Privacy Policy
Last updated: April 12, 2026
The short version: Unwrite's web tools process your files and text entirely in your browser. Nothing is uploaded to our servers. The entire website is served as static files from a CDN. There is no dynamic server, no backend, and no database. It is technically impossible for us to receive, process, or store your content. We use Cloudflare's server-side edge analytics to understand overall site traffic. This involves no client-side scripts, no cookies, and no fingerprinting. We do not use third-party analytics, advertising pixels, or tracking services of any kind.
This privacy policy applies to the unwrite.co website and its browser-based tools (PDF Editor, GPT Text Refinement, Image Optimiser, HTML Cleaner, Text Comparison, Favicon Generator, and LLM in the Browser).
Shopify apps have separate policies. The Hreflang Tags Shopify app collects different data (store information, access tokens, resource data) and operates under a separate privacy policy that does not apply to this website, and this website's policy does not apply to that app.
What We Collect
Almost nothing. Here is the complete list:
| Data | Source | Purpose |
|---|---|---|
| Aggregate traffic data | Cloudflare edge analytics (server-side) | Understand page popularity, geographic distribution, and site health |
| HTTP request metadata | Cloudflare edge logs | Security monitoring, cache performance, error detection |
Cloudflare edge analytics are collected at the network level from HTTP request logs. No JavaScript is injected into your browser. No cookies are set. No individual user profiles are created. We see aggregate numbers (total visitors, popular pages, and countries), not individual behaviour.
What We Do NOT Collect
- Your files and content. PDFs, images, HTML, and text you process with our tools never leave your browser. We have no mechanism to access them.
- Cookies. We do not set any cookies: not first-party, not third-party, not session cookies, not tracking cookies.
- Client-side analytics. No Google Analytics, no Meta Pixel, no Hotjar, no Sentry, no analytics JavaScript of any kind.
- Personal information. No names, email addresses, accounts, or login credentials. There is no sign-up and no user accounts for the website tools.
- Fingerprinting. No browser fingerprinting, canvas fingerprinting, or device identification techniques.
- Advertising or tracking pixels. None.
Browser-Based Processing
All Unwrite tools process your data locally in your browser using client-side JavaScript and WebAssembly. Your files are read into browser memory, processed, and the results are made available for download, all without any network requests to our servers. When you close the tab, the data is gone.
LLM in the Browser: The local mode downloads an open-source language model and runs it entirely in your browser. No data is sent anywhere. The optional remote server mode sends your prompts to an endpoint you configure (such as an OpenAI-compatible API). In this case, your data is sent to that third-party service under their privacy policy, not ours.
Local Storage
Some tools use your browser's localStorage to remember preferences (such as LLM connection profiles or UI settings). This data is stored only on your device, is never transmitted to any server, and can be cleared at any time through your browser settings.
Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Cloudflare | CDN, DNS, DDoS protection, edge analytics | HTTP request metadata (IP, user agent, path). Standard for any website behind a CDN. |
| jsDelivr | CDN for open-source WASM and JS libraries | IP address when downloading static assets (standard CDN behaviour) |
Both services receive your IP address as part of standard HTTP requests. This is inherent to how the internet works and applies to every website you visit. Neither service receives any of your file content or tool usage data.
Service Worker
Unwrite uses a service worker to enable offline access and improve loading performance. The service worker caches static assets (HTML, CSS, JavaScript, fonts) on your device. It does not track which pages you visit, does not send any data to external services, and does not store any identifying information. You can unregister the service worker at any time through your browser's developer tools.
Security
- HTTPS only: all connections use TLS 1.2 or higher
- HSTS: enforced with preload to prevent downgrade attacks
- No server-side storage:since we don't collect user data, there is nothing to breach
- Source maps disabled: production builds do not expose source code
- WAF protection: Cloudflare WAF rules block common attack vectors
Children's Privacy
Unwrite does not collect personal information from anyone, including children. Since no accounts, cookies, or tracking exist, there is no age-related data to manage.
Changes to This Policy
We may update this policy as we add new tools or change our infrastructure. When we do, we will update the "Last updated" date at the top. Since we do not collect email addresses or user accounts, we cannot notify you directly. Please check this page periodically.
Contact
Unwrite is based in Australia. If you have questions about this privacy policy:
- Email: [email protected]
- Website: unwrite.co