Privacy
How private are Moonshot Tools, really?
Most “privacy-first” file tools upload to their servers regardless of what the marketing says. We don’t want to be one of them. This page tells you exactly what happens to your file in every tool we ship, written so you can verify it yourself in 90 seconds.
How to verify a “browser-only” claim yourself
- Open the tool page in Chrome or Firefox.
- Open DevTools (right-click → Inspect → Network tab).
- Click “Preserve log” and clear the network tab.
- Drop your file into the tool.
- Look at the network requests that fire. For a browser-only tool, you should see zero requests carrying your file payload — only static asset loads (JS, CSS, fonts, language data for OCR).
- If you see a POST to
/api/...with a body containing your file, the tool is server-side. Our table below says so honestly.
Per-tool breakdown
Updated whenever a tool changes architecture. If you spot a mismatch between what we claim here and what you see in DevTools, email kyle@timelessrobots.com — we’ll fix it the same day.
| Tool | Where it runs | What that means |
|---|---|---|
| CSV to JSON | In your browser | Papaparse runs in your browser. |
| CSV to XLSX | In your browser | Papaparse + SheetJS run in your browser. |
| JSON to CSV | In your browser | Native JSON.parse + papaparse.unparse in your browser. |
| XLSX to CSV | In your browser | SheetJS reads the workbook in your browser. |
| TXT to PDF | In your browser | pdf-lib renders the PDF in your browser. |
| HEIC to JPG | In your browser | heic2any decodes via WebAssembly in your browser. |
| PDF OCR | In your browser | Tesseract.js + pdfjs run in your browser. Language data is loaded from the Tesseract project's CDN on first use; your PDF doesn't leave your device. |
| PDF redaction | In your browser | pdfjs + pdf-lib + canvas in your browser. Redacted output has the text physically removed (rasterized), not just covered. |
| PDF page reorder | In your browser | pdfjs + pdf-lib in your browser. Pages are copied between PDFs without re-rasterizing. |
| PDF form fill | In your browser | pdf-lib reads + writes form fields in your browser, then flattens. |
| Deep PDF compress | In your browser | pdfjs renders + pdf-lib rebuilds in your browser. Output is image-only PDF. |
| Shopify product photo prep | In your browser | heic2any + canvas + JSZip in your browser. |
| Bookkeeper export cleanup | In your browser | SheetJS + papaparse in your browser. |
| Contract preparation | In your browser | pdfjs + pdf-lib in your browser. |
| PDF merge | On our server | pdf-lib runs on our Node serverless function. Output held in-memory + deleted in 15 minutes. |
| PDF split | On our server | pdf-lib runs on our serverless function. Output deleted in 15 minutes. |
| PDF compress (lite) | On our server | pdf-lib re-pack runs on our serverless function. Deep compression is browser-only. |
| Image compress | On our server | sharp runs on our serverless function. Deleted in 15 minutes. |
| Image convert | On our server | sharp runs on our serverless function. Deleted in 15 minutes. |
| Image resize | On our server | sharp runs on our serverless function. Deleted in 15 minutes. |
| PDF → Word | Coming soon | High-fidelity conversion is moving to a hosted converter. Currently returns a clear message when LibreOffice is not present; never silently produces flat-text output. |
| Word → PDF | Coming soon | Same status as PDF → Word — moving to a hosted converter. |
| Remove background | Coming soon | Self-hosted background removal model coming soon. Page is a waitlist signup right now. |
What about server-side tools?
Some tools genuinely need a server — PDF merge, image compress, etc., use libraries that don’t run reliably in the browser. For these:
- Your file is uploaded over HTTPS to a Node serverless function.
- The function processes the file in memory (it’s not written to a database).
- The output is held in a short-lived store for download.
- Both input and output are deleted at the 15-minute mark by a cleanup job.
- No human inspects your file at any point.
- We don’t backup, replicate, log the content, or train any model on it.
For genuinely sensitive content (legal, medical, financial), prefer the browser-only tools above where you can verify in DevTools that nothing leaves the page.
Why are most Mission Control tools browser-only?
Because Mission Control subscribers tend to process the things they care about most — contracts, client photos, bookkeeper exports, scanned receipts. Building those workflows browser-only means we couldn’t leak your data even if we tried. See Mission Control →
Tools that support the system
The tool is the starting point. Moonshot is where you carry the work forward.
The tool is the starting point. Moonshot is the software that keeps the issue, next move, and follow-through visible over time.