toWorthy
QR Generator Secret Share Features FAQ Blog Try it free Contact
Privacy Policy

Privacy Policy

Last updated: October 7, 2025

toWorthy provides a collection of free online tools (QR Generator, Secret Share, Image Optimizer, PDF Merge & Split, Image → PDF, PDF Compressor, CSV ↔ JSON, Base64, Password Generator, Hash Generator, UUID Generator, URL Encoder/Decoder, JSON Formatter, Timestamp Converter, Regex Tester, Diff Tool, Word Counter, Lorem Ipsum/Dummy JSON, and more). Our design principle is data minimization: we only process what is strictly necessary for each tool to function.

Cookies and sessions

We do not use cookies for analytics or advertising. The app may set only strictly necessary technical cookies (like PHPSESSID) to manage sessions and CSRF protection. These expire when you close the browser or after a short timeout.

Client-side tools

Tools like Base64, Hash, Password Generator, UUID, URL, JSON Formatter, Timestamp Converter, Regex, Diff, Word Counter, and Lorem Ipsum/Dummy JSON run entirely in your browser. Your data never leaves your device.

File-based tools

File tools (Image Optimizer, PDF Merge/Split, Image → PDF, PDF Compressor, CSV ↔ JSON) temporarily process uploads on our server. Files are stored only in /tmp and automatically deleted after processing or once downloaded. Nothing is kept permanently.

Secret Share

  • Messages are encrypted in your browser before upload.
  • We cannot decrypt the message contents.
  • Secrets are automatically deleted after first view or expiry.
  • Only minimal metadata (expiry time, view counter) is stored.

Internal analytics

We run a lightweight, self-hosted analytics system to understand how the site is used. This tracks only the following data: page path, referrer domain, device type (desktop, mobile, tablet), and timestamp.

The data is anonymous, aggregated, and never shared with third parties. We do not build profiles, set tracking cookies, or use external services like Google Analytics.

Logs and hosting

Our hosting provider may log standard request data (IP, user agent, timestamp) for security and operational reasons. Logs are retained only for the legally required minimum.

Your rights

Under GDPR and applicable privacy laws you may request access, correction, or deletion of personal data. Since we avoid collecting personal data, in most cases there is nothing stored. If you have concerns, contact us directly.

Contact

Operated by an independent developer. For privacy-related questions, please use our contact form.