Does SafeJSON upload my pasted JSON?

SafeJSON core tools are designed to process pasted JSON, JWTs, JSONPath queries, and schemas in your browser. You can verify this with DevTools Network by checking that no request contains your pasted content while the tool runs.

Does SafeJSON make any network requests?

Yes. The website may load static assets, Google Analytics for aggregate product analytics, and Lemon Squeezy license endpoints when you activate Pro. The privacy boundary is that core tool operations must not send pasted JSON, JWTs, schemas, query expressions, or formatted output.

Can I use SafeJSON for any secret or regulated data?

No tool should be treated as a universal approval to paste secrets. SafeJSON is built to reduce upload risk for local browser workflows, but you should still follow your company's data handling policy.

Verify, do not trust

How to verify SafeJSON does not upload your JSON

SafeJSON is built around a simple privacy test: open DevTools, watch the Network tab, paste JSON, and check whether any request contains your pasted content. This page documents the test and the boundaries.

Network tab test

Open SafeJSON and wait for the page to finish loading.
Open DevTools with F12 or your browser menu.
Switch to the Network tab and clear the existing log.
Paste test JSON and run the tool.
Inspect requests created after the action.
Confirm that no request URL or body contains your pasted JSON.

Offline test

Load the SafeJSON page first.
In DevTools Network, choose Offline.
Paste JSON and run a local operation.
If the operation still works, that is evidence the processing happened in the browser rather than through a server round trip.

Core tools covered by this boundary

JSON Formatter

Formats and validates pasted JSON in the browser.

JSON Viewer

Parses JSON and renders a local tree view.

JSON Beautifier

Beautifies minified JSON locally.

JSON Parser

Inspects fields and types without sending JSON to a server.

JSON Diff

Compares two pasted JSON objects in the browser.

JWT Decoder

Decodes header and payload locally. It does not verify signatures.

JSONPath Query

Evaluates JSONPath expressions client-side.

JSON Schema Validator

Runs schema validation in the browser with Ajv.

Network boundaries

SafeJSON may load static assets, run aggregate analytics, and call Lemon Squeezy license endpoints when you activate Pro. Those flows are separate from core tool processing. Pasted JSON, JWTs, schemas, JSONPath expressions, and formatted output should not be included in those requests.

Data you still should not paste

Production access tokens or refresh tokens
Private keys, database URLs, or cloud credentials
Customer PII, medical records, banking data, or regulated data
Incident payloads that your company policy forbids in browser tools

If you find an unexpected request

Capture the request URL, method, and the SafeJSON page where it happened. Do not share real secrets or production payloads. Open a GitHub issue so the behavior can be inspected and fixed.

View source on GitHub Start verification

Learn how to check whether any online JSON formatter uploads pasted content

FAQ

Does SafeJSON upload my pasted JSON?: SafeJSON core tools are designed to process pasted JSON, JWTs, JSONPath queries, and schemas in your browser. You can verify this with DevTools Network by checking that no request contains your pasted content while the tool runs.
Does SafeJSON make any network requests?: Yes. The website may load static assets, Google Analytics for aggregate product analytics, and Lemon Squeezy license endpoints when you activate Pro. The privacy boundary is that core tool operations must not send pasted JSON, JWTs, schemas, query expressions, or formatted output.
Can I use SafeJSON for any secret or regulated data?: No tool should be treated as a universal approval to paste secrets. SafeJSON is built to reduce upload risk for local browser workflows, but you should still follow your company's data handling policy.