Privacy
Nothing you type leaves your device. Every tool — JWT decoding, hashing, regex, password generation, converters — runs locally in your browser using built-in Web APIs (Web Crypto, etc.). No input is ever sent to a server.
In particular: JWTs are decoded locally and never verified against a remote service; generated passwords and tokens use the browser’s cryptographic RNG and are never transmitted or stored.
No analytics, no cookies, no trackers. The only network requests are for the page’s own assets and Google Fonts.
Still — never paste real production secrets into any web tool, including this one.