How client-side processing works

snip.tools is built around a simple promise: your data stays on your device. Most of our tools never send what you type, paste, or open to a server at all.

Everything runs in your browser

Each tool is a small program that executes locally using JavaScript and, for heavier work like image and PDF processing, WebAssembly. When you compress an image or format a JSON document, the work happens on your own machine. Nothing is uploaded, stored, or logged on our side.

Enforced, not just promised

The “runs in your browser” claim is backed by a strict Content-Security-Policy. Client-side tool pages ship with connect-src 'self', which tells your browser to refuse any network connection to an origin other than snip.tools itself. Combined with Subresource Integrity on our scripts, this means a tool page physically cannot exfiltrate your data to a third party — and you don't have to take our word for it:

• Open your browser's developer tools and watch the Network tab while you use a tool — you'll see no upload of your content.
• Inspect the response headers (for example with curl -I https://snip.tools/) to read the policy directly.

The few tools that query public data

Some lookups — WHOIS, DNS, SSL inspection — have to ask a public registry a question, so they send the single identifier you enter (a domain, an IP) through a minimal proxy. They never receive a file, and those pages are clearly labelled so the distinction is always obvious.

Open-source modules

As our file-processing modules mature, we publish them as open-source packages so anyone can audit exactly what runs on their device.