Privacy Policy

1. Overview

WebToolVerse (“we,” “our,” or “us”) operates the website at webtoolverse.com, which provides free browser-based utilities for working with PDFs, images, QR codes, text, and developer data. There is no account system on this site — we do not ask for your name, email address, password, or payment details. This page explains exactly what data is and isn't collected when you use the tools, who the third parties are, and how to opt out where applicable.

2. How Your Files and Inputs Are Processed

Every tool on this site runs entirely in your browser using JavaScript, WebAssembly, and standard Web APIs (Canvas, Web Crypto, File System Access). When you select a PDF, drop in an image, scan a QR code, or paste JSON, that data is read into memory on your own device and processed there. It is never uploaded to our servers and never transmitted to any third party. There is no server-side processing pipeline behind any tool — the only thing our infrastructure does is serve the static page.

A few tools require external assets to function. These are downloaded to your browser; nothing about your input is sent back:

• Background Remover — downloads the RMBG-1.4 AI model weights (~44 MB) from huggingface.co on first use, then caches them locally. Your image is processed by the model in your browser; the model never sees your image on a server.
• PDF OCR / Image OCR — downloads the Tesseract WebAssembly engine and language data from cdn.jsdelivr.net and tessdata.projectnaptha.com. Recognition runs in a Web Worker on your device.
• Word to PDF — uses LibreOffice WebAssembly fetched from cdn.jsdelivr.net; conversion happens in your browser.

None of these CDNs receive your file. They only receive a standard HTTP request for the asset itself, plus the IP and user-agent metadata that any web request includes.

3. Information We Collect Automatically

We do not collect personal information directly. The following non-personal, aggregated data is collected through standard web infrastructure:

• Server logs (Vercel) — IP address, user-agent, request URL, timestamp, response status. Retained for short periods for security and abuse prevention.
• Analytics (Google Analytics 4) — page views, referrer, browser, OS, device category, country-level location, and tool engagement events. IP addresses are anonymised by GA4 before storage.
• Error monitoring (Sentry) — when something crashes, we record the error message, stack trace, browser version, and a short replay of UI interactions leading up to the crash. Replays mask all text input and file contents by default — they capture the structure of the page, not what you typed or uploaded.

4. Local Storage on Your Device

Several tools use your browser's local storage to remember preferences or work-in-progress between visits. This data stays on your device and is never sent to us:

• Theme preference (theme key) — light or dark.
• Online Notepad — auto-saved text content.
• Recently used tools — for the homepage shortcut row.
• Tool-specific settings — e.g., last-used QR colours, password length defaults.
• Service worker cache — stores the static site assets so the app loads quickly and works briefly offline.

You can clear all of this at any time through your browser's site-data settings.

5. Advertising

WebToolVerse is supported by display advertising. We use Google AdSense, which may use cookies and similar identifiers to serve and measure ads — including ads based on your prior visits to this and other sites. These cookies are set by Google, not by us, and we do not have access to their contents.

You can opt out of personalised advertising at any time:

• Google Ad Settings — disable ad personalisation across Google services.
• Digital Advertising Alliance opt-out — opt out of behavioural ads from many networks.
• Your Online Choices (EU) — opt-out portal for European users.

6. Cookies

We do not set our own cookies for tracking or authentication. Third-party cookies and identifiers may be set by:

• Google AdSense (googlesyndication.com, doubleclick.net) — for ad selection, frequency capping, and measurement.
• Google Analytics 4 (_ga, _ga_* on the site domain) — for anonymous traffic statistics.
• Vercel — minimal infrastructure cookies for routing and security.

You can manage or block cookies through your browser settings, or use private/incognito mode to avoid them entirely. Blocking cookies will not break any of the tools.

7. Third-Party Services

A complete list of external services used by the site:

• Vercel — hosting and CDN (United States, with regional edge nodes).
• Google AdSense — display advertising.
• Google Analytics 4 — anonymous usage analytics.
• Sentry — error monitoring and masked session replay on errors.
• Hugging Face CDN — model weights for the Background Remover (downloaded to your browser only).
• jsDelivr / Project Naptha — WebAssembly engines and language data for OCR and Word-to-PDF tools (downloaded to your browser only).

We do not share or sell any data to other third parties.

8. Data Retention

We do not hold personal data directly. Aggregated analytics in Google Analytics 4 are retained for 14 months by default before automatic deletion. Sentry error reports are retained for 30 days. Vercel server logs are retained for short operational periods (typically days).

9. Your Rights (GDPR / UK GDPR)

If you are in the European Economic Area or the United Kingdom, you have the right to access, rectify, erase, or restrict processing of personal data we hold about you. Because we do not maintain accounts or store identifiable personal data, most of these rights do not apply directly. If you believe a third-party processor (AdSense, Analytics, Sentry) holds data linked to you via cookies or device identifiers, contact us and we will help direct your request to the appropriate provider, or you may approach them directly.

The lawful basis for the limited data we do process is legitimate interest — running and improving a free public service — and, for advertising cookies, consent as required by ePrivacy / EU regulations.

10. Your Rights (California — CCPA / CPRA)

California residents have the right to know what personal information is collected, to request its deletion, and to opt out of the “sale” or “sharing” of personal information. We do not sell personal information. Use of advertising cookies by Google AdSense may qualify as “sharing” under CPRA; you can opt out via the Google Ad Settings link in section 5 above.

11. Children's Privacy

This site is not directed at children under 13 (or under 16 in the EEA / UK). We do not knowingly collect any data from children. If you believe a child has provided information through this site, contact us and we will investigate.

12. Do Not Track and Global Privacy Control

We do not respond to legacy “Do Not Track” browser headers, as the standard was never widely adopted. The Global Privacy Control (GPC) signal is honoured for advertising preferences where supported by our ad partner.

13. Security

All traffic to webtoolverse.com is served over HTTPS with HSTS. We apply Content Security Policy, X-Frame-Options, and Permissions-Policy headers to limit the scope of any client-side compromise. Because tools run client-side, the most important security boundary is your own browser's sandbox.

14. Changes to This Policy

We may update this policy as the site evolves. Material changes will be reflected in the “Last updated” date at the top. Continued use of the site after changes constitutes acceptance of the updated policy.

15. Contact

For questions, opt-out requests, or privacy concerns, email us at hello@webtoolverse.com. We aim to respond within five business days.