Privacy-First Tools: Why Client-Side Generation Matters
Your passwords, PINs, and random numbers should never leave your device. Learn why client-side generation is the only truly private approach and how our tools protect your data by design.
1. What Is Client-Side Generation?
Client-side generation means all the work happens in your browser. When you generate a password or random number, the computation is performed locally on your device using JavaScript and the Web Crypto API. No data is sent to any server.
How It Works:
- You open a tool page (HTML, CSS, JavaScript downloads once)
- You click generate (JavaScript runs locally)
- Web Crypto API provides secure random values from your device
- Result displays in your browser
- Zero network requests after initial page load
Key Benefit: Because everything happens locally, the server (us) never sees what you generate. Your passwords exist only on your device and in your memory.
2. Privacy Risks of Server-Side Tools
Many password generators and random tools work by sending requests to a server that generates the result and sends it back. This creates several privacy risks.
Server-Side Privacy Risks:
- Server logs: Requests may be logged with IP addresses, timestamps, and sometimes the generated values
- Data breaches: Server logs can be hacked or subpoenaed
- Tracking: User behavior can be tracked and analyzed
- Surveillance: Governments may compel disclosure of server data
- Employee access: Server administrators potentially have access to generated data
Critical Consideration: If a tool requires an internet connection to generate results, it's sending data to a server. This is inherently less private than client-side generation.
3. How Our Tools Protect Your Privacy
Every tool on NumberGenerator.ai is designed with privacy as the foundation. Here's exactly how we protect your data:
Privacy by Design:
- Zero telemetry: We don't track which tools you use or how often
- No analytics: No Google Analytics, no tracking pixels, no heatmaps
- No cookies: We don't use cookies for tracking
- No login required: No accounts, no email collection
- No data retention: Generated values are never stored or transmitted
- Open approach: Our code is inspectable in your browser
The only data we receive is standard web server logs (IP address, user agent, request timestamp) which are needed to serve the website. These logs do not contain any generated values.
4. Offline-First Design
Once you load a tool page, it continues to work without an internet connection. You can verify this yourself:
How to Test Offline Capability:
- Open any tool page (like /password-strong)
- Disconnect from the internet
- Click generate - it still works
- Reconnect when done
Benefits of Offline-First Design:
- Privacy proof: If it works offline, data clearly isn't going to a server
- Reliability: Tools work anywhere, anytime
- Speed: No network latency
- No rate limits: Generate as much as you want
5. How to Verify Privacy Claims
Don't just take our word for it. You can verify that our tools are truly client-side:
Verification Steps:
- Browser DevTools: Open the Network tab in your browser's developer tools. After the page loads, click generate. You'll see no network requests.
- View source: Right-click and view page source. You'll see the JavaScript code that runs in your browser.
- Offline test: Disconnect from the internet and verify tools still work.
- Network inspector: Use tools like Wireshark to verify no data leaves your device when generating.
Transparency: We encourage users to verify our privacy claims. True privacy is verifiable privacy. If you find any issues, please let us know.
6. Our Data Retention Policy
To be completely transparent about what data we handle:
What We DO Collect:
- Standard web server logs (IP, user agent, timestamp) for security and debugging
- These logs are retained for a limited time and used only for operational purposes
What We DO NOT Collect:
- Any generated passwords, PINs, or random numbers
- Lists you paste into list tools
- Tool parameters you configure
- Personal identifying information
- Behavioral tracking data
- Analytics or telemetry
Your generated data exists only in your browser's memory while you're using the tool. It disappears when you close the tab or navigate away.
7. Frequently Asked Questions
Can you see the passwords I generate?
No. Password generation happens entirely in your browser using the Web Crypto API. The generated values never leave your device. We cannot see, store, or access anything you generate. You can verify this by opening browser DevTools and watching the Network tab - you'll see no requests when you click generate.
Why do you need to load JavaScript from a server at all?
The HTML, CSS, and JavaScript code needs to be delivered to your browser initially. This is a one-time transfer when you first visit a page. After that, everything runs locally. We're exploring options for a fully offline-installable version (PWA) that would work even without the initial load.
Do you sell user data?
No. We don't collect the kind of user data that would be valuable to sell. No behavioral data, no personal information, no generated data. Our business model is providing useful tools while respecting privacy. We may display contextual advertising in the future, but it would be non-tracking and privacy-focused.
What about the lists I paste into the list picker?
Your lists are processed entirely in your browser. They're never sent to our server. This includes names, email addresses, phone numbers, or any other data you paste into our list tools. Employee names, customer lists, contest entries - all remain private on your device.
Is this more private than using a password manager?
They serve different purposes. Password managers store passwords (often with cloud sync for convenience). Our generator creates new passwords. For maximum privacy, generate passwords locally (using our tool) and store them in a local-only password manager like KeePassXC. If you use cloud-based password managers, make sure you trust their privacy practices.
Generate With Privacy
All our tools run client-side with zero tracking. Your data never leaves your device.