Why Toolkit runs entirely in your browser (and why that matters)
Type “convert HEIC to JPG” into a search engine and you'll get pages of websites that all work the same way: you upload your photo to their server, the server converts it, and you download the result. Toolkit's tools take the opposite approach — the work happens on your own device, and your files never leave it. This guide explains how that's possible, why it's meaningfully safer, where the honest tradeoffs are, and how you can verify every word of it yourself.
Two ways to build an online tool
Every online converter, compressor or generator has to run its logic somewhere. There are only two choices:
Server-side: the website is a thin shell. When you drop in a file, it's transmitted over the internet to a computer owned by the site's operator. That computer does the conversion and sends the result back. Your file — a photo of your kids, a contract, a medical form — now exists, at least temporarily, on hardware you don't control, governed by a retention policy you probably haven't read.
Client-side (in-browser): the website delivers the program instead of receiving your data. Your browser downloads a page of HTML and JavaScript — and in some cases a WebAssembly engine — and then does the conversion right there on your laptop or phone. The file goes from your disk into your browser's memory and back to your disk. No upload happens, because none is needed.
Toolkit is built entirely the second way. It's not a marketing claim about a server being “secure” — there simply is no server in the data path.
What “runs in your browser” actually means
Modern browsers are far more capable than most people realize. A few standard, built-in technologies make local processing possible:
- The File API lets a page read a file you choose — and only a file you explicitly choose — into memory, without sending it anywhere.
- Canvas can decode an image, redraw it at a new size, and re-encode it as PNG, JPG or WebP. That's an image converter, built from parts your browser already ships with.
- Web Crypto generates cryptographically secure random numbers and performs real encryption (AES-GCM) and hashing (SHA-256) — the same primitives banks use — locally.
- WebAssembly (WASM) lets heavyweight software written in C or C++ run in the browser at near-native speed. Toolkit's video converter runs FFmpeg — the industry-standard video engine — compiled to WebAssembly. The vocal remover runs a full AI model (Meta's Demucs) the same way.
When you open a Toolkit tool, your browser downloads the page and its script once (and caches them). From that point on, the tool is essentially a small local program with a web page as its interface.
Why local processing is safer
A file that never leaves can't leak. Every data breach you've read about had the same precondition: the data was on someone else's computer. Server-side converters ask you to extend trust — that they delete files promptly, that their storage is configured correctly, that an employee never peeks, that they won't get hacked. In-browser tools remove the question entirely. There is nothing to delete because nothing was ever received.
No account, no history, no profile. Toolkit's tools don't require a sign-up, so there's no stored history of what you converted, hashed or encrypted tied to your identity.
It keeps working when the network doesn't. Because the logic lives in the page, most tools keep working if your connection drops after loading — try switching on airplane mode mid-session. A server-side tool goes dark the moment the network does.
No upload also means no upload limits. There's no server bandwidth to protect, so nothing is throttled, queued behind other users, or gated by a file-size paywall. The practical limit is your own device's memory.
The honest exceptions — and where ads fit in
Transparency only counts if it includes the fine print, so here is all of it.
Two tools do talk to a server, on purpose, and say so on their pages. The image converter can optionally fetch an image from a URL you paste — that fetch is a download to your browser, and only happens if you use that feature. The one-time link exists to pass a secret to another person, so something must be stored briefly — but the note is encrypted with AES-256-GCM before it leaves your browser, the decryption key stays in the link's #fragment (which browsers never transmit to servers), and the ciphertext is destroyed the moment it's read once.
Toolkit is free and is supported by ads, which means pages include Google's advertising and analytics scripts, and a consent banner where the law requires one. Those scripts see the same things they see on millions of other websites — page views. They are not part of any tool's data path: your files, text and passwords are handled by the tool's own code and never touch them. One page — the vocal remover — even runs entirely ad-free, because the security isolation its AI engine needs is technically incompatible with ad scripts. Where the two conflict, the tool wins.
The tradeoffs, stated plainly
In-browser processing isn't magic, and it isn't always the best fit. It's worth knowing the costs:
- Your device does the work. A ten-year-old laptop converts video slower than a data-center server would. For small everyday jobs the difference is irrelevant; for a feature-length 4K video, it's real.
- Big engines mean a one-time download. Simple tools are a few kilobytes of JavaScript. The heavyweights aren't: the video converter's FFmpeg engine is ~31 MB, and the vocal remover's AI model is ~172 MB. Each downloads once and is cached — the opposite tradeoff of uploading your (often larger) files every single time.
- Memory is the ceiling. Files are processed in browser memory, so a multi-gigabyte video can fail on a device without much RAM. Server tools can offer bigger limits — by holding your file on their hardware.
- No cross-device handoff. Nothing is stored in the cloud, so there's no “continue on your phone.” That's the privacy working as intended.
How to verify this yourself
You don't have to take any of this on faith — that's rather the point. Three checks anyone can do:
- Watch the network. Open your browser's developer tools (
F12or right-click → Inspect), switch to the Network tab, then use a tool. You'll see the page and script load — and then nothing when you drop in your file. On a server-side converter, you'd see your file POSTed to their servers. - Pull the plug. Load a tool, then turn on airplane mode and use it. A tool that keeps working with no internet connection is, by definition, not uploading anything.
- Read the code. Every Toolkit page is plain, un-minified HTML and JavaScript — right-click → View Page Source. Each tool's page also spells out its exact technique under “How it's built & why it's safe.”
See it in action: the EXIF remover reads a photo's hidden metadata and strips it without the photo going anywhere — try it with the Network tab open.
The bottom line
“We take your privacy seriously” is a promise. Doing the work on your device instead of collecting your files is an architecture. Promises depend on the people keeping them; architectures can be inspected by anyone with a browser. That's the whole idea behind Toolkit — and why, whenever a tool can be built to run entirely in your browser, that's how we build it.
Related: How to share a password or secret safely · What your photos reveal: EXIF data, GPS and how to remove them · Browse all tools