How we keep your data safe
ToolsNest is built around a simple principle: don't collect what you don't need. Most of our tools never touch our servers at all.
Your files never leave your device
The Image Compressor, Image Converter, PDF Compressor, and PDF Locker all run entirely inside your browser using client-side JavaScript and WebAssembly. When you drop a file into one of these tools, it is processed locally — nothing is uploaded to our servers, nothing passes over the network. Once you close the tab, the file is gone.
HTTPS everywhere
All traffic to toolsnest.io is served over HTTPS with TLS 1.2 or higher. HTTP requests are automatically redirected to HTTPS. We use Vercel's managed TLS infrastructure, which handles certificate issuance and renewal automatically.
Minimal server-side storage
We store almost nothing server-side. Our database holds blog posts and PrivNotes only. We do not store user accounts, uploaded files, tool inputs, SEO audit results, or any content you generate using our tools.
PrivNote encryption and auto-deletion
When you create a PrivNote, the message is stored in our Neon PostgreSQL database with a unique, unguessable ID. The note is permanently deleted the moment it is first read. If it is never opened, it is automatically purged after 7 days. We do not log note content, and access to the database is restricted to application credentials only.
No third-party scripts with data access
We run Google AdSense for advertising. Beyond that, we do not load third-party analytics scripts, session recording tools, heatmap trackers, or marketing pixels that could observe your tool usage. AdSense operates in its own isolated context and cannot access file contents or tool inputs.
Dependency management
Our codebase uses a minimal set of well-maintained open-source dependencies. We review dependencies before adding them and keep them updated to pull in security patches. The site is deployed on Vercel, which provides DDoS protection and edge-level security at the infrastructure layer.
Report a vulnerability
If you discover a security vulnerability on toolsnest.io — a data exposure, an injection issue, an authentication bypass, or anything else that could affect users — please let us know responsibly before disclosing it publicly.
Email us at security@toolsnest.io with a description of the issue, steps to reproduce it, and the potential impact. We aim to acknowledge reports within 48 hours and will keep you updated as we investigate and fix the issue.
We ask that you give us reasonable time to address a reported issue before any public disclosure. We do not currently run a paid bug bounty programme, but we will credit researchers who report valid vulnerabilities in our changelog if they wish.
Scope clarification
ToolsNest processes sensitive files (PDFs, images) entirely client-side. We do not have access to the content of files you process through our tools. If you are concerned about a specific file type or tool, check the browser's network tab while using it — you will see no upload requests to our servers.