Privacy Policy

Last updated: 28 May 2026

This policy explains what data Codeswap collects when you visit codeswap.net, how that data is used, and what rights you have over it. Plain English; no dark patterns. If something here is unclear, email [email protected] and the policy will be updated.

1. Who runs this site

Codeswap is operated by an individual (Sathvic Kollu) and hosted on Hostinger shared infrastructure in the European Union. The site is not a registered company. For the purposes of GDPR, the operator is the data controller for everything described below.

2. What data we collect — and what we don't

Tool inputs

We do not collect or transmit the data you paste into our tools. Every tool on Codeswap runs in your browser. When you paste a JWT into the JWT decoder, type text into a token counter, or upload a JSON file into the formatter, that content is processed entirely on your device. It is never sent to our server. You can verify this in your browser's DevTools network tab — opening a tool page issues no requests when you click "run."

The only exception is the "share" feature: when you click "Share" on a tool, you explicitly opt to send a snapshot of the tool state to our server so a shareable link can be created. Shared snapshots are stored for 30 days by default and only accessible via the random share URL.

Server logs

Our hosting provider (Hostinger) records standard HTTP access logs: IP address, requested URL, timestamp, HTTP status code, user agent string, and referrer. These are retained for up to 90 days for security and abuse prevention. We do not actively read these logs except to investigate abuse.

Cookies and local storage

Codeswap uses a small number of cookies and browser localStorage entries. None of them carry personally identifying data:

• codeswap_sess — PHP session cookie used only if you interact with forms (contact, share, future account features). Lifetime: browser session.
• cs-theme (localStorage) — your light/dark theme preference.
• cs-hist-* (localStorage) — the last 10 inputs to each tool, kept locally so the "history" panel works. Never transmitted.
• csrf_token (session) — CSRF protection for form submissions.

Analytics

We use Plausible Analytics, a privacy-friendly analytics tool that does not use cookies and does not collect personal data. It records aggregate information: page URL, referrer, screen size category, country (derived from IP, not stored), and timestamp. Plausible is GDPR/CCPA-compliant by design and does not require a cookie banner under EU law.

Advertising (Google AdSense)

Codeswap is funded by display advertising via Google AdSense. Once approved, AdSense will load on article pages (not on the home or category pages). AdSense uses cookies and similar technologies to serve relevant ads and measure their effectiveness. Specifically:

• Google may use cookies to serve personalized ads based on your prior visits to this site and other sites on the web.
• You can opt out of personalized advertising by visiting https://www.google.com/settings/ads.
• You can read Google's policies on ads at https://policies.google.com/technologies/ads.
• For EU visitors, Google's consent management is implemented per Google's IAB TCF; you will see a consent banner before any personalized advertising cookies are set.

We do not directly receive any of your data from Google. We only see aggregate ad revenue and page-level performance.

3. What we do with the data

The data described above is used for three things and nothing else:

1. Running the site: serving pages, processing form submissions, storing shared tool snapshots.
2. Understanding usage: seeing which tools and pages are popular so we know what to improve.
3. Preventing abuse: rate-limiting form submissions and share creation, blocking obvious automated abuse.

We do not sell data. We do not share data with third parties except as described above (Plausible for analytics, Google AdSense for ads, Hostinger for hosting). We do not run email marketing or send any outbound email except direct replies to messages you send us.

4. Your rights under GDPR (EU/UK visitors)

If you're in the European Union, European Economic Area, or United Kingdom, you have the following rights under the General Data Protection Regulation:

• Right of access: request a copy of any personal data we hold about you. (In practice we do not hold personal data linked to identifiable individuals.)
• Right to rectification: request correction of inaccurate data.
• Right to erasure: request deletion of your data.
• Right to restriction: request that we stop processing your data.
• Right to object: object to processing based on legitimate interests.
• Right to data portability: receive your data in a portable format.
• Right to withdraw consent: for processing that was based on your consent (e.g., personalized ads).
• Right to lodge a complaint with a supervisory authority (your local data protection authority).

To exercise any of these rights, email [email protected]. We aim to respond within 30 days.

5. Your rights under CCPA (California visitors)

If you're a California resident, you have specific rights under the California Consumer Privacy Act:

• The right to know what personal information is collected, used, shared, or sold.
• The right to delete personal information held by us.
• The right to opt out of the sale of personal information. We do not sell personal information.
• The right to non-discrimination for exercising these rights.

Email [email protected] to exercise any of these rights.

6. Children's privacy

Codeswap is built for and aimed at adult software developers. The site is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it promptly.

7. Data retention

• Server access logs: 90 days.
• Shared tool snapshots: 30 days from creation (configurable per share).
• Contact form submissions: kept in the operator's email for as long as needed to respond.
• Analytics data (Plausible): aggregated, not linked to individuals; retained indefinitely.

8. Security

The site is served exclusively over HTTPS with HSTS. Form submissions are protected by CSRF tokens and rate limiting. Database queries use prepared statements. We do not currently store passwords or any other authentication secrets (account features are not yet enabled).

9. International data transfers

The site is hosted in the European Union. Visiting Codeswap from outside the EU implies you accept that your request is processed by EU-based infrastructure. Google AdSense and Plausible Analytics may process data in other jurisdictions per their own privacy policies.

10. Changes to this policy

If we change anything material about how we handle data, this page will be updated and the "Last updated" date at the top will change. For substantive changes (new categories of data collected, new third parties), a notice will appear on the homepage for at least 30 days.

11. Contact

Email [email protected] with any privacy questions or to exercise any right described above.