Security
FileKit is designed with security and privacy as foundational requirements.
Client-side isolation
Heavy processing runs in Web Workers, keeping the main thread responsive and isolating file data from third-party scripts.
No server retention
Client tools never upload files. Future server-only tools (high-fidelity Office conversions) will use stateless, in-memory processing with instant deletion.
Input validation
Files are validated by type, size, and magic bytes before processing to prevent malformed input from causing issues.
Content Security Policy
Strict CSP headers limit script sources. WASM modules are loaded only when a tool is actively used.
No file data to third parties
Analytics are cookieless. Ads (when enabled) never receive file contents or filenames.