Privacy Policy

The data controller responsible for your personal data is:

• Name: Francisco Pérez Muñoz
• Location: Spain
• Contact: toolharbordev@gmail.com

• Tool inputs stay in your browser: Text you paste into tools (e.g., JSON, JWTs, regexes) is processed locally on your device. We do not operate an API for the tools and we do not intentionally receive or store that content on our servers.
• No ads or analytics are currently enabled: At this time, we do not display ads and we do not run third-party analytics on the Site.
• Basic log data may be processed: Our hosting and security providers may process IP address and request metadata for reliability, security, and debugging.
• You have rights: You can access, rectify, erase, or port your data, object to processing, and lodge a complaint with the Spanish Data Protection Agency (AEPD).

• Content you provide to tools: The Site is designed so that most tools run entirely client-side. We do not ask you to create an account, and we do not provide a feature for submitting tool input to us. As a result, tool input is generally processed only in your browser.
• Contact information (if you email us): If you contact us, we will receive the information you send (such as your email address and message content) and may use it to respond.
• Log and device data: When you access the Site, our infrastructure providers may process standard technical information such as IP address, user agent, approximate location (inferred from IP), requested pages, timestamps, and error logs.
• Cookies / identifiers: We do not intentionally set cookies for advertising or analytics, and we do not currently use third-party analytics or advertising services on the Site.

If we enable advertising and/or third-party analytics in the future (for example, ad networks or analytics providers), those services may use cookies, similar technologies, or device identifiers. If/when we enable them, we will update this policy and our Cookie Policy accordingly.

If we enable non-essential cookies/identifiers in the future (for example, for analytics or advertising) and you visit from the European Economic Area (EEA), United Kingdom, or Switzerland, we will request consent where legally required before those technologies are used.

For more details about cookies and similar technologies, see our Cookie Policy.

Under the GDPR, we must have a lawful basis for processing personal data. Below are the purposes for which we process data and the corresponding legal bases:

• Operating and securing the Site (server logs, security measures)
  Legal basis: Legitimate interest (Article 6(1)(f) GDPR) – we have a legitimate interest in maintaining site security, preventing abuse, and ensuring reliable operation.
• Third-party services (if enabled in the future) (for example, analytics or advertising providers)
  Legal basis: Consent (Article 6(1)(a) GDPR) where required for non-essential cookies/identifiers, especially for users in the EEA/UK/Switzerland.
• Responding to your inquiries (if you contact us by email)
  Legal basis: Legitimate interest (Article 6(1)(f) GDPR) – we have a legitimate interest in responding to communications. Where your inquiry relates to a contract or potential contract, contractual necessity (Article 6(1)(b)) may also apply.
• Complying with legal obligations
  Legal basis: Legal obligation (Article 6(1)(c) GDPR) – we may process data when required to comply with applicable laws.

We may share information with service providers and partners that help us operate the Site, including infrastructure and security providers.

• Hosting/security providers: to deliver the Site, protect it from abuse, and troubleshoot issues (may include logging and CDN services).

These parties may process data in accordance with their own privacy policies.

• Tool inputs: We do not intentionally store tool input on our servers.
• Server logs: Infrastructure providers may retain logs for a limited period for security and reliability.
• Email: If you contact us, we may keep correspondence as long as needed to respond and maintain records.

Our service providers (including hosting/CDN providers) may process information on servers located in different countries, including the United States. As a result, your information may be transferred to, stored, or processed outside your country of residence.

For transfers of personal data from the EEA/UK/Switzerland to countries that do not have an adequacy decision from the European Commission, our service providers rely on appropriate safeguards such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• The EU-U.S. Data Privacy Framework (where applicable)
• Other legally recognized transfer mechanisms

If we add third-party providers in the future (for example, analytics or advertising), additional international transfers may occur. We will update this policy accordingly.

We use reasonable technical measures to help protect the Site. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights regarding your personal data:

• Right of access (Article 15): You can request confirmation of whether we process your personal data and obtain a copy.
• Right to rectification (Article 16): You can request correction of inaccurate personal data.
• Right to erasure (Article 17): You can request deletion of your personal data in certain circumstances ("right to be forgotten").
• Right to restriction (Article 18): You can request that we limit how we use your data in certain situations.
• Right to data portability (Article 20): You can request to receive your personal data in a structured, commonly used, machine-readable format.
• Right to object (Article 21): You can object to processing based on legitimate interest, including profiling.
• Right to withdraw consent (Article 7): Where processing is based on consent (e.g., advertising cookies), you can withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Note: Because our tools process data locally in your browser and we do not store tool inputs on our servers, access and deletion requests typically relate only to any correspondence you may send us (e.g., email).

To exercise any of these rights, contact us at toolharbordev@gmail.com.

If you believe that we have violated your data protection rights, you have the right to lodge a complaint with a supervisory authority. Since we are based in Spain, our lead supervisory authority is the:

Agencia Española de Protección de Datos (AEPD)
Website: https://www.aepd.es
Address: C/ Jorge Juan, 6, 28001 Madrid, Spain

You may also lodge a complaint with the supervisory authority in your country of residence or place of work if different from Spain.

• Browser controls: You can remove or block cookies via your browser settings (note: some features may not work as intended).

The Site is not directed to children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date above.

If you have questions about this Privacy Policy, contact us at toolharbordev@gmail.com.