Skip to main content

Toolora Privacy Policy

Effective: 2026-05-25

Toolora is a collection of tools that run entirely in your browser. This policy covers two things only: what lands in our server access logs, and what happens to the content you type into a tool (spoiler: nothing — it never leaves your tab).

1. What we collect

When you load any page on toolora.info, our server records:

  • A hash of your IP address. The raw IP is run through SHA-256 with a salt that rotates daily, and only the hash is written to disk. Hashes are kept on a 30-day rolling window, then deleted in bulk. We cannot reverse a hash back to a raw IP.
  • Inferred geolocation: country / region / city / approximate latitude and longitude. We pass your IP to the free lookup endpoint at ip-api.com and store only the geographic fields it returns — no user identifier attached.
  • Device class: desktop / mobile / tablet. Coarsely derived from your User-Agent. We do not fingerprint.
  • Page path and referrer: which URL you opened, and whatever site (if any) the Referer header named as the previous page.
  • "Tool opened" events: a row that says "tool X was opened at time T." We do not record what you typed into the tool, what it produced, or which settings you chose.

2. What we never collect

  • Anything you type into a tool. JSON, CSS, passwords, text, files, images — all of it is processed by JavaScript inside your browser. Our servers never see it. Open the Network panel in DevTools while you use any tool and confirm for yourself.
  • Email, name, phone, account. Toolora has no signup. No "create account" button exists. If you email us, then yes, we have your email — used only to reply.
  • Tracking cookies. We use localStorage for two functional things only: your theme (light/dark) and your language preference. No Google Analytics, no Facebook Pixel, no ad networks, no cross-site tracking pixels.
  • Biometrics, addresses, payment info. There is nothing to pay for.

3. Third-party services, full list

Server-side, Toolora touches exactly three outside parties:

  • Hostinger — our hosting provider. The Nginx access log writes the raw IP at the server level as a matter of course; our application reads each line, hashes the IP, and the raw log rolls over on Hostinger's default 7-day rotation.
  • ip-api.com — IP-to-location lookup. We send only an IP string, no user identifier. The request goes from our server, not from your browser, so ip-api.com sees our server's IP, not your browsing habits.
  • Resend (only if you email us feedback) — the email service we use to reply.

That is the full list. No ad networks, no social embeds, no font CDNs that track, no Hotjar / Mixpanel / Amplitude / Sentry / LogRocket / etc.

4. Your rights

We honor the spirit of GDPR and CCPA whether or not you live under them:

  • Access / deletion: email zsy@toolora.freeqiye.com with the rough timeframe and IP range you think applies to you. We delete matching records within 30 days and write back. Caveat: because IPs are hashed, we cannot pinpoint records that are "only yours," so deletions happen on a time-window basis.
  • Disable cookies: turn off localStorage for toolora.info in your browser. Nothing breaks; your theme and language just reset to defaults on each visit.
  • Use a VPN or Tor: go ahead. We do not try to defeat proxies, do not fingerprint, and will not block you for hiding your IP.

5. Children

Toolora is not built for users under 13, and we do not knowingly collect data from them. If you are a parent and want records linked to a minor's use removed, email us per the rule above.

6. Changes to this policy

If something material changes (a new third party, for instance), we run a banner on toolora.info's home page and at the top of this page for 30 days before the change takes effect. The effective date above gets updated. No quiet rewrites.

7. Contact

Questions, complaints, corrections, or a request to see the exact hashing code we run on the backend — email zsy@toolora.freeqiye.com. I (Lei Li) read it. I reply.