Edit text in place, sign, redact, reorganize. True content-stream rewrite, not stamp-on-top.
LaunchEdit, sign, redact, and reorganize PDF files in your browser. The Adobe Acrobat alternative that runs on your device — no upload, no subscription.
Pixel-perfect PDF diff with word-level text view, metadata + form-field compare, ruler, and exclusion zones.
LaunchSide-by-side or overlay PDF diff with a document-type selector — Document (contracts, reports), AEC / Blueprint (drawings, schematics), or Image-Scan. Highlights pixel-level differences plus a word-level text diff in a modal.
Open any PCB Gerber bundle in your browser. Gerber X2, Excellon, layer compare, snap-to-pad measure, snapshot URLs.
LaunchOpen RS-274X / X2 Gerber and Excellon files. Inspect layers, measure traces, export to PNG / SVG / DXF.
Compress, merge, split, convert, and manipulate PDF files.
Resize, compress, convert, and transform images.
Format, encode, decode, and validate code and data — safe for production secrets.
Convert, compress, and cut audio and video — MP3, WAV, MP4, WebM, Opus — all in your browser, nothing uploads.
Sourdough baker math, canning processing times — kitchen math you should not memorize.
AES-256 file encryption and self-destructing encrypted notes.
Analyze packet captures and run sysadmin diagnostics in your browser — nothing uploads. PCAP Analyzer ships first.
Chart-overlay technical analysis and precision financial math — your screenshots and numbers never leave your device.
Open CAD, BIM, medical, and enterprise files without paying $300-30K/year for the native software. Gerber Viewer ships first.
Effective: May 10, 2026 · Updated: June 4, 2026 · Version 1.2
This Privacy Policy explains how Khine Zaw, a sole proprietor doing business as “Loft Tools” (“Loft Tools,” “we,” “us,” or “our”) handles personal information when you use our website at lofttools.com and the tools we make available there (together, the “Service”).
We’ve built Loft Tools so that the vast majority of what you do happens entirely in your browser. Your files, calculations, text, images, and other inputs are processed on your device. They are not uploaded to our servers, not sent to third parties, and not seen by us.
This policy is written in plain English, as required by Quebec’s Law 25 and as a general principle. If anything below is unclear, email us at [email protected] and we’ll explain.
If something on this page contradicts what a tool actually does, the actual behaviour controls — please report it to us so we can fix the documentation.
We organise this into the categories used by the EU GDPR (“personal data”) and the California CCPA/CPRA (“personal information”). Where the laws use different words for the same concept, we use the simpler term.
| What | When | Why we use it | Lawful basis (GDPR) |
|---|---|---|---|
| Your email address and message body | When you email us, send a DMCA notice, or contact support | To respond to you and keep a record of correspondence | Legitimate interest (Art. 6(1)(f)) — running and supporting the Service |
| Sponsorship information | When you sponsor via Stripe Checkout on our /sponsor page | To process the sponsorship payment, record an active or one-time supporter for billing purposes, and (only if you opt in) thank you publicly on the sponsor wall | Contract (Art. 6(1)(b)) for the payment relationship; consent (Art. 6(1)(a)) for any optional display name on the public wall |
| Optional sponsor display name | When you provide one at Stripe Checkout and answer “Yes” to the “list me on the public sponsor wall” prompt | To attribute your sponsorship publicly on /sponsor or /sponsor/all after manual review | Consent (Art. 6(1)(a)); revocable at any time by emailing [email protected] |
| Donations via third-party platforms | When you donate via Buy Me a Coffee, Ko-fi, GitHub Sponsors, or similar | To receive the donation and (if you opt in via the platform) thank you | Contract (Art. 6(1)(b)) and legitimate interest |
We do not collect government IDs, payment card numbers, bank account numbers, biometric identifiers, precise geolocation, or special-category data (health, religion, political views, sexual orientation, etc.). If a future tool would require any of these, this policy will be updated and the tool will display a separate notice.
When you load any web page, your browser sends technical information to the server hosting the page. That includes:
Our hosting provider (Cloudflare Pages and Cloudflare Workers; see section 5) processes these automatically as part of operating a website. We use this information only to:
We do not link this information to any account, build a profile from it, or use it for advertising. Server access logs are retained for no longer than 30 days and then deleted or aggregated beyond identifiability.
Lawful basis (GDPR): legitimate interest in operating a secure, functional website (Art. 6(1)(f)).
IP-hash rate limiting. To prevent abuse of our analytics and sponsorship endpoints, we hash your IP address together with a site-specific secret (a one-way SHA-256 transformation) and store the resulting hash with a 1-minute window counter. The hash cannot be reversed back to your IP address; it serves only to count how many requests have arrived from the same source in the trailing 60 seconds. Hash rows are pruned automatically after 10 minutes. We do not store raw IP addresses for rate limiting.
