This is a small static site, but it still has a few moving parts. The short version: I do not collect the text you paste into tools, I do not see the values they produce, I do not run ad trackers, and I do not sell anything. The site only serves over HTTPS, so anything moving between your browser and Cloudflare stays encrypted in transit. Cloudflare serves the site and provides basic aggregate visitor analytics. Your browser stores your theme choice locally.
The tools under /tools/ are static HTML plus same-origin JavaScript. Both the input you type and the output the tool produces stay in your browser. The password generator, JSON formatter, regex tester, hash tool, cron builder, and the rest send neither input nor output to daal.cloud, Cloudflare Workers, or a third-party API. There is no API behind them, so there is nothing on the server side to store. The pages are HTTPS-only, so the tool code arrives untampered and nothing your browser would send back leaks in transit.
A few browser features stay local too: copy buttons use the Clipboard API, the Morse tool uses Web Audio, and crypto-related tools use the Web Crypto API. If a browser does not provide a safe API for a security-sensitive job, the tool should refuse to do the job rather than fake it.
The site stores one preference in localStorage: theme, with a value of dark or light. That prevents the page from flashing the wrong theme when it loads. I use localStorage instead of a cookie because the browser does not send it along with every HTTP request. Clear it from your browser's site data, or run this in the console if you want to remove it:
localStorage.removeItem('theme')I do not store tool input, tool output, generated passwords, search terms, or clipboard contents in localStorage.
daal.cloud runs on Cloudflare Pages. That means normal HTTP request metadata passes through Cloudflare: IP address, user agent, URL path, referrer, cache status, security events, and similar operational data. Cloudflare needs that to serve the site, cache it, protect it, and show basic traffic information.
I look at Cloudflare's basic aggregate visitor analytics, which come from request metadata Cloudflare is already handling to serve the site. I do not add the browser-side Cloudflare Web Analytics/RUM beacon, analytics cookies, or analytics-specific browser storage. I also do not store visitor IP addresses in daal.cloud itself. Cloudflare still processes normal request metadata as the service that delivers and protects the site.
Cloudflare documents its privacy approach and Web Analytics product here:
I also run Umami on a self-hosted instance for anonymous visitor analytics. It is GDPR-compliant by design: it stores no IP addresses, collects no personal information, and sets no cookies. Umami tracks aggregate page views and basic device information (screen size, browser, OS) without identifying individual visitors. The beacon loads on every page of the site, tool pages included, so I can see which tools actually get used. None of that involves your tool input or output, which stay in your browser.
Blog search uses Pagefind. Your browser downloads a same-origin search index and searches it locally. I do not receive the words you type into the search box.
Share buttons do nothing until you click them. If you click one, your browser opens the selected external share URL. At that point, that service gets whatever your browser sends to it.
If something here looks wrong, use the contact page.