string.is has been designed from the ground up to protect your privacy. Some of the measures taken to ensure privacy include:
The source code is publicly available on Github, so that you can verify for yourself how your data is handled.
All conversion operations happen client-side on your browser. At no time is the data you provide sent to any third parties.
Requests and responses are encrypted in transit to protect against MITM attacks. Certificates are provided by Let’s Encrypt, and managed by Vercel.
The site maintains a strict Content Security Policy, which blocks background connections to external services, and protects against cross-site scripting, clickjacking, and other code injection attacks.
The site uses Plausible Analytics, a lightweight and open-source website analytics tool. Plausible is hosted in the EU and is fully compliant with GDPR, CCPA and PECR. No personally-identifiable data is collected, and the analytics dashboard is open to the public.
Dependencies are carefully curated and limited to a small group of well-maintained libraries, with regular updates and multiple maintainers. The project also has Github security scans and dependency updates enabled, and pull requests are regularly reviewed.
The site is fully compliant with GDPR, CCPA and PECR. No personally-identifiable data ever leaves your device.