🔒 Privacy Policy
Your privacy is non-negotiable. Zero server-side logging, zero data retention.
1. Our Commitment to Absolute Privacy
XML Tools (“we”, “us”, “our”) operates under a strict zero-knowledge architecture. We do not operate any backend servers that receive, process, store, or log the XML, JSON, XSLT, HTML, or any other data you submit through our validators, formatters, editors, or converters. Every operation — including validation, formatting, minification, tree visualization, XPath evaluation, and schema validation — is executed entirely client-side using JavaScript and WebAssembly where applicable. Your files and pasted content never leave your device.
2. No Data Collection & Serverless Architecture
We explicitly do not collect, store, sell, or share any personal data, usage metadata tied to your content, or processed documents. There are no registration requirements, no user profiles, and no analytics that trace specific XML structures back to you. Even error logs (if any) are anonymized and exclude any identifiable content or file fragments. Our hosting infrastructure only serves static assets (HTML, CSS, JS, images) and does not process API requests containing user documents. Therefore, we cannot access, disclose, or lose your data because we simply never receive it.
3. Local Storage & Browser Persistence
To improve your experience, some tools — such as the XML Editor, JSON Diff, or session-aware formatters — may optionally store your work-in-progress or editor settings using browser storage mechanisms: localStorage, sessionStorage, or IndexedDB. This data stays exclusively on your device and is never transmitted to XML Tools servers. You can clear this data at any time via your browser’s “Clear Site Data” or “Delete Local Storage” options. We have no ability to retrieve, view, or recover this information. XML Tools does not use any third-party storage or cloud sync features unless you explicitly initiate an export or save-to-file action.
4. Cookies and Anonymous Analytics
We respect your right to choose. XML Tools uses minimal, privacy-preserving analytics to understand general traffic patterns — such as number of visits, page views, and aggregate tool usage — without creating individual profiles. We do not use persistent tracking cookies for advertising, remarketing, or cross-site tracking. Any analytics implemented are either self-hosted (e.g., plausible, umami, or similar cookieless analytics) or configured to mask IP addresses and avoid collecting any part of your input data. You can block all cookies via browser settings without affecting tool functionality. Third-party cookies are never placed by XML Tools.
5. Children’s Privacy
Our services are not directed to individuals under the age of 13, and we do not knowingly collect any personal information from children. Since we collect no data at all, no special treatment is required, but we encourage parents and guardians to supervise children’s online activities. If you believe a child under 13 has inadvertently sent us any information, please contact us, and we will ensure no residual data remains (though again, our server logs contain no user content).
6. Data Retention & Your Ownership
Because we do not store any files on our servers, the concept of data retention does not apply to your documents. Any XML or JSON that you process is held temporarily in your browser’s memory only during the active session. Once you close the tab or refresh the page, the data is cleared from RAM. For features using localStorage, that data persists only until you or your browser deletes it. You retain full ownership, copyright, and control over any data processed using XML Tools. We claim no intellectual property rights over your inputs, outputs, or transformed files.
7. Third-Party Links & Embedded Services
Our website may contain links to external resources, documentation, or open-source projects for reference. Once you leave XML Tools, this Privacy Policy no longer applies. We are not responsible for the privacy practices or content of third-party websites. Additionally, our tools never embed external scripts that could exfiltrate your data. All dependencies (like syntax highlighters or XML parsers) are loaded from trusted CDNs with integrity checks, but they still execute client-side; nonetheless, we recommend reviewing their privacy policies if you have concerns.
8. Security Measures
While your data never traverses our network, we secure the delivery of our website via HTTPS/TLS encryption to prevent man-in-the-middle attacks. We also employ Content Security Policy (CSP) headers to mitigate cross-site scripting (XSS) and other injection risks. However, as with any web application, you should ensure your browser and operating system are up-to-date. XML Tools cannot be held liable for local malware or browser vulnerabilities that compromise your local environment.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. The “Last Updated” date at the bottom of this page will indicate when the latest revision occurred. In case of material changes that affect the core promise of zero-data-collection, we will notify users via a notice on our homepage or a banner. Your continued use of XML Tools after such modifications constitutes acknowledgment of the updated policy.
10. Your Rights & Contact
Given our complete absence of data collection, there is no personal information to access, rectify, erase, or port. Nonetheless, if you have any concerns, questions, or requests related to privacy, please reach out to our Data Protection Officer (DPO) at nolushac@gmail.com. We will respond within a reasonable timeframe. For verified requests concerning any residual metadata (e.g., anonymized usage counters), we will provide transparency reports upon request. You also have the right to lodge a complaint with your local data protection authority, though our compliance with GDPR/CCPA is inherent due to processing zero personal data.
Summary for GDPR/CCPA visitors: XML Tools acts as a “processor” only in name — since no data is collected, there is no controller-to-processor relationship. Your data is never exposed to us. For absolute peace of mind, use our tools offline by downloading the repository; we are 100% transparent.