Compare Text Privacy

What happens to the text you paste

Nothing leaves your machine. The diff runs as JavaScript inside the page you have open. The two text panes are read into memory, compared, and the result is drawn back into the page. There is no upload step, no server-side processing, no background sync.

The JSON diff page parses your input with your browser's native JSON.parse. The text diff page reads files via the FileReader API, which is also entirely local. Same goes for every other tool on the site.

You can verify this in three minutes: open the browser's DevTools, switch to the Network tab, paste two pieces of text into either tool, and watch what gets requested. Once the page and its assets are loaded, no outbound requests fire when you compare. If you see a request to an analytics or telemetry endpoint touching your input, file an issue and we will fix it.

What we collect

The site is hosted on Cloudflare Pages. Cloudflare logs standard HTTP request metadata (IP address, user-agent, request URL, timestamp) for every page load — the same kind of log every web server keeps. That data is used for DDoS protection and basic operational visibility, not for building a profile of you. We do not run a CDN-level analytics product on top of those logs.

We do not run Google Analytics, Mixpanel, Hotjar, Posthog, or any comparable client-side analytics. There is no script on the page whose job is to record what you typed, where you clicked, or which buttons you pressed.

We do not use advertising cookies or tracking pixels. The site does not show ads. There is no third-party code embedded in the page that talks to advertiser networks. The site assets are static and do not phone home.

Cookies and local storage

We do not set tracking cookies. The site stores nothing identifying in localStorage, sessionStorage, or IndexedDB. Some pages may remember your last chosen UI preference (for example, an editor theme) in localStorage, but that data lives only in your browser and is never read back to a server. Clear it any time from your browser's site-data settings.

If you upload a file

Clicking Upload on either pane uses the browser's File API to read the file's contents into the editor. The file is read locally and the bytes never leave your machine. There is no XHR, fetch, or WebSocket involved.

If your file is sensitive — a contract, an internal log, an IAM policy — that is fine. The tool was built with that case in mind. The risk profile of pasting an AWS IAM policy into Compare Text is the same as opening it in a local text editor: it stays on your machine.

Search engine and AI crawlers

Our robots.txt permits crawling by Googlebot, Bingbot, GPTBot, ClaudeBot, PerplexityBot, Google-Extended, CCBot, Applebot-Extended, Amazonbot, and Bytespider. They crawl the published pages — the static marketing copy, FAQs, and documentation — so the site shows up in search and gets cited by AI search engines. They do not see any text you paste into the diff editor, because that text exists only in your local browser session, not in the published HTML.

Children's privacy

The tool is general-purpose and does not target children. We do not knowingly collect personal information from anyone, child or adult, since the site does not collect personal information at all.

Changes to this page

If we change anything material — new infrastructure provider, new third-party script, anything that affects the "your text does not leave your browser" promise — we will update this page and bump the date at the top.

Verifying these claims

Privacy claims that cannot be verified are not worth much. The good news is that you do not have to take our word for any of the above. Open your browser's DevTools, switch to the Network tab, paste two pieces of text into either tool, and watch what gets requested. Once the page assets are loaded, no outbound requests fire when you compare. If you ever see a request to an analytics or telemetry endpoint touching your input, the claim on this page is wrong and we want to know.