Security

string.is has been designed from the ground up to protect your privacy. Some of the measures taken to ensure privacy include:

Open source

The source code is publicly available on Github, so that you can verify for yourself how your data is handled.

Your data never leaves your browser

All conversion operations happen client-side on your browser. At no time is the data you provide sent to any third parties.

All requests are served over SSL

Requests and responses are encrypted in transit to protect against MITM attacks. Certificates are provided by Let’s Encrypt, and managed by Vercel.

Strict Content Security Policy

The site maintains a strict Content Security Policy, which blocks background connections to external services, and protects against cross-site scripting, clickjacking, and other code injection attacks.

No Cookies

The site doesn’t use cookies, doesn’t generate any persistent identifiers, and doesn’t collect or store any personal or identifiable data.

Privacy-friendly analytics

The site uses Plausible Analytics, a lightweight and open-source website analytics tool. Plausible is hosted in the EU and is fully compliant with GDPR, CCPA and PECR. No personally-identifiable data is collected, and the analytics dashboard is open to the public.

Carefully curated dependencies

Dependencies are carefully curated and limited to a small group of well-maintained libraries, with regular updates and multiple maintainers. The project also has Github security scans and dependency updates enabled, and pull requests are regularly reviewed.

GDPR compliant

The site is fully compliant with GDPR, CCPA and PECR. No personally-identifiable data ever leaves your device.