JWT Decode

Privacy Policy

Last updated: April 2026.

This Privacy Policy explains how jwtdecode.app ("we", "our", "the site") handles information when you use this website. We have designed this tool with privacy as a primary requirement.

JWT Token Data

JWT tokens you paste into the decoder are processed entirely in your browser. They are never transmitted to our servers, to third-party servers, or to any external service.

All JWT decoding, parsing, and signature verification is performed by JavaScript running locally in your browser. The processing uses your device's own computing resources and the browser's built-in Web Crypto API. No token content, claims, keys, or secrets you enter into this tool are ever sent over the network.

Token data is held only in the browser's JavaScript memory for the duration of your session. It is not written to localStorage, sessionStorage, IndexedDB, or cookies. When you close the tab or clear the input field, the data is no longer accessible.

You can independently verify this by opening your browser's DevTools Network panel before pasting a token and confirming that no network requests are triggered by the decoding process. The tool also works fully offline: disconnect from the internet after the page loads and all decoding and verification features continue to function.

Analytics

This site does not currently use any analytics scripts (such as Google Analytics). If analytics are added in the future, this policy will be updated before implementation. Any analytics that may be added will be limited to aggregate, non-identifiable page view data and will not receive any JWT content.

Advertising

This site uses Google AdSense to display advertisements. Google AdSense loads ad scripts and may set cookies for advertising purposes. Ad scripts run in sandboxed iframes and are technically isolated from the JWT decoder's JavaScript environment — they cannot read your token content, keys, or any input you provide to the tool.

Google AdSense may use cookies and other browser storage mechanisms to:

  • ·Measure ad performance and attribution
  • ·Serve interest-based advertisements
  • ·Prevent fraud

Google's data practices are governed by the Google Privacy Policy. You can opt out of interest-based advertising via Google Ads Settings.

Cookies

This site itself sets only one cookie-like browser storage item:

  • ·theme — stored in localStorage. Remembers whether you prefer dark or light mode. Contains only the string "dark" or "light". No personal information is stored.

Google AdSense may set additional cookies for advertising purposes as described in the Advertising section above.

Server Logs

Our web server may keep standard HTTP access logs that record the IP address, timestamp, requested URL, and browser user agent for each page request. These logs are used for security monitoring and diagnosis of server issues. They do not contain any JWT token content (since tokens are never transmitted to the server). Access logs are retained for a limited period consistent with operational need and deleted thereafter.

Third-Party Services

The following third-party services may load resources on this site:

  • ·Google Fonts: Font CSS and font files are loaded from Google Fonts servers. Google may log these requests. Font requests do not include any JWT content.
  • ·Google AdSense: Ad scripts are loaded from Google's servers as described above.

Children's Privacy

This site is a technical developer tool intended for adults. We do not knowingly collect any personal information from children under 13 years of age.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last updated" date at the top of this page. Continued use of the site after changes constitutes acceptance of the updated policy.

Contact

For privacy-related questions, contact us at: hello@jwtdecode.app

Ready to decode a token?
Use the free JWT decoder — paste any token for instant results, entirely in your browser.
Open JWT Decoder