Built for developers.
Designed for privacy.

What is ToolKit?

ToolKit is a free collection of browser-based utilities for developers, designers, and anyone who works with text, code, or data. Every tool runs entirely in your browser — no server receives your input, no database stores your data, no third party is involved.

The project started from a simple frustration: too many online tools are slow, ad-heavy, require account creation, or quietly log your inputs. ToolKit is the opposite — fast, clean, private, and free.

Why we built it

Most "free online tools" are quietly hostile. They ship heavy ad tags before the tool itself loads. They send your input to a server because their codebase was written in a language that can't run in the browser. They gate CSV exports behind an account. They log every payload you paste, even when the tool is something as sensitive as a JWT decoder or a password generator.

Developers notice. Designers notice. Anyone who's ever pasted a production secret into a random site and then felt a chill half an hour later — they all notice. The trust problem is the whole problem.

ToolKit is our answer: every tool runs client-side, there are no accounts, no tracking by default, and the source of truth is the browser you're already using. If a tool does not need a server to work, we will never add one.

Editorial standards

Every tool is built against native browser APIs wherever possible — crypto.subtle for hashing and HMAC, TextEncoder/TextDecoder for encoding, crypto.randomUUID() for IDs. We check output against RFC-compliant reference implementations before a tool ships and when the underlying standard changes.

Guides are written by developers with direct production experience in the topic they cover — authentication, hashing, scheduling, regex, data formats. Every code snippet is runnable as written. When a standard is superseded (for example, MD5 or SHA-1 moving from "legacy" to "broken"), we revise the guide rather than quietly leaving it stale.

If you find a factual error, an outdated recommendation, or a bug in any tool, let us know — corrections ship within days, not quarters.

How it works

Every tool uses native browser APIs — the Web Crypto API for password and hash generation, JSON.parse() and JSON.stringify() for the JSON Formatter, crypto.randomUUID() for UUIDs. No external libraries handle core tool logic.

You can verify this yourself — open your browser's Network tab while using any tool. You'll see no outbound requests for the tool computation itself.

What we collect

We use Google Analytics to understand which tools are most useful, how users navigate the site, and where to focus development. Analytics data is anonymized and aggregated — we see page views and session counts, not individual user content.

We do not collect, store, or transmit any content you enter into the tools. Your passwords, code, text, and other inputs never leave your browser. Read the full Privacy Policy.

Tech stack

Get in touch

Tool requests, bug reports, feedback, correction notes, or guide suggestions — all welcome via the contact page. We read everything and reply to messages that need a reply.