Privacy Policy

Our Approach to Privacy

Our cybersecurity suite implements a rigorous, client-side computational methodology that guarantees absolute data sovereignty through localized processing protocols. Your data stays with you.

Computational processes are systematically confined to client-side environments, employing cryptographically secure mechanisms that categorically prevent unauthorized data transmission or persistent storage vectors. Our platform's architectural design incorporates a comprehensive "zero knowledge" paradigm, systematically eliminating external data access vectors and ensuring complete computational isolation.

Data Collection

We do not collect any personal data. All of our security tools operate entirely client-side, meaning:

• Your inputs (passwords, text to encrypt, numbers to generate) never leave your browser
• We don't track your usage of our tools
• We don't collect analytics data about how you use our site
• We don't store your preferences or settings
• We don't maintain any user accounts or profiles

The only network requests made by our site are those required to load the initial page resources (HTML, CSS, JavaScript, and fonts) and those made by third-party services as described below.

Third-Party Resources

Our site loads the following third-party resources:

• Font Awesome (for icons) - loaded from cdnjs.cloudflare.com
• CryptoJS (for encryption functions) - loaded from cdnjs.cloudflare.com
• Google Ads - loaded from pagead2.googlesyndication.com

These resources are loaded via HTTPS and are used for the functionality of our website and to display advertisements. While we do not share any user data with these services, third-party providers may collect data as described below.

Cookie Policy

A cookie is a small piece of text that allows a website to recognize your device and maintain a consistent, cohesive experience throughout your visit.

Our Use of Cookies

RandomSecure.org itself does not use cookies for its core security tools functionality. All our tools operate without cookies, tracking, or storing any user data.

However, our site does include third-party services that may use cookies:

• Google Ads - Uses cookies to display relevant advertisements and track ad performance

Managing Cookies

You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site, and some services and functionalities may not work as expected.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit aboutcookies.org or allaboutcookies.org.

To opt out of being tracked by Google Analytics across all websites, visit the Google Analytics Opt-out Browser Add-on.

Google Ads

We use Google Ads to display advertisements on our website. While RandomSecure.org does not collect user data, Google Ads does employ cookies and similar technologies to collect and process data about user interactions with advertisements.

How Google Ads Works

Google Ads may collect information including:

• IP address
• Device type and settings
• Browser information
• Geographic location (approximate)
• Websites visited and interaction with ads
• Use of apps and interaction with ads within apps

This information is used by Google to:

• Deliver more relevant ads
• Protect against fraud and abuse
• Measure ad performance

Your Control Over Google Ads

You can control how Google uses your data for ads purposes in the following ways:

• Visit Google Ad Settings to manage your ad preferences
• Use the Digital Advertising Alliance opt-out tool
• Disable cookies in your browser settings

For more information about how Google uses information from sites or apps that use their services, please visit How Google uses information from sites or apps that use our services.

Privacy Regulations

GDPR (General Data Protection Regulation)

For users in the European Economic Area (EEA), we want to clarify that while RandomSecure.org itself does not collect personal data, third-party services like Google Ads may process such data. Under the GDPR:

• The legal basis for Google's processing of your data is primarily your consent and Google's legitimate interests
• You have the right to access, rectify, port, and erase your data (to be exercised through Google's own privacy tools)
• You have the right to object to and restrict processing of your data
• You have the right to withdraw consent

CCPA (California Consumer Privacy Act)

For California residents, the CCPA provides specific rights regarding personal information. While RandomSecure.org does not collect personal information, third-party services like Google Ads may do so. Under CCPA:

• You have the right to know what personal information is collected about you
• You have the right to know whether your personal information is sold or disclosed and to whom
• You have the right to request deletion of personal information
• You have the right to opt-out of the sale of personal information
• You have the right to equal service and price, even if you exercise your privacy rights

To exercise these rights regarding data collected by Google, please use Google's privacy tools and settings.

How Our Tools Work

Random Number Generator

Implementation:

Our random number generator uses the Web Cryptography API's crypto.getRandomValues() method, which provides cryptographically secure random values. This is far superior to the standard Math.random() function for security applications.

Security Measures:

• Uses a cryptographically secure pseudo-random number generator (CSPRNG)
• Generated values can't be predicted or reproduced, even with knowledge of previous values
• No server requests are made during the generation process

Password Generator

Implementation:

Our password generator creates high-entropy passwords using cryptographically secure random values to select characters from specified character sets.

Security Measures:

• Uses the same CSPRNG as our random number generator for character selection
• Ensures that passwords contain at least one character from each selected character set
• Shuffles the final password using a secure algorithm to prevent pattern analysis
• Never stores or transmits generated passwords

Passphrase Generator

Implementation:

Our passphrase generator selects random words from curated word lists to create memorable but secure passphrases.

Security Measures:

• Uses CSPRNG for word selection to ensure unpredictability
• Word lists are contained directly in the JavaScript code, with no external requests
• Optional features like capitalization and number addition increase entropy
• Provides entropy estimation to help understand the security level of your passphrase

Encryption & Decryption Tool

Implementation:

Our encryption tool uses the Advanced Encryption Standard (AES) with a 256-bit key length, implemented via the CryptoJS library.

Security Measures:

• Uses AES-256-CBC, a widely trusted and vetted encryption algorithm
• Employs PBKDF2 (Password-Based Key Derivation Function 2) with 1000 iterations to derive encryption keys from passwords
• Generates a unique random salt (IV) for each encryption operation
• All encryption/decryption operations happen entirely in your browser
• Keys and plaintext are never transmitted over the network

Technical Security Details

Our cryptographic implementations utilize industry-standard algorithms and methods:

AES-256 Encryption

Advanced Encryption Standard (AES) with a 256-bit key length provides military-grade encryption that is computationally infeasible to break using current technology. This symmetric encryption algorithm is used by governments, financial institutions, and security organizations worldwide.

PBKDF2 Key Derivation

Password-Based Key Derivation Function 2 applies a pseudorandom function to the input password along with a salt value and repeats the process many times to produce a derived key. This technique protects against brute force attacks by making each password verification computationally expensive.

Web Cryptography API

This built-in browser API provides standardized access to cryptographically secure random number generation and other cryptographic primitives. Unlike JavaScript's Math.random(), which is not cryptographically secure, the Crypto.getRandomValues() method provides randomness suitable for generating encryption keys and other security-sensitive values.