Your privacy is not a feature — it's the foundation.

This Privacy Policy describes how DiffTools ("we", "us", or "our") handles information when you use our website and free online tools, including our text difference checker, text comparison tool, image-to-text OCR, and image format converters (JPG to PNG, PNG to JPG, WebP to PNG, WebP to JPG, HEIC to JPG, HEIC to PNG, and others).

The short version: we collect almost nothing, and what little we do receive is anonymous, never sold, and not tied to you personally. Our tools are designed from the ground up to work locally in your browser without any need to transmit your content to us.

We make a clear distinction between information we do not collect and the minimal technical data that any web server receives by default when you visit a website.

We do NOT collect:

• The text you paste into our text diff or text compare tools
• Image files you upload to our converters (JPG, PNG, WebP, HEIC)
• Any content processed by our OCR (Image to Text) tool
• Your name, email address, or any personal identifiers
• Passwords or account credentials (we have no accounts)
• Payment or financial information of any kind
• Your precise location or GPS coordinates

Standard server logs may include:

• Your anonymised or truncated IP address (used for abuse prevention and general traffic analysis)
• The URL of the page you requested
• Your browser type and version (e.g., "Chrome 121 on Windows")
• The referring website, if any
• Date and time of the request

Understanding why your data stays private requires a brief explanation of how our tools are built. Every utility on this site — including the free text difference checker, the OCR image-to-text tool, and all image format converters — is implemented using client-side JavaScript.

This means all computation runs on your own device using your browser's JavaScript engine. When you paste text or upload an image:

• The content is loaded into memory in your browser tab only
• Processing (diffing, OCR analysis, image conversion) happens locally using JavaScript APIs
• Output (diff results, extracted text, converted images) is generated in your browser and shown to you
• No data is transmitted to our servers at any point in this process
• When you close or refresh the tab, all in-memory content is cleared permanently

We use a minimal number of cookies strictly necessary for the website to function correctly. We do not use advertising cookies, tracking pixels, or behavioural profiling cookies.

Cookies we may set:

• Session cookies — temporary cookies that expire when you close your browser. Used to maintain basic page state. Contain no personal data.
• Preference cookies — if you adjust a tool setting (e.g., diff mode), we may store this locally in your browser's localStorage so your preference persists across page loads. This data never leaves your device.

We may use a privacy-focused analytics tool (such as Plausible or a self-hosted solution) that collects anonymous, aggregate page view statistics — no cookies, no cross-site tracking, and no personal data. If we introduce any analytics, it will be cookieless and GDPR-compliant by design.

We do not sell, trade, rent, or otherwise transfer your information to third parties. Period. However, like all websites, the delivery of our pages involves a small number of third-party infrastructure providers:

• Web hosting / CDN provider — Our server or CDN provider may receive standard access log data (IP, browser, URL) as described in Section 2. We choose providers with strong privacy commitments.
• Font CDN — If we load web fonts from a CDN (e.g., Google Fonts), your browser may make a request to that CDN. Where possible, we self-host fonts to eliminate this.

We do not embed Facebook pixels, Google Ad scripts, affiliate trackers, or any third-party marketing technology on this site. Our tools have no relationship with advertisers that would involve sharing your usage behaviour.

Because we don't collect personal data, there is nothing to retain. The only data subject to any retention is the anonymised server log data described in Section 2. This is retained for a maximum of 30 days for security and infrastructure monitoring purposes, after which it is automatically deleted.

Any tool outputs (diff results, converted images, extracted text) exist only in your browser's memory. They are not saved to any database or storage system on our end. Refreshing the page or closing the tab permanently removes them.

Our tools are general-purpose utilities suitable for users of all ages. Because we collect no personal information from any users whatsoever, we also collect no information from children under the age of 13 (or the applicable age in your jurisdiction).

If you believe a child has somehow submitted personal information to us, please contact us at the address in Section 11 and we will promptly investigate and delete any such data if found.

Depending on your jurisdiction, you may have rights including the right to access, correct, delete, or port your personal data. Since we collect no personal data tied to you as an individual, these rights are effectively satisfied by default — there is nothing we hold about you to access, correct, or delete.

Relevant regulations include, but are not limited to:

• GDPR (EU/EEA residents) — General Data Protection Regulation
• CCPA (California residents) — California Consumer Privacy Act
• PIPEDA (Canadian residents) — Personal Information Protection and Electronic Documents Act
• UK GDPR (United Kingdom residents)

If you have any concerns about your privacy rights in relation to our site, please contact us directly (see Section 11).

We implement industry-standard security measures to protect our website infrastructure:

• HTTPS enforced on all pages — all connections are encrypted in transit
• No sensitive databases to breach — we store no user content or credentials
• Regular dependency updates to patch known vulnerabilities
• Minimal server attack surface — no login systems, no file upload endpoints

The most effective security measure we've implemented is architectural: by processing everything client-side, there is no centralised store of user content that could be breached. Even in the hypothetical event of our server being compromised, no tool content or personal data would be at risk, because none exists on our servers.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new tools we introduce. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this page periodically. Continued use of our tools after any changes constitutes acceptance of the updated policy. If we ever introduce a material change that affects how we handle data in a more intrusive way, we will display a prominent notice on the site.

If you have any questions, concerns, or requests regarding this Privacy Policy or your privacy when using our tools, we'd love to hear from you. We aim to respond to all privacy-related enquiries within 72 hours.