Privacy

Browser-first by default. Explicit cloud save when you choose it.

JSONFiddle is designed for API responses, payloads, logs, and diagrams that can contain sensitive data. Unsaved guest work stays in your browser. Signed-in cloud features, secure share snapshots, feedback reports, server-side type generation, Vercel Web Analytics, and opt-in first-party product analytics are the cases where limited data is sent to servers.

What stays local

Guest tabs, unsaved files, layout state, and privacy preferences are stored in browser storage on this device. Closing the browser tab or clearing site data removes local session records.

What can go to cloud

Saved workspaces, workspace files, queries, secure share snapshots, feedback reports, and consented first-party analytics events are stored in Supabase only after a user chooses the relevant cloud action or local privacy preference.

Product diagnostics are opt-in

Automatic crash reports and first-party analytics are off by default. When enabled, they include safe diagnostics such as route, viewport, browser family, and sanitized stack traces, never JSON, queries, editor text, raw IP addresses, raw user agents, or raw payloads.

Web Analytics is cookieless

JSONFiddle uses Vercel Web Analytics for aggregate page measurement. Vercel Analytics does not set tracking cookies. It can process page route, referrer, browser, operating system, device type, and coarse location metadata, but it does not receive editor JSON, file content, query text, or query results.

Type generation is server-side

The type generator sends the sample JSON to a protected API route so quicktype can produce language types. Do not submit secrets or production-only payloads to server-side tools.

Local privacy controls

Checking sign-in state...

Your controls

Export cloud data

Signed-in users can download cloud records from GET /api/privacy/export.

Delete cloud data

Signed-in users can remove workspaces, shares, diagrams, and feedback with POST /api/privacy/delete.

Revoke shares

Revoking workspace share links also scrubs the stored snapshot so source data is no longer retained in that link.

Contact privacy support

Email privacy@jsonfiddle.com for access, correction, erasure, or portability requests.

Data inventory

Local browser storage

  • Editor tabsRestores the current guest editing session in the browser.
  • Guest workspace shellTracks local workspace state before the user saves to cloud.
  • Editor preferencesStores editor and layout preferences.
  • Privacy preferencesStores consent for automatic crash reports and first-party analytics.
  • Analytics identifierDeduplicates first-party analytics events after analytics consent is enabled.
  • Theme preferenceKeeps the selected light or dark appearance.
  • Authentication sessionKeeps signed-in users authenticated with Supabase.

Cloud records

  • WorkspacesUntil the user deletes the workspace or account.
  • Workspace filesUntil the user deletes the workspace, file, or account.
  • Workspace queriesUntil the user deletes the workspace, query, or account.
  • Workspace share snapshotsUntil expiry, revocation, cleanup, or account deletion.
  • Legacy diagram sharesUntil expiry, deletion, or account deletion.
  • Feedback reportsOpen reports are retained while triaged; resolved reports are eligible for cleanup after 180 days.
  • Analytics eventsEligible for aggregation or cleanup after 180 days.

Processors

  • SupabaseAuthentication, workspace storage, share snapshots, feedback records, and database security policies.
  • VercelApplication hosting, server-side API route execution, cron, edge middleware, and cookieless Web Analytics.
  • Email delivery providerOptional admin email delivery for feedback reports.
  • OAuth providersOptional sign-in through external identity providers.
  • IconifyIcon search and metadata for diagram authoring.