Privacy Policy
Last updated: January 31, 2026
Introduction
Caring Consulting Co. ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you visit our website at caringconsulting.co.
Information We Collect
We collect information that you voluntarily provide to us when you use our contact form:
- Name: To address you properly in our response
- Email address: To respond to your inquiry
- Message content: To understand and address your inquiry
We do not use cookies for tracking purposes. We do not use analytics services that track individual users.
How We Use Your Information
We use the information you provide solely to:
- Respond to your inquiries and communicate with you
- Provide information about our services that you have requested
We do not sell, rent, or share your personal information with third parties for marketing purposes.
Free Online Tools
Our website offers free online tools that operate entirely within your web browser. These include:
| Tool | Libraries Used | Security Details |
|---|---|---|
| Countdown Timer | Web Audio API (native), Screen Wake Lock API | 100% client-side timer; alarm sounds generated locally via Web Audio API; optional localStorage for timer persistence; no network requests |
| Document Redactor | pdfjs-dist (Mozilla), pdf-lib, Canvas API | Client-side rendering; redactions permanently flattened into output; original content destroyed |
| Face Blur | @mediapipe/tasks-vision (MediaPipe) | AI models loaded from CDN; Canvas API for blur effects; metadata automatically stripped; no image uploads |
| File Encryptor | Web Crypto API (native) | AES-256-GCM authenticated encryption; PBKDF2 key derivation with 100,000 iterations; 128-bit salt, 96-bit IV |
| Hash Generator | Web Crypto API (native), js-md5 | SHA-1/256/512 via SubtleCrypto; MD5 via js-md5 (for legacy compatibility only) |
| HEIC Converter | heic-convert, libheif-js | Canvas API for image rendering; no network requests |
| Image Compressor | browser-image-compression | Canvas API for compression; quality control 0-100% |
| Internet Speedtest | Fetch API, Web Crypto API | Download tests use Cloudflare CDN (IP visible to Cloudflare); all speed calculations in-browser; test history stored in localStorage only; processing test is 100% local |
| Local AI Chat | @mlc-ai/web-llm, Chrome AI API (window.ai) | AI models run 100% in-browser via WebGPU; conversations never leave your device; model cached locally in IndexedDB; no server communication during chat |
| Metadata Stripper | exif-js, Canvas API (native) | Canvas redraw removes all EXIF/GPS metadata; original quality preserved |
| Password Generator | Web Crypto API (native) | crypto.getRandomValues() for cryptographically secure randomness; entropy calculation |
| PDF Converter | pdfjs-dist (Mozilla), docx | Text extraction only; HTML output is XSS-sanitized |
| Privacy Check | Web Crypto API (native), Canvas API, WebGL, AudioContext | 100% client-side fingerprint analysis; no data collected or transmitted; tests browser APIs locally to detect tracking vectors |
| QR Code Generator | qrcode.react | SVG/Canvas rendering; no data transmission |
| Readability Analyzer | pdfjs-dist (Mozilla), mammoth | 100% client-side text analysis; PDF text extraction via pdfjs-dist; Word document extraction via mammoth; all readability calculations performed locally; no file uploads |
| SCORM/xAPI Inspector | JSZip (bundled) | 100% client-side ZIP extraction; SCORM content runs in sandboxed iframe with postMessage communication; no network requests; uploaded packages never leave your device |
Note on quantum resistance: AES-256 symmetric encryption is considered resistant to known quantum computing attacks. The 256-bit key provides approximately 128-bit security against Grover's algorithm.
All tools are designed with your privacy in mind:
- No uploads: Files you process using our tools are never uploaded to our servers or any third-party servers
- Local processing: All file conversion, encryption, and processing happens locally on your device using your browser's capabilities
- No data retention: When you close the browser tab or navigate away from the tool, all processed files, passwords, and data are automatically deleted from your browser's memory
- No tracking: We do not track which files you process, passwords you generate, or collect any metadata about your usage of these tools
- Secure cryptography: Our encryption tools use the Web Crypto API for cryptographically secure operations
The tools use open-source libraries that run entirely in your browser. Your files and data remain completely private and under your control at all times.
AI Model Downloads
Some of our tools require downloading AI models to your browser. We want to be transparent about what this means for your privacy:
Local AI Chat
- Download size: Large language models range from 1-4+ GB depending on the model you choose.
- Download source: Models are downloaded from Hugging Face's CDN servers. During download, Hugging Face can see your IP address, browser user agent, and download timestamps.
- No authentication required: We specifically chose publicly available models that do not require Hugging Face login, minimizing data collection.
- After download: Once models are cached locally, all AI processing happens entirely on your device. Hugging Face has no visibility into your prompts or conversations.
Face Blur
- Download size: The MediaPipe face detection model is approximately 5MB.
- Download source: The model and WebAssembly runtime are downloaded from Google's CDN (storage.googleapis.com and cdn.jsdelivr.net). During download, these services can see your IP address and browser user agent.
- After download: Once cached, face detection runs entirely in your browser. Your photos are never sent to any server.
Privacy recommendation: If you are concerned about IP address visibility during model downloads, you may use a VPN service before loading these tools for the first time.
Third-Party Services
We use the following third-party services to operate our website and tools:
- Resend: Email delivery service used to send contact form submissions to us. Resend processes your email address and message content to deliver your inquiry. See their privacy policy.
- Vercel: Website hosting service. See their privacy policy.
- Hugging Face: AI model hosting for Local AI Chat. Models are downloaded from their CDN during first use. See their privacy policy.
- Google (MediaPipe): AI model hosting for Face Blur. The face detection model and WebAssembly runtime are downloaded from Google's servers during first use. See their privacy policy.
- Cloudflare: CDN used for Internet Speedtest downloads. Your IP address is visible to Cloudflare during speed tests. See their privacy policy.
Data Retention
We retain your contact form submissions only as long as necessary to respond to your inquiry and maintain records of our communications. You may request deletion of your data at any time by contacting us.
Your Rights Under GDPR (European Users)
If you are located in the European Economic Area (EEA), you have the following rights:
- Right to access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate personal data
- Right to erasure: Request deletion of your personal data
- Right to restrict processing: Request that we limit how we use your data
- Right to data portability: Request a copy of your data in a machine-readable format
- Right to object: Object to our processing of your personal data
Legal basis for processing: We process your data based on your consent when you submit the contact form and our legitimate interest in responding to business inquiries.
Your Rights Under CCPA (California Users)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to know: Request information about what personal data we collect, use, and disclose
- Right to delete: Request deletion of your personal data
- Right to opt-out: Opt out of the sale of your personal data (note: we do not sell personal data)
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights
Categories of personal information collected: Identifiers (name, email address) and information you provide in your message.
We do not sell your personal information.
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our website uses HTTPS encryption for all data transmission.
Children's Privacy
Our website is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.
Contact Us
If you have any questions about this privacy policy or wish to exercise your privacy rights, please contact us at:
Email: support@caringconsulting.co
Business: Caring Consulting Co.
Related Documents
Please also review our Terms of Service, which governs your use of our website and free online tools.