Privacy Policy

Introduction

At JWT Secret Key Generator, we believe privacy is a fundamental right, not a commodity. This Privacy Policy explains how we handle your data when you use our tool at jwtsecretkeygenerator.com.

We're developers ourselves, and we built this tool with transparency at its core. Unlike many free tools, we're honest about what we collect and why. We use analytics to improve the tool and display ads to keep it free—but your JWT secret keys are never, ever collected or transmitted.

This policy is written in plain English because legal jargon shouldn't hide how we treat your privacy. If you have any questions after reading this policy, please contact us at jwtsecretkeygenerator@gmail.com.

What Information We Collect

1. Automatically Collected Information (Analytics)

We use Google Analytics to understand how visitors use our site and improve the user experience. Google Analytics automatically collects:

• Usage Data: Pages you visit, time spent on pages, how you navigate through the site, referring websites
• Device Information: Browser type and version, operating system, screen resolution, device type (desktop/mobile/tablet)
• Location Data: Approximate geographic location based on IP address (country, region, city level—not precise GPS coordinates)
• IP Address: Your Internet Protocol address, which Google may anonymize or aggregate
• Cookie Identifiers: Unique identifiers stored in cookies to recognize repeat visits

Purpose: To analyze traffic patterns, understand which features are most valuable, improve site performance, and measure the effectiveness of our content.

Legal Basis (GDPR): Legitimate interest in improving our services (Article 6(1)(f)) and consent where required by law.

Data Processor: Google LLC (USA). Google Analytics is subject to Google's Privacy Policy.

Retention: Google Analytics data is automatically deleted after 26 months.

2. Advertising-Related Information

We display advertisements through Google AdSense and potentially other advertising networks to support this free tool. These advertising services may collect:

• Cookie Identifiers: Unique identifiers to serve personalized ads based on your interests
• Ad Interaction Data: Which ads you view, click on, or interact with
• Interest Categories: Inferred interests based on your browsing behavior across websites (for personalized advertising)
• Device & Browser Data: Similar to analytics data, used for ad targeting and measurement

Purpose: To display relevant advertisements, measure ad performance, and generate revenue to keep this tool free.

Legal Basis (GDPR): Consent (Article 6(1)(a)) for personalized advertising in the EU/EEA. Legitimate interest for non-personalized ads.

Data Processors: Google AdSense and potentially other ad networks. Each network has its own privacy policy.

3. Essential Technical Data

Our web hosting provider automatically collects basic server logs:

• Server Access Logs: Page requested, timestamp, HTTP response code, referring URL
• Retention: Automatically deleted after 30 days
• Purpose: Security monitoring, performance optimization, and debugging only

4. Email Communications (Only If You Contact Us)

If you choose to email us at jwtsecretkeygenerator@gmail.com, we collect:

• Your email address
• The content of your message
• Any information you voluntarily provide

Purpose: To respond to your inquiry and provide support.

Retention: Up to 2 years. You can request deletion at any time.

Sharing: Never shared, sold, or provided to third parties.

What We DON'T Collect

• Your Secret Keys: Never, ever. All key generation is 100% local in your browser.
• Personal Identification: No names, postal addresses, phone numbers (unless you voluntarily email us)
• Account Data: We don't have user accounts, logins, or profiles
• Payment Information: We don't process payments or donations
• Precise Location: We don't collect GPS coordinates or precise location data
• Biometric Data: No fingerprints, facial recognition, or biometric information

How Your Keys Are Generated (Technical Deep Dive)

Understanding how our tool works helps you understand why your data stays private:

1. You Load the Page: When you visit our site, your browser downloads HTML, CSS, and JavaScript files from our server.
2. Everything Runs Locally: Once the page loads, all functionality runs entirely in your browser's JavaScript engine. There's no connection back to our servers for key generation.
3. Web Crypto API: Key generation uses crypto.getRandomValues(), a built-in browser API that accesses your operating system's cryptographically secure random number generator (CSPRNG).
4. Keys Stay in Memory: Generated keys exist only in your browser's RAM. They're displayed on screen for you to copy, but they're never written to your hard drive, never sent over the network, and never logged anywhere.
5. You Control the Data: When you copy a key, it goes to your clipboard. When you close the tab or generate a new key, the old key is discarded from memory. We have no access to any of this.

