Privacy Policy
Last updated: July 17, 2026
Digitools (operated from Canada) is committed to handling your data responsibly and in compliance with Canadian PIPEDA and CASL. This policy explains what we collect, why we collect it, how long we keep it, and what your rights are.
The short version
- The tools themselves do their work in your browser — what you paste into them stays on your device.
- We log page visits and tool usage events (including your IP address) for security and to understand which tools are useful.
- We do not use Google Analytics, Facebook Pixel, or any third-party tracking script. All logging happens on our own servers.
- If you subscribe to the newsletter, we store your email and proof of consent. You can unsubscribe at any time.
- We do not sell data to anyone, ever.
What we collect, and why
Visit and usage logs
When you visit a tool page, we record: the page URL, your IP address, your user agent (browser identification string), the country your IP resolves to, the referring URL, and the timestamp.
When you click an action button inside a tool (for example "Generate" or "Convert"), we record: the tool, the action name, your IP, user agent, country, and timestamp. We do not record the contents of what you typed or pasted into the tool — that data never leaves your browser.
Lawful basis: legitimate interest — operating the site, detecting abuse, and making decisions about which tools to invest in based on actual usage.
Retention: raw event logs are kept for 90 days, then deleted. Daily aggregated counts (e.g. "1,200 visits to the JSON formatter on 2026-04-15") are kept indefinitely as non-personal statistics.
Tool inputs and outputs
Inputs you type into tools (text, files, certificates, tokens, passwords, tax data, etc.) are processed by JavaScript running in your browser tab. They are not transmitted to our servers. The three exceptions are tools that explicitly call external services — these tools display a clear warning before any request is made:
- "What is my IP?" calls ipapi.co
- "Domain & IP Lookup" calls Google DNS-over-HTTPS and ipapi.co
- "OpenGraph Image Previewer" (URL mode) calls a public CORS proxy
Newsletter
If you submit your email through the newsletter signup form, we:
- Send a verification email to confirm your address (CASL-required double opt-in). Unverified emails are deleted after 48 hours.
- If verified, store your email address, the IP and timestamp of your original signup, and the timestamp of verification.
- Record your express consent under CASL. Consent records are retained for 3 years after unsubscribe, per CASL retention requirements.
- Use your email only to send the Digitools newsletter. Every newsletter includes a one-click unsubscribe link and our physical mailing address.
Lawful basis: express consent.
Admin authentication
The admin section logs all sign-in attempts (IP, user agent, success/failure) and admin actions for security. This data is kept for 1 year, then deleted.
Cookies
Digitools uses first-party cookies only when needed:
- An accessibility preferences cookie stores your text-size, contrast, and motion preferences if you've adjusted them via the accessibility widget. It's optional and never leaves your device.
- An admin session cookie if you're logged into
/admin.
We do not set tracking cookies. We do not embed third-party tracking scripts.
Third parties
We use these external services as part of operating the site:
- AWS SES (US/Canada) for sending newsletter and verification emails. Amazon sees recipient email addresses and message content as part of delivery.
- ipapi.co, Google DNS-over-HTTPS, allorigins.win — only when you specifically use the three tools listed above that make those calls. Each is clearly warned about in the tool itself.
We do not share, sell, or rent your personal information to anyone.
Your rights under PIPEDA
You have the right to:
- Ask what personal information we have about you.
- Request correction or deletion of that information.
- Withdraw consent (e.g., unsubscribe from the newsletter).
- Complain to the Office of the Privacy Commissioner of Canada.
For any of these, email hello@digitools.ca. We respond within 30 days as required by law.
Data security
Personal data is stored in a MySQL database on our server. Database backups are encrypted. Admin access requires two-factor authentication. Email addresses are not encrypted at rest beyond the database file system level — by design, since we need them in plain form to send email.
Changes to this policy
If we materially change this policy, we'll update the "Last updated" date, and for significant changes we'll post a notice on the homepage and, where appropriate, notify newsletter subscribers by email.
Contact
Questions: hello@digitools.ca.