Effective Date: January 1, 2024
1. What We Collect and What We Do Not
This Application ("JWT Decoder & Verifier", "the Application") does not collect,
transmit, store, or process any JWT token content, secret keys, payload claims, or credentials
entered into its decoding or verification inputs. All decoding and cryptographic operations —
including Base64URL parsing and HMAC signature verification — are performed exclusively within
your web browser using client-side JavaScript. The authors have no technical ability to access
any token data you enter. Anonymous, aggregated traffic metrics are collected via Google
Analytics as described in Section 5.
2. No Personal Data Tracking
This Application does not use cookies, tracking pixels, web beacons, browser fingerprinting,
advertising scripts, or behavioral profiling technology. With the exception of the anonymized
traffic analytics described in Section 5 below, no data about your identity or activity is
collected or shared. Crucially, no JWT token content, secret keys, payload claims, or
any data you enter into this tool is ever collected, transmitted, or accessible to
any third party.
3. Local Execution & Offline Use
All JWT decoding and cryptographic signature verification is performed using your browser's
built-in Web Crypto API (crypto.subtle). Any tokens, secret keys, claims, or
credentials you enter remain solely within your browser's memory for the duration of your
session. They are never sent over any network connection. You may safely use this Application
in a fully offline (air-gapped) environment by saving the HTML file locally.
4. Third-Party Resources
When loaded from the internet, this Application makes external network requests to the
following services: (a) the Tailwind CSS Play CDN (cdn.tailwindcss.com)
for styling, and (b) Google Analytics (googletagmanager.com) for
anonymous traffic metrics as described in Section 5. No token data, secret keys, or credential
values are transmitted to either service.
5. Third-Party Analytics (Google Analytics)
This Application uses Google Analytics 4 (GA4) to collect anonymized,
aggregated traffic metrics — such as page views, approximate geographic region, browser type,
and session duration — in order to understand how developers use this tool and improve it over
time. Google Analytics does not receive any JWT token content, secret keys,
claim values, or any other data entered into the decoding or verification inputs. Google
Analytics may set cookies and collect standard HTTP metadata (e.g., anonymized IP address,
referrer URL). Data is processed subject to
Google's Privacy Policy.
To opt out of Google Analytics tracking across all websites, you may install the
Google Analytics Opt-out Browser Add-on.
6. Browser Storage
This Application does not use localStorage, sessionStorage,
IndexedDB, the Cache API, or any other browser persistence mechanism for storing
token data. All entered data is held only in JavaScript memory and is irrecoverably discarded
when you close or reload the page or browser tab.
7. Changes to This Policy
We reserve the right to update this Privacy Policy at any time. Continued use of the
Application after any changes constitutes your acceptance of the revised policy.
8. Contact
For questions or concerns about this policy, please contact us at
jtscientific2016@gmail.com.