Back to Tools

Legal Center

All the policies, terms, and security commitments that govern how OmniToolsKit operates.

Privacy PolicyTerms of ServiceCookies PolicySecurityLegal Notice

Security

Last updated: March 8, 2026

Security is the core advantage of OmniToolsKit. Because most of our tools run client-side (WebAssembly), your sensitive files never leave your computer. When you intentionally submit a newsletter or contact form, that information is transmitted over encrypted channels and handled with minimal data exposure.

1. Client-Side Security

Most online tools require you to upload your files to their servers. We are different:

  • Local Processing: Tools like PDF merging, image conversion, and file editing run locally in your browser. The "server" is effectively your own device.
  • Zero Uploads for Client-Side Tools: For tools that run fully in-browser, files are not uploaded to our servers.

Some Web Utility tools use our server endpoints to process request data (for example, URL/domain/network utility queries).

2. Data Encryption

For the website assets and any minimal server interaction (e.g. initial page load), we use TLS 1.3 encryption to ensure a secure connection.

3. Limited Personal Data Surface

We do not run user accounts or password storage. The personal data we process is limited to what you explicitly submit in forms.

  • Footer newsletter submissions are processed through Plunk only after explicit checkbox consent, and consent timestamp metadata is recorded.
  • Contact form submissions are delivered to our support inbox and are not automatically added to the marketing list.

4. Reporting Vulnerabilities

Found a security bug? Please report it by emailing contact@omnitoolskit.com. We will acknowledge your report promptly and work with you toward a responsible resolution.

Scope

In scope:

  • All code and services running on omnitoolskit.com
  • Form submission and consent flows
  • Client-side libraries and WebAssembly modules we serve

Out of scope:

  • Third-party services (Cloudflare, Plunk, Microsoft Clarity, Google)
  • Social engineering and phishing attacks
  • Denial-of-service attacks
  • Issues without a demonstrable security impact

Response Timeline

  • Acknowledgement: within 48 business hours of receiving your report.
  • Triage & assessment: within 7 business days.
  • Remediation: best-effort basis, prioritized by severity.

Coordinated Disclosure

We follow a coordinated disclosure model. Please allow at least 90 days for us to assess and patch the issue before any public disclosure. We will keep you informed throughout the process and credit researchers who report valid vulnerabilities.