Lawful basis (GDPR): legitimate interest in protecting the Service against automated abuse (Art. 6(1)(f)).
Loft Tools is a Progressive Web App (PWA). To make tools work offline and to remember your preferences, we use the following device-local storage technologies. None of this leaves your browser:
You can clear all of this at any time from your browser’s site-data controls. Doing so will sign you out of any saved preferences but will not affect any data we hold on a server (because, in nearly all cases, there isn’t any).
When you drag a PDF, image, audio file, video, spreadsheet, or other document into a Loft Tools tool, that file is read by JavaScript or WebAssembly running in your browser tab. The file is not uploaded to our servers. We have no copy of it. We cannot recover it. Once you close the tab, it is gone unless your tool offers an explicit “save” option that writes back to your device.
A small number of clearly labelled “premium AI” tools (none enabled at launch) may, in the future, transmit your input to a third-party AI provider (for example, an OCR provider that runs server-side, or a generative model). When that happens, the tool will:
If you do not opt in, the tool will not send the data and will either offer a local-only fallback or display “unavailable for this input.”
Analytics today. We run our own first-party analytics on a same-origin endpoint (lofttools.com/_/c). No cookies, no third-party scripts, no advertising tags, no fingerprinting, no cross-site tracking. For each page view we record only: URL path, UTC timestamp, country code (from request headers), referring site host, and a one-way SHA-256 hash of (rotating-daily salt + IP + User-Agent + our domain). The salt is regenerated every 24 hours and the previous salt is destroyed, so a visit on Monday cannot be linked to a visit on Tuesday — by us or anyone else, even with database access. Raw IP, raw User-Agent, and any file content are never written to disk. Raw rows are retained for 90 days; daily aggregate counts are kept indefinitely. See the Cookie Policy §3.4 for the full data inventory and lawful basis.
Advertising today. None. No ads are served, no advertising data is collected, and no advertising cookies are set.
If we change analytics providers, we will update this Privacy Policy and the Cookie Policy at least 14 days before the change takes effect.
When we eventually serve advertising on free-tier surfaces, we will:
Until those things happen, no ad cookies are set and no advertising data is collected.
For clarity:
We use a small number of vendors to operate the Service. Each is bound by its own privacy and data-protection terms.
| Vendor | Role | Where data sits | Link |
|---|---|---|---|
| Cloudflare, Inc. | Hosting (Pages), edge compute (Workers), CDN, DDoS protection, Cloudflare Web Analytics | Global edge network with primary processing under SCC- and DPF-aligned terms | cloudflare.com/privacypolicy |
| Cloudflare R2 | Object storage for static assets (icons, fonts, images we ship) | Global edge | cloudflare.com/privacypolicy |
| Cloudflare D1 | Database for site content (tool metadata, translations) and for the public sponsor wall — stores Stripe customer_id, sponsor display names (only after admin approval), short-lived IP hashes for rate limiting, and Stripe webhook event identifiers for idempotency. Does not store raw IP addresses, payment-card data, or non-sponsor visitor data. | Cloudflare network | cloudflare.com/privacypolicy |
| Cloudflare Email Routing | Receiving mail sent to addresses at lofttools.com and forwarding it to our operator inbox | Cloudflare edge | cloudflare.com/privacypolicy |
| Microsoft (Outlook.com) | Hosting the operator inbox that receives forwarded mail from [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], and [email protected] | Microsoft data centres | privacy.microsoft.com/privacystatement |
| Stripe, Inc. | Payment processing for sponsorships, including hosted Checkout and the customer billing portal. Stripe holds your payment method (card, Apple Pay, Google Pay, Link) under its own PCI Level 1 program. We store only the Stripe customer_id. | Stripe’s global PCI-compliant infrastructure (U.S., EU, others depending on region) | stripe.com/privacy |
| Donation platforms (Buy Me a Coffee, Ko-fi, GitHub Sponsors, or similar) | Processing donations made outside Stripe Checkout | Each platform’s own infrastructure | Each platform’s privacy policy |
| Domain registrar / DNS (Cloudflare Registrar) | Domain and DNS management — does not see user traffic content | Cloudflare network | cloudflare.com/privacypolicy |
We will update this table when sub-processors change. We do not currently use Google Analytics, Meta Pixel, TikTok Pixel, ad networks, A/B testing tools, session-replay tools, or third-party tag managers.
Loft Tools operates from the United States. When you visit our site from outside the U.S., the technical request information described in section 3.2 will, by the nature of the internet, be processed by infrastructure located in or routed through the U.S. and the global Cloudflare edge network.
