Resource Center
In-depth guides on privacy, secure debugging, and using our client-side tools safely.
⚖️ Legal Tech & Litigation
Free Alternatives to Adobe Acrobat for Lawyers
Adobe charges $240/yr. Here's the full free stack for Bates stamping, redaction and e-signatures.
Bates Stamp Without Adobe Acrobat
Free, browser-based Bates stamping. No $240/yr subscription required. Works on any device.
Bates Stamp a Word Document
Word has no Bates feature — here's the 3-minute workflow to convert and stamp .docx files free.
What is Bates Numbering?
Plain-English explainer for lawyers and paralegals new to discovery document production.
Redact PII From a PDF Without Adobe
Three free methods to permanently remove sensitive data from PDFs — no subscription required.
Secure Bates Numbering Guide
How to stamp discovery documents without uploading to the cloud. Client-side processing for law firms.
Bates on Chromebook & Linux
Stamp 500MB+ PDFs securely on any OS. No desktop software or file size limits.
Bates Stamping on Chromebook, Mac & Linux
Free browser-based Bates numbering across Chromebook, Mac and Linux — no Adobe Acrobat required.
🤖 AI Safety & Developer Hygiene
Log Sanitizer Without Uploading
Why uploading logs to sanitize them creates the exact problem you're solving, and how to redact locally.
What Is PII Data
Direct vs indirect PII, GDPR/CCPA/HIPAA definitions, and how PII ends up in application logs.
What Is Log Aggregation
How ELK, Splunk, and Datadog collect logs — and why PII in logs is a GDPR compliance risk most teams miss.
What Is Structured Logging
JSON logs, key=value pairs, structlog, pino, and zap — and why structured fields make PII redaction reliable where free-text strings fail.
How to Audit Logs for PII
Grep one-liners, Kibana queries, and a Python CI scanner to find personal data in log archives before an audit does.
What Is a Bearer Token
The Authorization: Bearer header explained, vs API keys and cookies, storage risks, and how to redact from logs.
How to Sanitize Log Files
Step-by-step for stripping emails, IPs, API keys and secrets from logs before sharing — all client-side.
Is It Safe to Paste Logs into ChatGPT?
API keys, customer emails and database passwords hide in logs. What ChatGPT does with what you paste.
Secure Your Data When Using AI
The 3-step workflow to sanitize logs and code before sharing with any AI assistant.
How to Share Code With ChatGPT Safely
Strip API keys, credentials and proprietary logic from code snippets before sending them to any AI assistant.
Is GitHub Copilot Safe With Sensitive Code?
What Copilot sends to Microsoft servers, what it retains, and how to configure it for sensitive codebases.
🛡️ Security & Privacy
jwt.io Alternative — Decode Without Uploading
What jwt.io actually does, where the risk sits, and when to use a fully offline decoder instead.
How to Decode a JWT Token
Step-by-step for reading the header, payload and expiry of any JWT — in your browser, no secret key needed.
Is jwt.io Safe?
What actually happens to your token when you paste it into jwt.io — and a safer alternative.
Hidden Dangers of JWT Debuggers
Why pasting session tokens into online tools is a security risk — and how to inspect JWTs safely.
Decode JWTs Without Sending to a Server
Three ways to read JWT claims locally — browser console, CLI, or our free tool.
JWT Token Expired — How to Fix It
Getting a 401? Decode the exp claim, understand refresh tokens, and fix the root cause.
How to Check JWT Expiry
Read the exp claim in JS, Python or bash — no library needed. Includes the seconds-vs-milliseconds trap.
JWT Authentication Explained
The full 8-step flow, HS256 vs RS256, access + refresh tokens, and the security failure modes that matter.
JWT Security Best Practices
10 rules: reject alg:none, use short expiry, RS256 for distributed systems, httpOnly cookies, rotate refresh tokens, and more.
JWT Claims Explained — iss, sub, aud, exp, iat, nbf, jti
What each registered claim does, which ones libraries skip by default, and the seconds-vs-milliseconds exp trap.
Refresh Token Rotation — One-Time Tokens and Theft Detection
Single-use refresh tokens with Redis, token family invalidation on replay, and the right httpOnly cookie config.
