AllSetTools

Security Policy

Last updated: July 1, 2026

Security is the core foundation of AllSetTools. Our local-first execution model shields your data from network exploits and database leaks.

1. Local Browser Sandboxing

Traditional utility websites send your text, documents, and private configurations to a cloud database to perform conversions. This exposes your keys, payloads, and passwords to network sniffing, server log leaks, and database compromises.

AllSetTools solves this by executing 100% of calculations locally. Your inputs are isolated in your browser tab's standard JavaScript environment and processed using CPU-bound loops.

2. No Intermediary Proxy Relays

For tools requiring third-party API communication (like generative AI components), all endpoints are contacted directly from your client sandbox via secure HTTPS.

We do not route your requests through private intermediate proxy servers. This ensures that your API credentials (e.g. OpenAI keys) are communicated strictly between your local client IP and the official provider.

3. Transport Layer Security (HTTPS)

AllSetTools enforces strict HTTPS communication across all pages. We implement HSTS (HTTP Strict Transport Security) to prevent downgrade attacks and mandate TLS 1.3 and TLS 1.2 protocols for all assets and content deliveries.

4. Dependency Auditing

To defend against supply chain attacks, AllSetTools utilizes automated dependency scanners to check all node package dependencies for CVE disclosures. We keep libraries and compilers updated to exclude outdated code blocks and minimize potential client exploit vectors.

5. Vulnerability Disclosure Protocol

We welcome security researchers and developers to inspect our client scripts and layout setups. If you identify a security issue, code leak, or package vulnerability:

  • Do Not Disclose Publicly: Contact us privately to allow time for hotfixes.
  • Reporting Channel: Email us a summary at security@allsettools.com. Please include a brief description of the issue and steps to reproduce.
  • Hotfixes: We aim to audit and publish patches for all critical vulnerabilities within 48 hours of notification.