Privacy Policy

This Privacy Policy describes how Base64 Encode ("we", "us", or "our") collects, uses, and protects information when you visit our website at base64encode.io and use our free online Base64 encoding and decoding tool.

This policy applies to all visitors and users of our website. By accessing or using our service, you acknowledge that you have read and understood this Privacy Policy.

If you have any questions about this policy, please contact us at [email protected].

We collect a very limited set of information necessary to operate and improve the service. Here is a complete breakdown:

Information collected automatically:

• Log data: When you visit our site, our web server may automatically record standard log information such as your IP address, browser type and version, operating system, referring URL, pages visited, and timestamp of access. This data is used solely for security and infrastructure monitoring.
• Anonymized analytics: We use privacy-respecting analytics to understand aggregate usage patterns for example, how many people visit the site, which pages are most popular, and general geographic regions. This data is never linked to individual users.
• Performance data: We may collect anonymized performance metrics (page load times, error rates) to improve the service experience.

Information you provide voluntarily:

• Contact form submissions: If you reach out to us via email or a contact form, we collect your email address and the content of your message to respond to your inquiry.
• Feedback: Any bug reports or feature requests you voluntarily send to us.

Information we do NOT collect:

This is the most important section for most users. We want to be crystal clear about what happens when you use our Base64 encoder and decoder.

Specifically, this means:

• Your input text and encoded/decoded output exists only in your browser's memory (RAM) and is cleared when you close or refresh the tab.
• Files you drag-and-drop into the file encoder are read locally by the browser's FileReader API. No upload occurs.
• URL-safe Base64 conversions happen entirely within the browser JavaScript engine.
• The tool works offline once the page has loaded confirming no server communication is required for its core functionality.

We designed the tool this way intentionally. Developers frequently encode sensitive values such as API keys, JWT tokens, credentials, and private configuration data. We believe you should be able to do this without trusting a third-party server with that data.

We use a minimal and privacy-respecting approach to cookies. We do not use advertising cookies or cross-site tracking technologies.

Types of cookies we may use:

• Essential cookies: These are technically necessary for the website to function correctly (e.g., security tokens, session management). They do not track you for marketing purposes and cannot be disabled without affecting core site functionality.
• Analytics cookies: We may use privacy-first analytics (such as aggregate page-view counters) to understand how our tool is used. These do not identify individual users, do not track you across websites, and are not shared with advertising platforms.
• Preference cookies: We may store lightweight preferences locally (e.g., your last selected tab) using the browser's localStorage API. This data never leaves your browser.

We do not use Google Analytics, Facebook Pixel, advertising networks, or any other third-party tracking pixels that would share your behaviour data with external marketing companies.

To deliver a fast, reliable experience, our website may make use of a small number of third-party services. Below is a transparent summary of what we use and why.

• Google Fonts (fonts.googleapis.com): We load the Plus Jakarta Sans and JetBrains Mono typefaces from Google's CDN for typography. When your browser requests these fonts, Google's servers receive your IP address. You can review Google's Privacy Policy for details on how they handle font requests.
• Content Delivery Network (CDN): We may serve static assets (CSS, JavaScript, images) through a CDN to improve performance. CDN providers may log standard request metadata (IP, user-agent) for security and performance monitoring.
• Web Hosting Provider: Our hosting infrastructure provider may retain standard server logs (IP addresses, request timestamps) for a limited period for security and abuse prevention.

We do not sell, rent, or trade your personal information to any third parties for commercial purposes. We do not share data with advertisers, data brokers, social networks, or marketing platforms.

In the unlikely event we are required by law, court order, or governmental authority to disclose user data, we will disclose only the minimum information required to comply and, where legally permitted, will notify affected users.

We take the security of any data we do handle seriously. We implement appropriate technical and organizational measures to protect against unauthorized access, alteration, disclosure, or destruction of information.

• HTTPS encryption: All traffic between your browser and our website is encrypted using TLS (HTTPS), protecting your session from interception.
• No sensitive data at rest: Because our tool does not transmit your encoding/decoding data to us, we have no sensitive user content to protect at rest.
• Limited data retention: Server access logs are retained only as long as necessary for security monitoring and are purged on a regular schedule.
• Access controls: Any systems containing operational data are protected by access controls and are only accessible to authorized personnel.

Despite our best efforts, no method of transmission over the internet or electronic storage is 100% secure. If you believe your security has been compromised in connection with our service, please contact us immediately at [email protected].

Our service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 years of age.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at [email protected]. We will promptly delete any such information upon verified request.

If you are located in the European Economic Area (EEA), the applicable age threshold may be higher under local law. We comply with applicable age-related consent requirements in all jurisdictions we serve.

Regardless of where you are located, you have the following rights regarding any personal data we may hold about you:

• Right of Access: You may request a copy of any personal data we hold about you (e.g., contact information submitted to us).
• Right to Rectification: You may request that we correct any inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): You may request deletion of your personal data, subject to any legal obligations we must comply with.
• Right to Restriction: You may request that we restrict the processing of your data in certain circumstances.
• Right to Data Portability: You may request your personal data in a structured, machine-readable format.
• Right to Object: You may object to certain types of processing, including any direct marketing (which we do not conduct).
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to verified requests within 30 days.

European Union GDPR: If you are located in the European Economic Area, you are protected by the General Data Protection Regulation (GDPR). Our legal basis for processing any personal data (such as log data or contact form submissions) is our legitimate interest in operating a secure, functional service. You have all rights described in Section 08 above.

California CCPA/CPRA: If you are a California resident, you have additional rights under the California Consumer Privacy Act. You have the right to know what personal information we collect, the right to delete personal information, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your CCPA rights.

Other jurisdictions: We strive to comply with applicable data protection laws in all regions. If you have questions about how your local laws apply, please contact us.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

When we make material changes, we will update the "Last Updated" date at the top of this policy. For significant changes, we may also display a notice on our website. We encourage you to review this policy periodically.

Your continued use of Base64 Encode after any changes to this Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with a revised policy, you should discontinue use of the service.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:

• General contact: [email protected]

We aim to respond to all privacy-related inquiries within 5 business days and to fulfill verifiable data subject requests within 30 days.