Your tool input stays on your device.

The short version: PayloadHarbor's JSON, XML, timestamp, and JWT tools run in your browser. The application does not receive the values you enter.

No accounts · No analytics · No payload storageLast reviewed July 5, 2026

What stays local

Text entered into a tool is held in the active page's component memory. Parsing, formatting, decoding, and conversion run with JavaScript in your browser. Tool inputs are not written to cookies, local storage, session storage, URLs, or an application database.

What hosting can observe

As with any website, the hosting and network infrastructure may process ordinary request data needed to deliver static pages and assets, such as IP address, user agent, requested path, time, and security telemetry. Tool input is not part of those requests.

Clipboard and downloads

Copy actions use the browser Clipboard API after you press a copy button. Downloads are generated locally with temporary Blob URLs. Clipboard managers and other software on your device may retain copied values outside PayloadHarbor's control.

Sensitive data

Local processing reduces exposure but does not make an untrusted device safe. Browser extensions, malware, screen recording, shoulder surfing, and device access can still expose input. Prefer synthetic or redacted payloads and avoid production tokens.

Future changes

If optional analytics, persistence, or server-backed features are introduced, this page will describe them before they are enabled. The initial release includes none of those systems.