The Privacy Audit: We Verified InstantTools Never Uploads Your Files
“Your files never leave your device” is an easy thing for any website to claim and a hard thing to actually check. So we checked it — on our own tools, with DevTools open, watching every request. Here is exactly what we did, exactly what we found, and exactly how you can repeat it yourself in the next 30 seconds.
Methodology
The test is simple and requires no special tools beyond what ships in every browser:
- Open a tool and open DevTools (F12, or Cmd+Option+I on Mac).
- Click the Network tab and filter to Fetch/XHR.
- Note the request list from the page load — this is the baseline.
- Feed the tool a piece of content containing a unique, greppable marker string (so a request carrying it would be unmistakable).
- Run the tool’s action and compare the request list before and after.
Any request that appears after the action — to any host, carrying any payload — would mean the tool sent something over the network during processing. We ran this against a sample of our own tools spanning text processing, structured-data decoding, and an on-device AI model.
Results
Test: Formatted a JSON payload containing a unique marker string
Request list before and after formatting was byte-for-byte identical — every request was a static asset from the page’s own load (JS, CSS, fonts). No request of any kind fired during processing.
Test: Decoded a JWT containing a unique marker string in the payload
Same result: the token and its decoded contents never appeared in any outbound request. Only the page’s own static assets loaded, all from the same origin.
Test: Removed the background from a test image (first use, cold cache)
On first use, the tool fetches the RMBG-1.4 AI model itself: GET requests to huggingface.co for config.json and to Hugging Face’s CDN for model.onnx — publicly-named model files, ~170MB total, downloaded once and cached by the browser for every future visit. Every request we captured was a GET for the model, in the model’s own filenames. The image we uploaded never appeared in any outbound request — the direction of travel is CDN → browser, not browser → server.
What This Does — and Doesn't — Prove
Check Any Tool Yourself
This methodology isn’t specific to InstantTools — it works on any file tool, including the ones we compare ourselves against. We’d rather you verify a claim in 30 seconds than take our word for it. If you run this check on a tool (ours or anyone else’s) and find a result worth knowing about, we want to hear it — let us know.
For a breakdown of how specific competitor tools describe their own processing model, see our comparison pages. And if you’re wondering whether processing locally means processing slower, we measured that too — see the Speed Benchmark.
Frequently Asked Questions
Why does Background Remover make network requests if it’s supposed to be private?
Those requests download the AI model to your browser — they never upload your image. AI tools that run models too large to bundle with the page (RMBG-1.4 is ~170MB) fetch the model weights from a CDN on first use, then cache it locally. Every subsequent use, including with new images, is fully offline. The test is simple: check what direction the bytes are moving. GET requests for files named model.onnx and config.json are downloads, not uploads.
Does "no upload requests" prove a tool is completely private?
It proves the strongest, most checkable claim: your file content was never transmitted anywhere during processing. It does not audit what a tool does with data after processing (we don’t collect it — see our Privacy Policy) or prove the absence of a bug in a future release. That’s why we publish the methodology: run the check yourself, on this visit, on any tool.
What about the AI SEO tools (title tag optimizer, meta description generator, etc.)?
Those are explicitly labeled as cloud tools on their own pages, before you use them, because the language models they use don’t run in a browser. Only the text you submit is sent, over HTTPS, for that one request. Everything else on this site — 70+ tools — runs entirely on-device.
Can I verify this myself right now?
Yes — that’s the whole point of this page. Open any tool, press F12 (or Cmd+Option+I on Mac) to open DevTools, click the Network tab, filter to Fetch/XHR, and use the tool. Compare the request list before and after. It takes about 30 seconds.