JWT vs Session Tokens
The revocability tradeoff, when stateless JWTs win, when server-side sessions are safer, and the logout problem.
HIPAA Compliant Log Redaction
Remove PHI from application logs before sharing with support vendors or AI assistants.
HIPAA-Compliant Error Tracking
Sentry, Datadog and Rollbar capture PHI by default. How to configure them for HIPAA compliance — or replace them.
Remove Secrets from Python Tracebacks
Step-by-step guide to sanitizing Python stack traces before posting to StackOverflow or ChatGPT.
GDPR-Compliant Logging Guide
What you can and can't log under GDPR — and how to structure logs so they're safe to share.
How to Redact PII in Python
Regex pipeline, Microsoft Presidio for NLP detection, and logging.Filter to redact at the source.
How to Verify Our Privacy Claims
Step-by-step DevTools audit. Prove zero data leaves your browser. Download the offline standalone version.
💻 Code Management
How to Test a Regex Without Uploading Your Data
Live match highlighting, capture groups, flag toggles and performance checks — all in your browser.
Regex Cheat Sheet — Quick Reference
Every pattern, quantifier, anchor, group and flag with copy-paste examples you can test instantly.
How to Validate Email with Regex
The practical pattern, what each part enforces, what regex can't catch, and how to test it.
Regex Capture Groups — Extract, Name and Reuse Matches
How (pattern) captures text, why (?:) and (?<name>) exist, and when to use each in JS and Python.
How to Parse Logs with Regex
Named capture group patterns for Apache, Nginx, timestamps, JSON logs and Python tracebacks.
How to Match Phone Numbers with Regex
E.164, US/Canada, UK, and loose international patterns — with validation vs extraction explained and normalisation one-liners.
Regex Lookaheads and Lookbehinds
All four lookaround types explained — (?=), (?!), (?<=), (?<!) — with JS and Python examples.
Regex in Python — The re Module Explained
match() vs search() vs fullmatch(), findall vs finditer, named groups, re.compile(), and raw string gotchas.
Regex in JavaScript — Every Method Explained
test(), match(), matchAll(), exec(), replace(), replaceAll() and split() — what each returns and when to use it.
Regex Catastrophic Backtracking — What It Is and How to Fix It
Why nested quantifiers cause O(2^n) engine hangs, how to benchmark a vulnerable pattern, and four reliable fixes.
Regex for Dates — Match ISO 8601, US, EU and Custom Formats
Patterns for YYYY-MM-DD, MM/DD/YYYY, DD/MM/YYYY, and timestamps — plus the February-30 problem regex cannot solve.
What SQL Queries Reveal About Your Schema
Why pasting SQL into online formatters exposes your table names, column names and security model.
SQL Formatter Without Uploading
What popular formatters do with your query, what it reveals about your schema, and how to verify any tool is client-side.
How to Format SQL Queries
Step-by-step for formatting raw or ORM-generated SQL across 5 dialects — all client-side, nothing uploaded.
Format SQL from Django ORM Output
Turn unreadable queryset SQL into clean, debuggable queries. Includes logging setup for Django, Rails, Hibernate.
Secure SQL Formatting Guide
Stop leaking your database schema. Format complex SQL locally for SOC2 and GDPR compliance.
What Happens When You Paste SQL Online
The network request you didn't notice — and why your table names are more sensitive than you think.
How to Read ORM-Generated SQL
Decode what Django, ActiveRecord and SQLAlchemy actually send to your database — and catch N+1 queries.
What is a .env File and How to Use It Safely
Keep API keys and secrets out of your code and Git history — complete guide for every language.
How to Remove API Keys From Git History
Deleting the file isn't enough — step-by-step guide using git-filter-repo and BFG Repo-Cleaner.
How to Store API Keys Securely in Node.js
.env files, environment variables, secrets managers — and the mistakes that expose keys in production.
Node.js Logging Best Practices
Structured logs, Pino vs Winston, what never to log, GDPR compliance and shipping to production safely.
Want to see a guide on a specific topic?
Email us your suggestion