Transparency6 min

Zro7 Transparency Report: What Leaves Your Browser (Spoiler: Nothing)

A byte-level accounting of every network request Zro7 makes: HTML, JS, WASM, and fonts. No file bytes, no telemetry payloads, no third-party trackers.

This entire post is verifiable — open your browser DevTools Network tab, use any Zro7 tool, and inspect every request.

Zro7 processes files entirely in your browser using WebAssembly. This post lists every category of network request our site makes, so you can verify it yourself in DevTools → Network. Short version: we load code, we do not upload your files. Ever.

What Zro7 sends

  • HTML/CSS/JS bundles: the app itself, from our CDN.
  • WASM modules: pdf-lib, ffmpeg-core, DuckDB, Tesseract, etc. — one download per tool, cached.
  • Fonts: Plus Jakarta Sans woff2.
  • Sitemap/robots: crawler traffic only.

What Zro7 does NOT send

  1. Your files — PDFs, images, video, audio, CSVs. Zero bytes.
  2. Filenames, sizes, or metadata.
  3. Analytics beacons keyed to actions inside a tool.
  4. Cookies with user IDs. Session state stays in localStorage.
  5. Third-party tracker scripts (Facebook Pixel, Google Ads, Hotjar, etc.).

Tools that DO make network requests

Two categories, both by design, both DNS/protocol lookups that don't touch your files:

  • DNS/MX/WHOIS/RDAP tools: hit Cloudflare DoH and IANA RDAP directly from your browser. The query is a domain name you typed; we never see it.
  • Barcode / QR generators: purely client-side; no requests once the page is loaded.

Third parties

  • CDN: Cloudflare (delivers HTML/JS/WASM, standard access logs).
  • Fonts: self-hosted, no Google Fonts request.
  • Analytics: none served today. If we add anonymous page-view counting later, it will be listed here first.

How to verify

  1. Open DevTools → Network in Chrome/Firefox/Safari.
  2. Clear the panel.
  3. Load Compress PDF, drop a 20 MB PDF, run compress.
  4. Look at Uploads (bytes sent). You'll see kilobytes of HTTP headers — not megabytes of file data.
  5. Repeat for any tool. Big uploads never appear.

Open source & audits

The underlying WASM libraries — pdf-lib, ffmpeg.wasm, DuckDB-WASM, @imgly/background-removal, Tesseract.js — are open source. Anyone can inspect them. Our wrapper code is minified and cache-busted; independent reviewers can diff it across releases.

Updated December 31, 2026 · Zro7 editorial team.

Frequently asked questions

Do you log which tools I use?

Only aggregate route hits on the CDN's default access logs — no user IDs, no file metadata.

What about crash reports?

None sent automatically. If you hit an error page you'll see the details in the browser only.

Are the DNS tools private?

Queries go to Cloudflare 1.1.1.1 over HTTPS. We're not a middleman.

Can I self-host Zro7?

The published bundle is a static site — mirroring it is technically possible. For now the canonical host is zro7.dev.

Do you share data with law enforcement?

We have nothing to share. Files never touch a server.

Related posts

← Back to blog