Privacy Policy
Last updated: 2026-02-14
1. Introduction
URLCoder Pro ("we", "us", "our", or the "Service") is committed to protecting your privacy. This Privacy Policy explains how we handle information when you use our URL encoding and decoding tool located at https://kristian-pandzic.com/apps/endecoder.
By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree to this policy, please do not use the Service.
2. Information We Do NOT Collect
Our Service is designed with a privacy-first approach. We want to be explicitly clear about what we do not do:
- No Personal Data Collection: We do not collect, store, or process any personal information such as names, email addresses, phone numbers, or physical addresses.
- No URL/Text Storage: Any text, URLs, or data you enter into the tool is processed entirely within your web browser (client-side). Your input is never transmitted to our servers.
- No User Accounts: We do not require or offer user registration or login.
- No Tracking Cookies: We do not use cookies for tracking, advertising, or analytics purposes.
- No Third-Party Analytics: We do not use Google Analytics, Facebook Pixel, or any other third-party analytics or tracking services.
- No Advertising: We do not serve advertisements of any kind.
- No Data Sharing: Since we collect no data, we share no data with third parties.
3. How the Tool Works
Our URL encoding/decoding tool operates entirely within your web browser using client-side JavaScript. When you enter text and click "Encode" or "Decode":
- The encoding/decoding computation happens locally in your browser.
- No data is sent to our servers or any external servers.
- No data is logged, recorded, or cached on the server side.
- When you close or navigate away from the page, all entered data is lost from browser memory.
4. Technical Data
Like all web servers, our hosting infrastructure may automatically log limited technical information when you visit the site, such as:
- IP address (anonymized where technically possible)
- Browser type and version
- Date and time of access
- Referring URL
- Pages requested
These server access logs are a standard feature of web servers and are used solely for maintaining security, preventing abuse, and ensuring the Service's availability. They are not used for tracking or profiling users. Access logs are automatically rotated and deleted after 30 days.
5. Cookies and Local Storage
Our Service does not set any tracking or advertising cookies. The only cookie that may be set is a PHP session cookie (PHPSESSID), which is:
- A technical session cookie required for CSRF (Cross-Site Request Forgery) protection.
- Contains no personal information.
- Automatically expires when you close your browser.
- Flagged as
HttpOnly,Secure, andSameSite=Strictfor maximum security.
We do not use browser Local Storage or Session Storage to store any user data.
6. Third-Party Services
Our Service loads the following third-party resources:
- Google Fonts: We load typefaces from Google Fonts (
fonts.googleapis.comandfonts.gstatic.com). Google may log your request per their privacy policy. If this concerns you, you may use a browser extension to block Google Fonts. The tool will continue to function with system fonts. For more information, see Google's Privacy Policy.
No other third-party services, scripts, or trackers are loaded.
7. Security
We implement the following security measures to protect our Service and your experience:
- HTTPS: All connections to our Service use TLS/SSL encryption (HTTPS).
- Content Security Policy (CSP): We enforce strict CSP headers to prevent cross-site scripting (XSS) and data injection attacks.
- CSRF Protection: We use cryptographically secure tokens to prevent cross-site request forgery.
- HTTP Security Headers: Including
X-Content-Type-Options,X-Frame-Options,Referrer-Policy, andStrict-Transport-Security(HSTS). - No Server-Side Processing of User Input: Since encoding/decoding happens client-side, your data never reaches a point where it could be intercepted on the server.
8. Children's Privacy
Our Service does not knowingly collect any personal information from children under the age of 13 (or the applicable age in your jurisdiction). Since we do not collect personal information from any user, this applies universally.
9. Data Retention
Since we do not collect personal data, there is no personal data to retain. Technical server logs are retained for a maximum of 30 days and then permanently deleted.
10. Your Rights
Depending on your jurisdiction, you may have rights under data protection laws such as the GDPR (EU), CCPA (California), or similar legislation. Since we do not collect, store, or process personal data, these rights are inherently satisfied:
- Right to Access: We hold no personal data about you.
- Right to Deletion: There is no personal data to delete.
- Right to Portability: There is no personal data to port.
- Right to Opt Out of Sale: We do not sell any data.
If you have questions about your rights, please contact us at privacy@kristian-pandzic.com.
11. International Data Transfers
Our servers may be located in different jurisdictions. However, since no personal data is collected or stored, no personal data is transferred internationally.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after any modifications constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:
- Email: privacy@kristian-pandzic.com
14. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process only technical server log data. The legal basis for this processing is our legitimate interest (Article 6(1)(f) GDPR) in maintaining the security and availability of our Service.
15. California Privacy Rights (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information. Since our Service does not collect personal information as defined by the CCPA, these provisions are inherently satisfied. We do not sell personal information.