For IT administrators

    Security & Privacy

    BRYCK LABS is a browser-based developer tool platform. This page explains exactly how data is handled — for IT security reviews and enterprise whitelisting decisions.

    No data leaves your browser

    ✓ Verified

    Every tool on BRYCK LABS — JWT decoder, JSON formatter, SQL optimizer, password generator, and all others — processes data entirely within the user's browser using JavaScript. No input data is transmitted to any server. No output data is stored anywhere. This is not a policy choice; it is an architectural constraint. There is no backend processing infrastructure for tool operations.

    No user accounts or authentication

    ✓ Verified

    BRYCK LABS requires no account creation, no email address, no password, and no personal information of any kind. Users access all tools anonymously. There is no login system, no session management, and no user database.

    No cookies for tracking

    ✓ Verified

    BRYCK LABS does not use advertising cookies, tracking pixels, or third-party analytics that identify individual users. The site uses Plausible Analytics — a privacy-respecting, cookieless analytics service that collects only aggregate page view counts. No personal identifiers are collected.

    Network requests made

    ℹ Limited

    The only external network requests made are: • Plausible Analytics (plausible.io) — aggregate page view count only • Vercel Analytics (vitals.vercel-insights.com) — Core Web Vitals performance data only • Google Analytics (googletagmanager.com) — aggregate usage only • OG Preview tool only: server-side fetch of user-provided URLs to read Open Graph meta tags No tool input or output data is included in any of these requests.

    Sensitive data handling

    ✓ Safe for sensitive data

    Developers frequently use BRYCK LABS to inspect JWT tokens, SQL queries, and other potentially sensitive data during development and debugging. Because all processing is client-side, this data never leaves the user's machine. BRYCK LABS is designed specifically for this use case — developers who cannot paste production data into third-party tools that transmit it to remote servers.

    Content Security Policy

    ✓ Hardened

    BRYCK LABS enforces a strict Content Security Policy (CSP) that prevents XSS attacks, restricts script execution to known sources, and blocks all framing. Security headers include: X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Strict-Transport-Security with 2-year max-age, and Referrer-Policy: strict-origin-when-cross-origin.

    For IT administrators — whitelist request

    If BRYCK LABS is blocked by your organization's web proxy or content filter, please share this page with your IT team. The domain to whitelist is:

    brycklabs.tech

    Suggested category: Developer Tools / Computer and Internet Info
    Contact for IT review: hello@brycklabs.tech