Privacy Policy

Base64Fix.tech is a privacy-first Base64 decoder and security auditing tool. We are committed to your privacy — the primary design goal of this tool is to ensure sensitive data such as JWTs and API tokens never leave your browser.

• Nothing by default. Base64 decoding is performed entirely in your browser using client-side JavaScript. Your encoded data is never sent to any server during decoding.
• AI security audit (optional). When you click Decode & Audit, the decoded text (not your original Base64 string) is sent to our AI provider via an encrypted HTTPS request for security analysis. JWT headers, payloads, and plain-text outputs are included in this request.
• No account required. We do not collect names, email addresses, or any personally identifiable information.

• Decoded text sent to our AI provider is used solely to generate a security audit response for your session.
• We do not store, log, or re-use your decoded data for any other purpose.
• We do not sell or share your data with third parties beyond the AI provider listed below.
• Recommendation: If you are auditing tokens with real production credentials, consider rotating those credentials after analysis, regardless of the tool used.

The security audit feature is powered by our AI provider (xAI). When you click Decode & Audit, the decoded content is transmitted to xAI's API.

• Provider: xAI Inc. — x.ai/privacy
• Data transmitted: The decoded output text only. Your original Base64 string is never sent.
• Purpose: PII detection, JWT algorithm analysis, expiry checks, and risk scoring.

If you do not wish to use the AI features, the decoder works entirely client-side — simply click Decode instead of Decode + Audit.

Base64Fix.tech uses no tracking cookies and no advertising cookies.

• Theme preference: Your chosen colour scheme (dark / light) is saved in localStorage under the key theme. This never leaves your device.
• No analytics cookies: We do not use Google Analytics or similar tracking services.
• No session cookies: There is no login system, so no session cookies are set.

Because we set no tracking or advertising cookies, no cookie consent banner is required under GDPR or ePrivacy rules.

We do not retain your decoded data. Each AI audit request is stateless — once the response is returned to your browser, the data is not stored on our servers. Your localStorage preference is stored locally on your device and can be cleared at any time through your browser settings.

Under GDPR and similar regulations, you have the right to:

• Know what personal data we hold about you (in practice: none).
• Request deletion of any personal data (we hold none).
• Opt out of AI processing by using the decode-only mode.

We may update this policy as the product evolves. The “Last updated” date at the top of this page will always reflect the most recent revision. Continued use of the service after changes constitutes acceptance of the updated policy.

Our client-side claim is verifiable. Open your browser's DevTools (F12 → Network tab), paste a Base64 string, and click Decode — you will see zero outbound network requests during the decode step. A single request to /api/audit is sent only when you explicitly click Decode + Audit.

You can also right-click → View Page Source on the tool page to inspect the JavaScript bundle served to your browser.

Questions or concerns? Email us at hello@synaptexai.com.