but offer an opt-in cloud mode for better results. These cloud modes are off by default; when you turn one on, the tool shows a notice before anything is uploaded, and the input is processed to produce the result and not stored by the tool. Stay on the on-device engine for anything confidential.

If any future tool needs a server, it will be labeled the same way — with the badge that matches what it does — and documented here.

Credits & Pro tools — still no signup [CREDITS]

There are no accounts on this site, even for paid use. Billable tools are metered in credits. Every visitor gets a daily free credit allowance that resets each day; a small set of clearly-badged Pro tools (heavy server work the browser can't do) can also be topped up with paid credits. They are always opt-in and never gate or replace a free tool. How this works for your privacy:

What we may collect

Aggregate, anonymous traffic counts via Cloudflare Web Analytics (no cookies, no fingerprint, no IP storage). This helps us know which tools to improve. You can disable it with any tracker-blocking extension and the tools still work.

Third parties

The site is served from Cloudflare's edge. Cloudflare may log standard HTTP request metadata (IP, user-agent) as part of operating the network; that data is governed by Cloudflare's privacy policy.

Desktop apps

The same promise applies to our downloadable Windows software (see desktop apps). Both are open source (MIT), no accounts, no ads, no telemetry.

FlowDesk runs entirely on your PC: no network connections — except when you click its Donate button, which opens your browser. Everything it creates (clipboard history, snippets, fences, settings, logs) is stored locally under %LOCALAPPDATA%\FlowDesk and never leaves your machine. Its Windows builds are code-signed via the SignPath Foundation.

Remote Control PC connects your PC to your phone, so it does use the network by design — but only end-to-end. Screen video and input flow directly peer-to-peer over WebRTC (DTLS-encrypted); the only server involved is a signaling relay you deploy, and it sees only opaque connection data, never your screen or keystrokes.

Contact

Questions about privacy? Open an issue on the project repository.