You can verify this zero-server-communication yourself: Open your browser's Developer Tools (F12), go to the Network tab, and click "Generate Key." You'll see no network requests are made during generation.

Third-Party Services

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC ("Google"), to analyze how visitors use our site.

What Google Analytics Collects:

• Information about your device (browser, operating system, screen size)
• Your interactions with our site (pages visited, time on site, click behavior)
• Approximate location (country, region, city based on IP address)
• Referring websites and search terms that led you to our site

How Google Analytics Uses Cookies: Google Analytics sets cookies to distinguish unique users and sessions. See our Cookie Policy for details.

Data Transfer: Google Analytics may transfer your information to the United States and other countries where Google operates. Google uses Standard Contractual Clauses approved by the European Commission to protect data transferred from the EU/EEA.

Opt-Out Options:

• Install the Google Analytics Opt-Out Browser Add-on
• Use browser settings to block analytics cookies (see our Cookie Policy)
• Adjust cookie preferences in our consent banner (EU/EEA/UK visitors)

Google's Privacy Policy: https://policies.google.com/privacy

Google AdSense & Advertising Partners

We display advertisements through Google AdSense and potentially other advertising networks to keep this tool free.

How Advertising Works:

• Ad networks use cookies and similar technologies to serve relevant ads based on your interests
• They track which ads you view and interact with across websites
• This creates advertising profiles to show you personalized content
• Ad networks may share data with other advertising companies

Personalized vs. Non-Personalized Ads:

• Personalized Ads: Based on your browsing history and interests. Requires consent in the EU/EEA.
• Non-Personalized Ads: Based only on the current page content and your general location. No consent required.

Advertising Opt-Out Options:

• Visit Google Ad Settings to control personalized advertising
• Use the Digital Advertising Alliance Opt-Out Tool
• Use the European Interactive Digital Advertising Alliance Tool (EU users)
• Enable "Limit Ad Tracking" on mobile devices (iOS/Android)
• Use ad-blocking browser extensions
• Reject advertising cookies in our consent banner

Advertising Partner Privacy Policies:

• Google AdSense: https://policies.google.com/technologies/ads
• Additional partners will be listed here as they're added

Google Fonts

We use Google Fonts to display the Inter and JetBrains Mono typefaces. When you visit our site:

• Your browser requests font files from Google's servers
• Google may collect basic technical information (IP address, browser type)
• Subject to Google's Privacy Policy

Alternative: You can block fonts.googleapis.com—the tool will use system fonts instead.

Web Hosting Provider

Our site is hosted on secure infrastructure. The hosting provider may collect:

• Server access logs (automatically deleted after 30 days)
• Security monitoring data to prevent DDoS attacks
• Basic performance metrics for uptime monitoring

This data is used solely for operational purposes and is never shared or sold.

Cookies and Local Storage

We use cookies and similar tracking technologies for analytics, advertising, and functional purposes. For complete details, please see our Cookie Policy.

Types of Cookies We Use

Cookie Consent Management

When you first visit our site from the EU/EEA/UK, we display a cookie consent banner allowing you to:

• Accept all cookies (analytics + personalized advertising)
• Reject non-essential cookies (only functional cookies)
• Customize your preferences (choose which cookie categories to allow)

Your Control: You can change your cookie preferences at any time by:

• Clicking the "Cookie Settings" link in our footer
• Clearing cookies in your browser settings
• Using browser extensions to block cookies

See our Cookie Policy for detailed information about each cookie we use.

Children's Privacy (COPPA Compliance)

We take children's privacy seriously and comply with the Children's Online Privacy Protection Act (COPPA) in the United States and similar regulations globally.

Our Tool is Safe for All Ages

• We do not knowingly collect personal information from children under 13 years of age
• Our tool doesn't require registration, account creation, or any personal data submission
• Google Analytics and AdSense are configured to comply with child protection regulations
• We don't display age-inappropriate advertising content

For Parents and Guardians: Children can safely use our tool for educational purposes (learning about JWT authentication, cryptography, etc.). If you believe we have unintentionally collected personal information from a child, please contact us immediately at jwtsecretkeygenerator@gmail.com, and we will delete it promptly.

