SatyaXLab
Security Audit

Verified privacy.
Zero trust required.

Don't take our word for it — verify it yourself. This page documents our security architecture, processing model, and privacy guarantees with technical evidence you can inspect.

Last audited: April 9, 2026

Processing Architecture

Client-Side Only

Every tool operation runs in your browser's JavaScript engine or WebAssembly runtime. Your CPU does the work, not our servers.

Zero Network Transfer

No file data crosses the network boundary. Open DevTools → Network tab while using any tool. You'll see zero data-carrying requests.

No Server Storage

Our backend has no databases, no file upload endpoints, and no logging of user activity. We physically cannot store what we never receive.

Data Flow Model

1. You Select a File

File is read into browser memory via the File API. It never leaves your device.

2. Browser Processes

Canvas API, WebAssembly, or Web Workers process the file entirely in your browser.

Server Never Involved

Our server only delivers the static HTML/JS/CSS bundle. It has no file upload endpoints, no processing APIs, and no database connections.

Security Checklist

Files never leave the browser

All file processing uses Canvas API, WebAssembly, and Web Workers — exclusively client-side.

Zero outbound data requests

Network tab verification: no XHR/fetch calls containing user data during tool operation.

No cookies or tracking pixels

Zero first-party or third-party cookies. No tracking scripts loaded.

No server-side file storage

Our backend serves only static Next.js pages. No file upload endpoints exist.

No analytics or telemetry

No Google Analytics, Mixpanel, Hotjar, or any data collection SDK.

No user accounts or authentication

No login system. No personal data ever collected or required.

Memory cleanup after processing

Processed data is garbage-collected when you navigate away or close the tab.

HTTPS-only transport

All pages served over TLS 1.3 with HSTS enabled. No mixed content.

Tool-Specific Security

Image Tools

  • Images processed via Canvas API and OffscreenCanvas
  • Background removal uses on-device ONNX WebAssembly model
  • Blob URLs created for downloads are revoked after use
  • EXIF metadata stripped during conversion

PDF Tools

  • pdf-lib runs entirely in the browser
  • Encryption uses AES-256 via Web Crypto API
  • Heavy operations run in Web Workers to prevent UI blocking
  • Zero file upload endpoints on the server

Developer Tools

  • Hash generation uses SubtleCrypto (Web Crypto API)
  • JWT decoding is pure JavaScript — no server calls
  • Base64 encoding uses btoa/atob with TextEncoder
  • Code formatting via bundled Prettier/custom parsers

Network Security

  • TLS 1.3 with HSTS preloading enforced
  • Content Security Policy headers configured
  • X-Frame-Options set to DENY
  • Referrer-Policy set to strict-origin-when-cross-origin

Verify It Yourself

We encourage you to verify our privacy claims independently. Here's how:

1

Open DevTools

Press F12 or right-click → Inspect. Go to the Network tab and clear existing entries.

2

Use Any Tool

Upload a file to any tool — compress an image, merge PDFs, format some JSON.

3

Check Network Tab

You'll see zero outbound requests containing your file data. Your data never leaves the browser.

Architecturally Private.

Privacy isn't a feature we added — it's how we built the entire platform. Use our tools with complete confidence.

Browse ToolsPrivacy Policy