For visitors in the EEA, UK, and Switzerland, we and our hosting provider rely on the following transfer mechanisms:
Cloudflare publishes its transfer impact assessment and supplementary measures publicly; we rely on those.
| Category | Retention |
|---|---|
| Server access logs | Up to 30 days, then deleted or aggregated |
| Email correspondence (support, legal) | Up to 24 months after our last reply, unless a legal hold or ongoing matter requires longer |
| DMCA notices and counter-notices | At least 4 years (to satisfy U.S. statute of limitations and 17 U.S.C. §512 requirements) |
Sponsor records (Stripe customer_id, sponsorship amount, period, opt-in display name) | For the lifetime of the sponsorship plus a permanent archive entry on /sponsor/all for opt-in display names. You may request deletion at any time via [email protected] (we will remove the display name and aggregate the row anonymously; the underlying Stripe customer record is governed by Stripe’s own retention policy and applicable U.S. tax/accounting law) |
Sponsor display names submitted but auto-filtered by our moderation word list (rejected_name) | Retained for the lifetime of the sponsor row for refund-dispute and abuse-investigation purposes; never displayed publicly |
| Stripe webhook event identifiers (for idempotency / preventing duplicate processing) | Up to 30 days, then pruned |
| IP-hash rate-limit rows | Up to 10 minutes, then pruned (hash is one-way and cannot be reversed to an IP address) |
| Donation records via third-party platforms (where we receive a thank-you email address you provide) | As required by U.S. tax law and the donation platform’s own retention rules |
| Device-local data (preferences, cache, etc.) | Until you clear your browser site data |
We delete or anonymise personal data when it is no longer needed for the purpose for which it was collected, unless a longer retention is required by law.
Depending on where you live, you have the following rights. We honour all of them globally — you do not need to live in a particular jurisdiction to exercise them.
How to exercise: email [email protected] with the subject line “Privacy Request” and tell us (a) which right you’re exercising and (b) enough information for us to identify what data you mean. Because we hold so little, that’s usually just the email you’re writing from.
Verification: because we do not maintain accounts, our verification is proportionate and minimal. For most requests we’ll simply confirm we hold no responsive data, or process the request based on the email address you contact us from. We will never ask for sensitive identifiers (government IDs, financial credentials).
Response timelines:
Authorised agents: California residents may use an authorised agent. We will need written proof of the authorisation.
Right to complain:
We’d appreciate a chance to fix things first — but you do not have to contact us before going to a regulator.
The Service is intended for users aged 13 and over, and 16 and over in the EEA, UK, and Switzerland unless verifiable parental consent is provided. We do not knowingly collect personal information from children under 13 (or under the applicable age in your jurisdiction).
If you believe a child has provided personal information to us, email [email protected] and we will delete it promptly. As a general-audience site, we do not direct content to children, and we do not use age-targeting or behavioural advertising. The 2025 amendments to the Children’s Online Privacy Protection Rule (COPPA) inform our handling of any data we receive that may relate to a child under 13.
We use a range of technical and organisational measures, proportionate to the limited personal data we hold, to protect against unauthorised access, disclosure, alteration, or destruction. These include:
No internet service is perfectly secure. If we discover a personal data breach that affects you, we will notify the appropriate supervisory authority within 72 hours where required, and notify affected individuals without undue delay where there is a high risk to their rights and freedoms.
Even though we do not currently meet the CCPA’s applicability thresholds, we provide the following for transparency and to honour California residents’ privacy expectations.
To exercise your rights, see section 8. We honour the Global Privacy Control (GPC) browser signal: when the Sec-GPC: 1 header is present on a request, our analytics beacon endpoint drops the write entirely, before any hashing or database insert. We treat GPC as a valid opt-out of sale and sharing as well — for now this is largely symbolic on that axis, since we don’t sell or share personal information.
For residents of states with comprehensive privacy laws (including but not limited to Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Hampshire, New Jersey, Minnesota, Maryland, Rhode Island, and Kentucky): the rights described in section 8 apply, on the timelines and verification standards set out in your state’s law. To exercise them, contact [email protected].
We expect to add the following over time:
We will revise the Effective date at the top of this policy whenever we make changes. Material changes will be highlighted at the top of this page for at least 30 days. We do not send out email notifications about policy changes (because we don’t have your email unless you’ve contacted us).
A complete change history is available on request to [email protected].
The following short addenda apply to specific jurisdictions and prevail over anything inconsistent in the body of this policy.
Email: [email protected] Mail: 577 East Chartres Street, Anaheim, CA 92805, U.S.A.
We aim to acknowledge privacy requests within 5 business days and to substantively respond within the timelines in section 8.
This Privacy Policy is provided as the operator’s good-faith description of its practices. It is not legal advice. If a court or regulator finds any provision unenforceable, the remaining provisions remain in effect.
