Privacy Policy

The audience is developers, designers, and technical readers who use free utilities on the Site. You interact anonymously in the sense that we do not assign you a login, a customer record, or a CRM profile. Some flows still produce network traffic: analytics, optional advertising, and a few tool actions that only work if something is sent over the internet. Later sections describe that in plain language so you can decide what to enable and what to paste into the tools.

You can think of four lanes: • Lane A — purely local: most converters read and transform text inside your browser tab. Our servers never receive the pasted source in those cases. • Lane B — measurement: Plausible Analytics receives page-view style events so we know which pages are useful. It is configured toward privacy-friendly defaults (no cookie from Plausible for counting in the usual setup). • Lane C — optional ads: if you accept the cookie banner, third-party ad scripts may load and set their own cookies or identifiers. If you decline, we intend not to initialize those scripts for personalization. • Lane D — network-backed actions: a handful of tools only finish their job if the data you are working with is sent over the network when you deliberately use that part of the product.

The following preferences are stored with Web Storage APIs (typically localStorage) on your device: color theme (light/dark), interface language (English or Russian), and the cookie-consent choice. Clearing site data for codealchemy.dev removes them. For many converters and helpers, your input stays inside the browser until you leave the page. That also means backups, version control, and secrecy are your responsibility: closing the tab discards unsaved work unless you copy it elsewhere.

We use Plausible Analytics to understand aggregate traffic: for example which documentation pages are read, which tools are opened, and rough acquisition context such as referrer or device class. Plausible is designed to minimize personal data and is often described as cookieless for basic page metrics. We use Plausible as a processor under their product terms. Aggregated statistics are not sold by us to third parties as a separate data product. If you run a strict blocker, counts may be incomplete; that is expected and does not break the tools themselves.

First-party storage on the Site is limited to functional preferences as noted above. Separately, advertising partners rely on cookies or similar storage when their scripts run. When you first visit, a small banner asks whether you accept personalized advertising cookies. Accepting may allow networks to attach identifiers for frequency capping, fraud checks, and targeting. Declining is intended to keep those scripts from running for that purpose on subsequent loads (subject to browser storage still holding your choice). You can change your mind later by clearing the Site's storage or, where available, toggling consent again after clearing the saved value. Because we do not operate accounts, there is no per-email marketing list to unsubscribe from on our side.

Advertising helps keep the tools free. Depending on region, fill, and build-time flags, the Site may load scripts or tags from vendors such as Yandex Advertising Network (РСЯ), Google AdSense, Adsterra, PropellerAds, and AdGem (including rewarded formats where configured). Each vendor sets its own retention, identifiers, and legal bases under its public policies. We do not control individual ad creatives. If an ad looks misleading or unsafe, use your browser's reporting tools and avoid clicking it. We do not sell personal data in the sense of exchanging a list of identified users for money. Ad economics are handled by the networks under their contracts with publishers.

A minority of workflows only make sense if what you are working with is transmitted so the tool can complete the task you started. That can include design import or export you initiate, assisted conversion you opt into, or AI-assisted generation you trigger yourself. We do not use those contents to build a marketing profile on our side. Anything you treat as secret should stay out of online tools unless you accept the residual risk of sending it across the public internet. Hosting and content-delivery providers always see the ordinary metadata needed to load a website (TLS, routing, coarse geography at the level those vendors typically surface).

Where the GDPR applies, different processing activities rest on different grounds: • Analytics may rely on legitimate interests in understanding aggregate product usage, balanced against your rights and reasonable expectations for a small public tool site. • Strictly necessary storage for theme, language, and consent state supports the performance of the service you request. • Personalized advertising cookies, when used, generally rely on consent obtained through the banner. • Features you deliberately start may process data because you asked for the result. This section is a plain-language map, not a binding legal analysis for every visitor in every country.

The internet is cross-border by default. Subprocessors such as analytics, advertising, AI inference, hosting, or design platforms you connect may process data in countries other than where you sit. Vendors publish their transfer mechanisms (for example standard contractual clauses) in their own documentation. If you must avoid certain jurisdictions, do not paste sensitive material into any online tool, including this one.

We rely on industry-standard transport encryption (HTTPS) between your browser and the Site. No security practice removes all risk: compromised endpoints, browser extensions, or clipboard malware remain outside our control. You should assume any online editor can be observed by local malware on your machine. For high-sensitivity code, work offline in an isolated environment.

Plausible retains aggregated analytics according to its product policy. Advertising networks retain telemetry under their own schedules. Hosting vendors keep technical and security logs under their own retention rules. We do not maintain a visitor CRM, a newsletter list, or a ticketing queue tied to your email on this Site.

Practical steps you can take today: • Use browser controls to block third-party scripts or delete stored data for this origin. • Decline advertising cookies in the banner if you do not want those scripts to initialize for targeting. • Prefer offline tooling when the material must not cross the public internet. Depending on where you live, privacy laws may grant rights such as access, correction, deletion, objection, or portability. Those rights are often exercised toward whichever company lawfully determines purposes and means for a given dataset—for analytics or ads, frequently the vendor itself. Supervisory authorities in the EU and similar regions accept complaints from individuals; you can identify the correct regulator from public government lists. Because we do not operate an email intake for privacy requests on this Site, this policy focuses on transparency and self-service controls rather than a mailbox workflow.

The Site is intended for adults who work with code and design files. It is not directed at children under 13, or under 16 where EU age rules are stricter. We do not knowingly pursue behavioral advertising to minors on this property. If you are a parent and believe a child disclosed personal information through a third-party form unrelated to this policy, contact that service directly; we do not run a child sign-up flow here.

When practices change materially, we update this page and move the effective date. Minor clarifications and wording edits may occur without changing the date if the meaning is unchanged. Continued use of the Site after a meaningful update constitutes acceptance of the revised policy. If you disagree with a future version, stop using the Site.