Privacy Policy

Last updated: July 12, 2026

Overview

Webmaster Cafe ("we", "our", "us") operates https://webmaster.cafe/ (the "Service"). This policy explains the information processed while you use the Service, including browser storage and third-party services.

Information We Process

Information You Provide

  • Contact form: We process your name, email address, message, IP address, and Turnstile verification token. The IP address and token are used to prevent spam and duplicate submissions.
  • Network tools: A WHOIS domain, public IP address, or server-time target URL is sent to our API and the applicable lookup service to provide the requested result.
  • YubiKey verification: If you choose online verification, the YubiKey OTP and Turnstile token are sent through our API to Yubico.

Information Processed Only in Your Browser

Most encoding, decoding, hashing, general encryption, image, and video tools run in your browser without uploading their inputs to our servers. The network tools and YubiKey online verification described above are exceptions.

Generated password history and the last decoded JWT are stored in browser local storage by default. Selecting Disable automatic storage in the relevant tool deletes the saved value and prevents future storage. Encryption keys and JWT verification secrets are not stored automatically.

Information Processed Automatically

  • Cloudflare may process IP addresses, request information, and standard web server logs while providing hosting, security, and Turnstile.
  • Theme preferences, visited-tool indicators, editor content, and app data may be stored in localStorage or IndexedDB rather than cookies.

Purposes

  • Provide the requested tool functionality
  • Respond to contact requests
  • Prevent spam, automated traffic, and API abuse
  • Maintain and improve service reliability
  • Preserve settings and local app data selected by the user

Storage and Retention

  • Browser storage: Settings, app data, and enabled password/JWT history remain on your device and can be removed through the browser or the relevant tool.
  • Cloudflare KV: An IP-based contact rate-limit key is retained for up to one hour. WHOIS and IP lookup results may be cached for up to 24 hours to reduce external API usage.
  • Contact email: Your contact content and source IP are delivered by email through Resend. We do not store a separate copy in an application database.
  • YubiKey OTP: It is processed only for the verification request and is not retained in our storage.

Third-Party Services

  • Cloudflare Pages, KV, and Turnstile: hosting, caching, rate limiting, and bot verification
  • Resend: contact email delivery
  • IP2WHOIS/IP2Location: domain WHOIS and public IP lookup
  • Yubico: online YubiKey OTP verification
  • Content delivery networks (CDNs): delivery of browser runtime resources such as FFmpeg, OCR language data, and AI models. Your files are not uploaded to those CDNs.

Each provider processes information under its own privacy policy.

Data Security

We use measures such as HTTPS, Turnstile verification, request limits, and input validation. Most tool processing remains in your browser, but browser storage can be accessed by people using the same device and browser profile or by code running under the same origin. Consider disabling automatic storage on shared devices.

Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children.

Changes to This Policy

We may update this policy. Changes will be posted on this page with an updated revision date.

Contact Us

Questions about this policy can be submitted through our Contact page.