Legal

Privacy Policy

OpenFormatter is built on a Zero-Trust privacy model. Your data never leaves your browser.

verified_userPrivacy-First Architecture

The core formatting functionality of OpenFormatter processes all data 100% client-side. No input data is ever transmitted to our servers. This is a technical guarantee, not just a policy.

1. Data Collection

OpenFormatter does not collect, store, or transmit any data you input into our formatting tools. All processing occurs exclusively within your browser using client-side JavaScript and WebAssembly. We have no technical ability to access your input data.

For account features (sign-in, saved preferences), we collect: - Email address - Encrypted password hash (bcrypt) - Usage analytics (aggregated, non-personally identifiable) - Stripe payment information (handled entirely by Stripe, never stored on our servers)

2. Local Storage

We use browser localStorage to store: - Theme preferences (light/dark mode) - Recent tool history (last 10 operations, stored encrypted) - Editor preferences (indentation, formatting rules)

This data never leaves your device and can be cleared at any time through your browser settings.

3. Cookies

We use minimal, necessary cookies for: - Authentication sessions (httpOnly, secure, sameSite=lax) - CSRF protection

We do NOT use tracking cookies, advertising cookies, or third-party analytics cookies.

4. Third-Party Services

We use the following third-party services: - **Stripe**: Payment processing for Pro subscriptions. Their privacy policy applies to payment data. - **Vercel**: Hosting infrastructure. Server logs are retained for 30 days. - **Google Fonts**: Served via CDN (Space Grotesk, Inter, DM Mono, Material Symbols). No tracking.

We do not use Google Analytics, Facebook Pixel, or any behavioral tracking tools.

5. Your Rights (GDPR/CCPA)

You have the right to: - Access all data we hold about you - Request deletion of your account and associated data - Export your data in JSON format - Opt out of any future communications

To exercise these rights, email privacy@openformatter.com with subject "Data Request".

6. Security

Our security measures include: - All data in transit encrypted with TLS 1.3 - Passwords hashed with bcrypt (cost factor 10) - JWT authentication tokens with short expiry (24 hours) - Regular security audits - SOC2 Type II compliant processing environment

7. Changes to This Policy

We will notify registered users via email of any material changes to this privacy policy at least 14 days before they take effect. Continued use of OpenFormatter after that date constitutes acceptance of the updated policy.

Last updated: December 2024

Privacy Policy | OpenFormatter | OpenFormatter