JWT Vault is a 100% local tool. Every decoding operation and every signature verification runs inside your browser using the Web Crypto API. Your tokens, payloads, private keys, and secrets are never transmitted to any server, never logged, and never stored outside the encrypted on-device vault you control. This is enforced by the extension's Content Security Policy at the browser level, not merely promised on this page.
JWT Vault is a Chrome extension that lets you decode JSON Web Tokens (JWTs), verify their signatures, explore claims, and save tokens to an encrypted on-device vault. All processing happens locally in the extension's sandboxed JavaScript environment using the browser's built-in SubtleCrypto API.
The following data is never collected, never transmitted, and never accessible to Peak Productivity or any third party:
JWT Vault declares only the minimum permissions required:
JWT Vault does not declare <all_urls>, scripting, tabs, history, cookies, or any permission that would give it access to your general browsing activity.
The single outbound connection JWT Vault makes is an anonymous license check to peakproductivity.online to determine whether a Pro license is active for the current device. This request contains only:
No token data is included in any network request. This is technically enforced by the following Content Security Policy in the extension manifest, which the browser itself enforces:
Content-Security-Policy: script-src 'self'; connect-src 'self' https://peakproductivity.online
There are no analytics SDKs, no third-party CDNs, and no remote scripts loaded by the extension at runtime.
When you choose to save a token, it is stored in Chrome's local storage, encrypted with a key derived from a passphrase you set using PBKDF2. The plaintext token is never written anywhere unencrypted. Peak Productivity has no access to vault contents.
For Pro users who enable team vault sync, the vault is sent to peakproductivity.online as an opaque encrypted blob. The server stores only the ciphertext. Without your passphrase, the server cannot decrypt or read any vault content.
JWT Vault may record anonymized product events (for example: extension opened, decode performed, vault saved) associated only with a randomly generated device identifier. These events contain no token data, no personal information, and no content from your decoded tokens. Analytics are used solely to understand feature usage and improve the product. They are never shared with or sold to third parties.
Pro subscriptions are processed by Stripe. JWT Vault does not handle payment card data directly. When you complete a checkout, Stripe shares a subscription status and a customer reference with peakproductivity.online, which is used to activate your license. Stripe's privacy policy applies to payment processing: https://stripe.com/privacy.
If you provide an email address during checkout, it is held by Stripe and used only to send subscription receipts and billing notifications. We do not add it to marketing lists without your explicit consent.
Peak Productivity does not sell, rent, or trade any user data to any third party under any circumstances.
JWT Vault contains no Google Analytics, no Facebook Pixel, no Segment, no Mixpanel, and no other third-party tracking library. There is no advertising network integration of any kind.
JWT Vault is a developer tool not directed at children under 13. We do not knowingly collect any information from children.
If this policy changes in a material way, the updated version will be posted at https://peakproductivity.online/jwt-inspector/privacy/ with an updated date at the top. Significant changes will also be noted in the extension's release notes.
Questions about this policy or how JWT Vault handles data can be sent to support@peakproductivity.online.