Your Rights Under GDPR (European Union & UK)

If you are located in the European Union, European Economic Area, or United Kingdom, the General Data Protection Regulation (GDPR) gives you certain rights regarding your personal data.

Your GDPR Rights

• Right to Access: You can request information about any personal data we hold about you (likely only email correspondence if you've contacted us, plus analytics data held by Google)
• Right to Rectification: You can request correction of inaccurate personal data
• Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data
• Right to Restrict Processing: You can ask us to limit how we use your data
• Right to Data Portability: You can request a copy of your data in a machine-readable format
• Right to Object: You can object to processing of your personal data, especially for direct marketing
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time
• Right to Lodge a Complaint: You can complain to your local data protection authority

Legal Basis for Processing

When we process personal data, our legal basis is:

• Legitimate Interest (Article 6(1)(f)): For analytics to improve our tool and respond to support inquiries
• Consent (Article 6(1)(a)): For personalized advertising and certain analytics features (when consent is required)

Data Controller

JWT Secret Key Generator is the data controller responsible for your personal data. Contact us at jwtsecretkeygenerator@gmail.com to exercise any of your rights.

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we've mishandled your personal data. You can find your supervisory authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

Your Rights Under CCPA/CPRA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you specific rights regarding your personal information.

Your California Rights

• Right to Know: You can request information about what personal data we collect, use, disclose, or sell
• Right to Delete: You can request deletion of your personal information
• Right to Opt-Out: You can opt out of the "sale" or "sharing" of personal information
• Right to Non-Discrimination: We won't discriminate against you for exercising your privacy rights
• Right to Correct: You can request correction of inaccurate personal information
• Right to Limit Use of Sensitive Data: You can limit use of sensitive personal information (Note: We don't collect sensitive data)

Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information from California residents:

• Identifiers: Email addresses (only if you contact us voluntarily), IP addresses (collected by Google Analytics and hosting provider)
• Internet Activity: Browsing behavior, pages visited, time on site, clicks (collected by Google Analytics)
• Device Information: Browser type, operating system, screen resolution (collected by Google Analytics)
• Geolocation Data: Approximate location based on IP address (country/region/city level)

Selling and Sharing Personal Information

Under the CCPA/CPRA, "selling" and "sharing" have specific legal definitions that may include sharing data with advertising partners.

Do We "Sell" Your Personal Information?

We do not sell personal information in the traditional sense (exchanging data for money). However, when we display personalized ads through Google AdSense, California law may consider this "sharing" or "selling" because advertising networks receive data for targeted advertising purposes.

Categories of Personal Information Shared for Advertising:

• Internet activity (pages visited, clicks, time on site)
• Device identifiers and characteristics
• Approximate geographic location (city/region level)
• Inferred interests and preferences

Your Right to Opt-Out:

• California residents can opt out of the "sale" or "sharing" of personal information
• Use the "Do Not Sell or Share My Personal Information" link in our footer (for California residents)
• Alternatively, adjust your Google Ad Settings
• Enable Global Privacy Control (GPC) in your browser—we honor GPC signals
• Reject advertising cookies in our consent banner

We do not:

• ❌ Sell personal information for monetary compensation
• ❌ Collect sensitive personal information (genetic data, biometrics, precise geolocation, etc.)
• ❌ Use personal information for secondary purposes without notice

How to Exercise Your Rights

To exercise your CCPA/CPRA rights, email us at jwtsecretkeygenerator@gmail.com with the subject line "California Privacy Rights Request." We'll respond within 45 days.

You can also:

• Opt out of personalized advertising through Google Ad Settings
• Install the Google Analytics opt-out add-on
• Use browser settings to block cookies

International Users and Data Transfers

JWT Secret Key Generator is accessible worldwide. Here's how we handle international data considerations:

Data Processing Location

• Our website is hosted on servers that may be located in various countries
• All key generation happens locally in your browser—keys never travel anywhere
• Google Analytics and AdSense process data in the United States and other countries where Google operates
• If you email us, your message may be stored on servers operated by Google (Gmail)

Data Transfer Safeguards

When your data is transferred from the EU/EEA to other countries:

