Local processing
Runs in your browser where possible. Best for simple PDF, image, and developer utilities.
Trust Center
Privacy-aware tools with clear processing labels
DevToolKit shows when tools run locally, when temporary server processing may be needed, and when AI is optional.
Local where possibleTemporary server when neededAI optionalNo signup for basicsClear limits
Processing labels
Every tool should show how your input is processed before you start.
Temporary server
Used for heavier tasks such as background removal, advanced PDF editing, conversion, OCR, and large files.
AI optional
AI actions should be explicit, consent-based, and never hidden inside basic tools.
| Mode | What it means | Examples |
|---|---|---|
Local Browser-firstRuns in your browser where possible. | Best for basic PDF, image, and developer utilities. Inputs stay on your device during processing when the tool supports local mode. | PDF merge, JSON formatter, JWT decoder, text utilities |
Temporary server Heavier tasksUsed when browser-only processing is not enough. | Files are sent to DevToolKit services for processing and handled temporarily. A future TTL deletion policy will define automatic cleanup windows. | Background removal, image compression, PDF edit/sign |
AI optional Explicit consentOnly for actions you choose to run with AI assistance. | AI features require explicit consent for sensitive content. Credits and usage limits are planned for Pro and API tiers. | OCR cleanup, field detection, regex explanation (planned) |
What DevToolKit should never collect
- Uploaded file contents for analytics
- JWTs, passwords, private keys, or source code content
- Hidden cloud AI processing without user action
- More file data than needed for the selected task
Wording reflects design goals while trust infrastructure continues to mature.
File handling principles
Validate files before processing
DevToolKit aims to check file type, size, and page count before heavy jobs run.
Limit file size and page count
Free-tier and planned paid tiers should show limits before upload or job creation.
Delete temporary files by TTL rules
Server-processed files are designed to be removed after job completion according to retention rules still being finalized.
Use signed URLs for future large jobs
Planned for API and batch workflows so downloads do not require long-lived public links.
Keep analytics metadata-only
Analytics is intended to stay aggregate and should not store uploaded file contents.
Developer input warning
Developer tools can involve secrets. Avoid pasting production tokens, private keys, passwords, credentials, or confidential source code unless you fully trust the tool and understand the processing mode.
Current maturity note
Some trust features are still being built, including stronger TTL enforcement, usage limits, audit-friendly logs, and clearer worker isolation.