Legal

Privacy Policy

Last updated: June 28, 2026

Last updated: June 28, 2026

This Privacy Policy explains how ToolXero ("we," "us," or "our"), accessible at https://ToolXero.com, collects, uses, and protects information when you use our website and tools.

We built this site around a core principle: your files are your business, not ours. Most of our tools process your documents and images entirely inside your browser — they never reach our servers. This policy explains exactly what that means and the limited cases where data does leave your device.

Please read this policy carefully. By using our website, you agree to the practices described here.

1. The Short Version

  • Your files: the vast majority of our tools process your files 100% inside your browser. Nothing is uploaded. Nothing is stored. We never see them.
  • Server-side tools: a small number of tools (such as background removal) require server processing. Files are deleted immediately after processing. We do not store, analyze, or share them.
  • Analytics: we use self-hosted Umami analytics — no cookies, no cross-site tracking, no fingerprinting, GDPR compliant by design.
  • Advertising: we display Google AdSense ads. Google may use cookies to personalize ads. You can opt out.
  • No accounts: we do not have accounts, sign-ups, or user profiles. We hold no personal data tied to your identity.

2. Information We Collect

2.1 Files You Process With Our Tools

Browser-side tools (the vast majority): When you use tools such as Compress PDF, Merge PDF, PNG to JPG, Image Compressor, QR Code Generator, Password Generator, and most other tools on this site, your file is processed entirely inside your browser tab using JavaScript libraries (pdf-lib, jsPDF, browser-image-compression, qrcode.js, Canvas API, and others). Your file is read into browser memory, processing occurs locally on your device, the result is offered for download directly to your device, and at no point is any data transmitted to our servers or any third party.

You can verify this at any time: open your browser's Developer Tools (F12), go to the Network tab, clear the log, and process a file. You will see zero outbound requests carrying your data.

Server-side tools (background removal and similar AI-powered tools): A small number of tools require server-side processing because they use AI models that cannot run efficiently in a browser. For these tools, your file is transmitted over HTTPS (encrypted) to our server, processing is performed immediately, the result is returned to your browser, and your file is permanently deleted from our server immediately after processing. We do not store, log, index, analyze, or share the content of these files, and no employee has access to files during or after processing. If you are concerned about uploading a sensitive document, use our browser-side tools where no upload occurs.

2.2 Analytics Data (Umami — Cookie-Free)

We use Umami, a self-hosted, open-source analytics platform. Umami is designed to be privacy-friendly: no cookies are set, there is no cross-site tracking (we only see activity on our own site), no fingerprinting, and no personal data is stored — Umami collects aggregate, anonymized data only.

The data we collect through Umami includes:

Data pointWhy we collect it
Page URL visitedTo see which tools are most used
Referrer domainTo understand traffic sources
Browser typeTo ensure compatibility
Operating systemTo ensure compatibility
Device typeTo optimize mobile experience
Country (approximate)Aggregated only, not individual
Session durationTo measure engagement

Your IP address is used to derive approximate country, then immediately discarded. We do not store IP addresses. This data is not shared with any third party.

2.3 Advertising Data (Google AdSense)

We display advertisements provided by Google AdSense. Google may use cookies to display relevant ads and measure performance. This is governed by Google's Privacy Policy.

Opt out of Google ad personalization: visit https://adssettings.google.com; EU users can visit https://www.youronlinechoices.com; US users can visit https://optout.aboutads.info.

2.4 Server Access Logs

Our web server maintains standard access logs (timestamp, URL, response code, IP address) retained for 30 days for security and diagnostic purposes only. They are not analyzed for marketing or shared with third parties.

3. How We Use Information

PurposeData usedLegal basis (GDPR)
Provide and improve our toolsUmami analyticsLegitimate interest
Display advertisementsGoogle AdSenseLegitimate interest / Consent
Diagnose errors and security issuesServer logsLegitimate interest
Process files (server-side tools)File content (deleted immediately)Contract performance

We do not use your data to build personal profiles, sell data to third parties, send marketing emails, or train AI models.

4. Data Sharing

PartyWhat is sharedWhy
Google (AdSense)Ad impression data, cookie identifiersAdvertising
Our hosting providerEncrypted server trafficOperating the website

We do not sell your personal information. We do not share your files or analytics data with data brokers or marketers.

5. Cookies

We do not set any first-party analytics cookies (Umami is cookie-free). Google AdSense sets third-party cookies to serve and measure ads. You can manage these through your browser settings or the opt-out links above.

6. Data Retention

Data typeRetention period
Files (server-side tools)Deleted immediately after processing
Files (browser-side tools)Never stored — exists only in browser memory
Umami analytics24 months
Server access logs30 days
AdSense dataPer Google's retention policies

7. Security

All connections are encrypted via HTTPS/TLS. Server-side files are deleted immediately after processing. We collect minimal data, reducing breach risk significantly. For browser-side tools, your files never leave your device — there is nothing to breach.

8. Children's Privacy

Our website is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. Contact us at hello@ToolXero.com if you have concerns.

9. Your Rights

European Economic Area (GDPR)

You have the right to access your data, correct inaccurate data, request erasure, restrict processing, data portability, object to processing, and withdraw consent. Contact us at hello@ToolXero.com to exercise these rights. You may also lodge a complaint with your national data protection authority.

California (CCPA / CPRA)

California residents have the right to know what data is collected, request deletion, and opt out of the sale of personal data. We do not sell personal data. Contact hello@ToolXero.com for any CCPA requests.

10. International Data Transfers

Our server is located in the European Union (Germany). Google AdSense data is processed globally by Google in accordance with their data transfer mechanisms (Standard Contractual Clauses).

11. Changes to This Policy

We update this policy when our practices change. We will update the "Last updated" date and, for significant changes, display a notice on our homepage.

12. Contact Us

ToolXero Email: hello@ToolXero.com Website: https://ToolXero.com

We respond to all privacy inquiries within 30 days.

Last reviewed: June 28, 2026.