Tools by Lunar Turtle
Back to tools

Tools by Lunar Turtle

Privacy Promise

Most tools run in your browser, so your data stays on your device. If a tool needs to send data to our server, we tell you upfront what is sent and why.

  • Local by default: most tools process input in your browser and do not upload your content, which means your data stays on your device.
  • If a tool needs upload, we say so clearly: when a tool requires network processing, we explain what is sent and why.
  • No hidden processing: transformations happen in your browser session.
  • No accounts: you can use these tools without signing in.
  • Static deployment: this site is built as static pages, not a server app handling tool data.
  • Plain summary: Device Drop lets you move a file to another device with a 12-character code.
  • How transfer works now: your browser encrypts the file before upload. Our Worker stores only encrypted data for retrieval.
  • What we can and cannot see: we do not have the key to decrypt your file. Without your code (and optional passcode), the stored data is unreadable.
  • Access controls: upload and metadata retrieval require Turnstile verification. You can optionally add a passcode for extra protection.
  • Expiry and deletion: drops expire after 15 minutes. Expired drops are blocked and removed by cleanup.
  • No code in URL: drop codes are sent in request bodies, not URL paths or query strings.
  • Data use limits: drop data is used only to complete the transfer flow.
  • Plain summary: Lead Drop records lightweight event pings for route and action analytics.
  • What is sent: client pings send `type` and `path` values in the JSON body, plus workspace/public-key headers.
  • Authentication model: the public ping route uses workspace plus public key. Private stats and key rotation use secret passphrase and Turnstile verification.
  • How data is stored: Lead Drop stores aggregated counts by UTC day, event type, and optional path grouping, not session replay data or uploaded file contents.
  • Credentials handling: workspace credentials are created once and can be rotated. `secret_passphrase` is returned only during create and rotate flows.
  • Data use limits: event data is used for per-workspace metrics and query responses, not for cross-tool content processing.