• Google uses Standard Contractual Clauses (SCCs) approved by the European Commission
• These legal mechanisms ensure your data receives adequate protection
• You can learn more about Google's data transfer practices in their Privacy Policy

Compliance Across Jurisdictions

We strive to comply with privacy laws in all jurisdictions where our users are located, including:

• 🇪🇺 GDPR (European Union)
• 🇬🇧 UK GDPR (United Kingdom)
• 🇺🇸 CCPA/CPRA (California, USA)
• 🇺🇸 COPPA (USA - Children's privacy)
• 🇨🇦 PIPEDA (Canada)
• 🇦🇺 Privacy Act (Australia)
• 🇧🇷 LGPD (Brazil)

If your country has specific privacy requirements we should know about, please contact us at jwtsecretkeygenerator@gmail.com.

How We Protect Your Data

Even though we collect minimal data, we take security seriously:

Technical Security Measures

• HTTPS Encryption: All connections to our site use TLS/SSL encryption
• Client-Side Processing: Key generation happens in your browser using the Web Crypto API—industry-standard cryptography
• No Database: We don't have a user database that could be hacked or leaked
• Secure Hosting: Our hosting provider implements DDoS protection, firewall rules, and security monitoring
• Regular Updates: We keep our infrastructure and dependencies updated with security patches
• Google Security: Analytics and advertising data is protected by Google's enterprise-grade security infrastructure

Email Security

• Email correspondence is protected by Gmail's security infrastructure
• We don't share email addresses with third parties
• We delete old email threads after 2 years unless you request earlier deletion

Breach Notification: In the unlikely event of a data breach affecting personal information we hold (like email correspondence), we will notify affected users and relevant authorities as required by applicable laws (within 72 hours under GDPR).

Data Retention

Here's how long we keep different types of data:

You can request deletion of your data at any time by contacting jwtsecretkeygenerator@gmail.com. For analytics data held by Google, you can use their data deletion tools.

Your Choices and Controls

You have multiple ways to control your data and privacy:

Cookie Management

• Consent Banner: When you first visit (EU/EEA/UK), choose to accept, reject, or customize cookies
• Cookie Settings: Click "Cookie Settings" in our footer to change preferences anytime
• Browser Settings: Block all cookies or only third-party cookies in your browser
• Clear Cookies: Delete existing cookies through browser settings

Analytics Opt-Out

• Install the Google Analytics Opt-Out Browser Add-on
• Use privacy-focused browsers (Brave, DuckDuckGo, Firefox with tracking protection)
• Enable "Do Not Track" in browser settings

Advertising Controls

• Adjust Google Ad Settings for personalized ads
• Use the DAA WebChoices Tool (USA)
• Use the EDAA Tool (Europe)
• Enable "Limit Ad Tracking" on iOS devices
• Opt out of "Ads Personalization" on Android devices
• Use ad-blocking extensions (uBlock Origin, AdBlock Plus)

Global Privacy Control (GPC)

We honor Global Privacy Control (GPC) signals from your browser. When GPC is enabled, we automatically:

• Disable personalized advertising
• Limit data sharing with advertising partners
• Respect your opt-out preference (especially for California residents under CCPA/CPRA)

Impact on Tool Functionality: Our JWT key generation tool works perfectly regardless of your privacy choices. Blocking analytics and advertising doesn't affect core functionality.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in privacy laws or regulations
• New features we add to the tool
• Changes to third-party services we use
• Feedback from users or privacy advocates
• Best practices in data protection

How we'll notify you:

• We'll update the "Last Updated" date at the top of this page
• For significant changes (like adding new tracking technologies), we'll display a prominent notice on our homepage for 30 days
• If required by law, we'll obtain new consent for material changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your privacy.

Contact Us About Privacy

If you have any questions, concerns, or requests related to this Privacy Policy or how we handle your data, we're here to help:

For Privacy Rights Requests (GDPR, CCPA):

• Please specify which right you're exercising (access, deletion, opt-out, etc.)
• Include enough information to verify your identity (if applicable)
• We'll process verifiable requests within legally required timeframes (45 days for CCPA, 30 days for GDPR)

We take privacy seriously and treat every inquiry with care. Whether you're exercising your legal rights, reporting a concern, or just curious about our practices, we're here to help.