1
Pick the privacy or security tool you need: password generator, hash, encrypt/decrypt, EXIF stripper, redactor, breach checker.
2
Paste your input or drop the file — everything runs locally in your browser.
3
Configure options: password length, encryption algorithm, redaction style, hash variant.
4
Copy the result or download the cleaned/secured file. Originals are never uploaded.

Key features

Cryptographically secure password and passphrase generators (CSPRNG)
AES-256-GCM file and text encryption with PBKDF2/Argon2 key derivation
EXIF metadata stripper for photos — removes GPS, camera, and timestamps
PDF and image redactor with true pixel-level removal (not just black boxes)
Hash and HMAC generator for integrity checks (MD5, SHA-1/256/384/512)
Have-I-Been-Pwned style breach lookup with k-anonymity (your password is never sent in full)

Frequently asked questions

How secure are the passwords from your generator?

We use the browser's CSPRNG (crypto.getRandomValues). A 16-character mixed-case, alphanumeric, symbol password has 96+ bits of entropy — uncrackable in practice.

Should I use a password or a passphrase?

Passphrases (4+ random words like 'horse-staple-correct-battery') are easier to remember and just as strong. Use a manager either way.

Is my password ever sent to your servers?

No. Generation, strength evaluation, and breach lookup all run in your browser. Breach checks use k-anonymity (only 5 hash characters are queried).

Can I really redact a PDF without leaking the original text?

Yes — PDF Redactor removes the underlying glyphs (not just covers them with rectangles). Search and copy/paste cannot recover the redacted content.

How do I encrypt a file before sharing?

File Encrypt uses AES-256-GCM with a password-derived key (PBKDF2, 600k iterations). Send the file and password through different channels for safe sharing.

What encryption is best for sensitive notes?

AES-256-GCM is the modern standard — authenticated encryption that detects tampering. It's what banks, governments, and Signal use.

How do I strip EXIF data from a photo before posting?

EXIF Stripper removes GPS, camera serial, software version, and timestamps in one click. The image quality stays identical.

Can I check if my password has been in a data breach?

Yes — Breach Checker uses the Have-I-Been-Pwned API with k-anonymity. We hash your password locally and only send the first 5 characters.

What's the difference between hashing and encryption?

Hashing is one-way (no decryption) — used for passwords and integrity checks. Encryption is two-way with a key — used for protecting data at rest or in transit.

How do I generate a secure 2FA backup code?

Token Generator with 10–12 alphanumeric characters and high-entropy alphabet matches the format of Google/Apple/Microsoft 2FA backup codes.

Are the encrypted files compatible with other tools?

We use the standard Web Crypto API (AES-GCM). Files can be decrypted by any tool supporting the same parameters — we publish the format so power users can verify.

Will EXIF stripping change my photo's appearance?

No — only metadata is removed. Pixels, color, and dimensions are untouched. The file size drops slightly because metadata is gone.

How long should my password be?

12 characters minimum for low-stakes, 16+ for important accounts, 20+ for crypto wallets and root credentials. Length beats complexity.

What hash should I use for file integrity?

SHA-256 is the modern default. SHA-1 and MD5 are broken for security but still useful for non-adversarial integrity checks (e.g., download verification).

Are the privacy tools really private?

Yes. Every tool in this category runs entirely in your browser. No analytics on your inputs, no logging, no server uploads — verifiable in our open-source client code.