Privacy Policy
Last updated: 3 July 2026
This policy explains what information ToolStand collects when you use the site, the third-party advertising and analytics services we run, the cookies and browser storage involved, and the choices you have. We do not require accounts, logins, or any registration to use the tools.
ToolStand is a personal, hobby-run website operated by Suleyman as a private individual, who is the data controller for the processing described in this policy. You can reach the operator at hello@toolstand.io.
1. What Stays on Your Device
The tools' computations run in your browser. The content you type or paste and the files you process are handled locally and are not uploaded to our servers by the tools themselves.
One exception: a small number of tools that check a web address — the URL / link-preview tool,
the redirect checker, and the robots.txt, sitemap, and HTTP header / canonical checkers — send the
URL you enter to a server-side proxy (/api/fetch) so it can retrieve that page for you.
Only the URL you provide is sent for this purpose; these tools still do not upload files or other
inputs.
2. Information We Collect
On regular site pages (not on embedded tool widgets, which run without analytics), we collect usage information to understand how the site is used and to serve advertising:
- Usage events. Our analytics script sends events such as the page path, device
type, screen width, referrer, whether the page is shown inside an iframe, time spent on the page,
tool actions and labels, and JavaScript error messages. These are sent to our own
/api/analyticsendpoint and forwarded to Google Analytics 4. In the European Economic Area, the UK and Switzerland, events are forwarded to Google Analytics only if you have given consent via the consent banner; without consent they stay in our own first-party storage described in section 5. - Persistent and session identifiers. To group these events, the analytics script
creates and stores a random persistent identifier (
_ga4_cid) and a short-lived, roughly 30-minute session identifier (_ga4_sid) in your browser's local storage. The_ga4_cidvalue stays in your browser until you clear it, so it can identify your browser across visits. In the European Economic Area, the UK and Switzerland, these identifiers are only written after you consent via the consent banner. - Approximate location. Our hosting provider, Cloudflare, processes your IP address at its edge and derives an approximate country, which is included with the analytics events. We do not use the analytics events to store your full IP address ourselves.
- Advertising and behavioral data. Our advertising and analytics vendors (described in section 4) may collect additional information through their own cookies and technologies, including advertising data used to personalize ads.
3. Cookies & Similar Technologies
We and our third-party services use cookies and comparable browser-storage technologies for the purposes below. Visitors in the European Economic Area, the UK and Switzerland are shown a Google-provided consent banner (Google's certified consent management platform) that asks for consent before advertising cookies and our analytics identifiers are used; outside those regions there is no consent banner.
First-party browser storage (set by ToolStand):
_ga4_cid(local storage) — persistent random analytics identifier used to group your usage events._ga4_sid(local storage) — short-lived (~30 minute) analytics session identifier.toolstand-theme(local storage) — remembers your light/dark theme preference; used only in your browser.
Advertising cookies:
- Google AdSense sets advertising cookies used to serve and personalize ads.
Analytics cookies:
- Ahrefs Web Analytics is used for traffic analytics; Ahrefs describes its analytics as cookieless.
4. Third-Party Services
The site loads the following third-party services on regular (non-embedded) pages. Each vendor processes data under its own privacy policy:
- Google AdSense (publisher ID ca-pub-8632240779421770) — displays personalized advertising using Google advertising cookies. Ads may be based on your activity across other sites (cross-site). See the Google Advertising / Privacy policy.
- Google Analytics 4 — usage analytics. Events are sent from our
/api/analyticsendpoint to Google via its Measurement Protocol, together with the identifier described above and an approximate country. See the Google Privacy Policy. - Ahrefs Web Analytics — traffic analytics (described by Ahrefs as cookieless). See the Ahrefs Privacy Policy.
- Cloudflare — content delivery and edge hosting. Cloudflare processes your IP address and derives an approximate country. See the Cloudflare Privacy Policy.
International transfers. These vendors may process data on servers in the United States and elsewhere. Google and Cloudflare participate in the EU-U.S. Data Privacy Framework; transfers to them from the EEA/UK rely on that framework and related safeguards.
5. Data Retention
- Server-side analytics events are stored in Cloudflare Workers KV and automatically deleted after 7 days.
- The
_ga4_cididentifier persists in your browser's local storage until you clear it;_ga4_sidlasts about 30 minutes;toolstand-themeremains until you clear it. - Our Google Analytics 4 property is configured to retain event-level data for 2 months and user-level data for up to 14 months.
- Data held by the other third-party services listed above is retained according to each vendor's own policy.
6. Your Choices & Controls
- Consent banner (EEA/UK/Switzerland). If you are in one of these regions, your consent choice is stored by the banner. You can change your decision by clicking the button below, or by clearing this site's cookies in your browser, which causes the banner to be shown again on your next visit.
- Opt out of personalized ads. Use Google Ads Settings or the industry opt-out page at aboutads.info.
- Clear cookies and local storage. You can delete cookies and clear the local
storage keys above through your browser's settings or privacy controls. Removing
_ga4_cidresets the analytics identifier. - Do Not Track. The site does not currently respond to browser "Do Not Track" signals in a standardized way, because there is no common industry standard for honoring them.
7. Your Rights
Depending on where you live, you may have rights over your personal information under laws such as the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA). These may include the right to access, correct, or delete your information, and to opt out of certain uses.
Under the CCPA/CPRA, the use of advertising cookies to serve personalized ads based on your activity across sites may be considered a "sale" or "share" of personal information. You can limit this using the ad opt-out links in section 6. To exercise any of these rights, contact us at hello@toolstand.io.
Legal bases (GDPR). Where the GDPR applies, we rely on your consent — collected via the consent banner in the EEA, the UK and Switzerland — for advertising cookies and for Google Analytics measurement, and on our legitimate interest for first-party aggregate usage statistics that store nothing on your device, for security and rate limiting, and for cookieless traffic analytics.
8. Children's Privacy
The site is not directed to children, and we do not knowingly collect personal information from children under 13, or under 16 where the EEA/UK GDPR applies. If you believe a child has provided information through the site, contact us at hello@toolstand.io and we will take appropriate steps.
9. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date.
10. Contact
If you have questions about this privacy policy, contact us at hello@toolstand.io.