[JSONZen]
Sign in

Legal

Privacy Policy

Last updated 2026-05-12

Short version

  • Every JSON tool on JSONZen runs entirely in your browser. Your input never leaves the page.
  • Pro snippets are end-to-end encrypted. The server stores ciphertext only — even we can't read them.
  • We don't sell anything and we don't share data with third parties for marketing.
  • Payments go through Stripe. We never see your card number.

What we collect

Anonymous visitors. Your browser sends standard access metadata (IP address, user agent, referrer) to our hosting provider. These are retained for up to 30 days in operational logs and discarded after that.

Pro accounts. When you sign up we store your email address (passed through to our auth provider, Supabase) and an internal account identifier. We do not store passwords — sign-in uses a one-time link emailed to you.

Snippets and shares. If you save a snippet or create a private share, the server holds only the encrypted bytes plus minimal metadata (tool id, byte size, timestamps, your account id). The encryption key never leaves your browser. We physically cannot decrypt your snippets.

Payments. If you buy a Pro pass, Stripe processes the payment and returns a customer id and payment-intent id, which we link to your account so we know your pass is active. We never see card details.

What we don't do

  • No advertising trackers. No fingerprinting. No cross-site identifiers.
  • No selling, renting, or sharing your data with marketing partners.
  • No reading your JSON. The tools run client-side; the server never sees plaintext.
  • No surprise emails. You'll only hear from us about sign-in links, receipts, and Pro-pass expiry reminders.

Subprocessors

We rely on a small set of vendors to keep the service running:

  • Vercel — hosts the static site and serverless functions. Receives standard request metadata.
  • Supabase — Postgres database for accounts, ciphertext snippets, and share links. Bound by their own privacy terms.
  • Stripe — handles payments. Receives email and payment details; PCI-compliant.
  • Resend — sends transactional emails (sign-in links, receipts, expiry reminders).
  • Sentry — captures runtime errors and stack traces from the app. Configured to mask all text and media in session replays, omit PII (IP / email / headers), and never replay healthy sessions — only those where an error fires.
  • Vercel Analytics — privacy-friendly aggregate page-view metrics. Cookieless, no fingerprinting, IP anonymized.
  • Vercel Speed Insights — Core Web Vitals collection (LCP, INP, CLS) sampled anonymously. Cookieless.

Your rights

You can delete your account at any time from the account page. Deleting an account wipes your snippets and share links from our database. Cached copies in operational logs roll off within 30 days.

If you're in the EU/UK, you have the rights granted by the GDPR (access, rectification, erasure, portability, objection). To exercise them, email us at the address below.

Cookies

The only cookie we set ourselves is a session cookie issued by Supabase to keep you signed in. Vercel Analytics is cookieless, Vercel Speed Insights is cookieless, and Sentry only writes to localStorage on the rare occasion an error replay fires. We don't run any marketing or attribution tags.

Children

JSONZen isn't designed for users under 13. If you believe a child has provided us with personal data, contact us and we'll delete it.

Changes

We may update this policy as the service evolves. The “Last updated” date above will change accordingly. Material changes will also be announced via our RSS feed and an email to active accounts.

Contact

Questions? Email support@bobothedev.com.

    Privacy Policy | JSONZen