FormatDogWorkspace

100% SECURE PRIVATE SANDBOX

Privacy Policy

Last updated: July 6, 2026

The short version: every file you select in FormatDog — PDFs, images, documents — is processed entirely inside your own browser. It is never uploaded, transmitted, or sent to our servers or anyone else's. We have no way to see, access, or store the contents of any file you work with here, because that work never leaves your device.

This policy explains, in plain language, what does and doesn't happen with your data when you use FormatDog. If anything here is unclear, you can reach us any time — see the Contact page.

The files you work with

FormatDog's tools — merging, splitting, compressing, signing, password-protecting, converting, and every other tool on this site — run using JavaScript and WebAssembly directly in your web browser. When you select a file, your browser reads it locally and processes it on your own device. At no point does that file get sent over the internet to FormatDog, to our hosting provider, or to any third party. This is true for every tool on the site without exception.

What we do collect

Like virtually any website, our hosting provider automatically logs basic technical information for every visit — things like your IP address, browser type, the pages you visit, and the date and time of your visit. This is standard web server logging used for security and troubleshooting, and it does not include the contents of any file you process using our tools.

We do not require accounts, logins, or registration to use any tool on this site, and we do not ask for or store your name, email address, or any other personal information as a condition of using FormatDog.

One exception worth explaining clearly: OCR language files

Our Extract Text from Images (OCR) tool needs a language "model" to recognize text — a generic, publicly available file with no connection to you or your data. The first time you use a particular language, your browser downloads that file once from a content delivery network. This is a one-way download of generic software, not an upload of anything about you or your image. The image or document you're extracting text from is never sent anywhere.

The same exception applies to: background removal

Our Remove Image Background tool works the same way. It uses a detection model (built on Google's open-source TensorFlow.js and MediaPipe Selfie Segmentation technology) to identify the person in a photo, entirely inside your browser — your photo is never uploaded or sent anywhere. The detection model itself — a generic file identical for every user, with no connection to you or your photo — is downloaded once per browser session from its hosting source, the same one-way, no-data-in-either-direction pattern as the OCR language files above.

Camera and location access: GPS Camera tool

Our GPS Camera tool asks for two browser permissions — camera and location — to stamp a photo with your coordinates, date, and time. Both are read directly by your own browser and used only to build the image on your device; neither your camera feed nor your location is ever transmitted anywhere, stored by us, or accessible once you close the page. This tool currently shows raw GPS coordinates only, not a readable street address, specifically because converting coordinates into an address would require sending your location to a third-party mapping service — a trade-off we've chosen not to make by default.

Cookies and advertising

FormatDog is free to use, and may display advertising served through Google AdSense to help cover hosting costs. If ads are shown on this site, Google and its advertising partners may use cookies to serve ads based on your prior visits to this website or other websites. This is standard interest-based advertising:

These advertising cookies relate only to general browsing behavior for ad personalization — they have no access to, and no connection with, the files you process using FormatDog's tools.

Third-party libraries used by this site

FormatDog's tools are built using several open-source, third-party libraries that run entirely in your browser: Tesseract.js (OCR), pdf-lib and pdf.js (PDF processing), Mammoth.js (Word document conversion), qpdf-wasm (PDF encryption), and TensorFlow.js with MediaPipe Selfie Segmentation (background removal). These are code libraries, not services — they execute locally on your device and do not transmit your files anywhere. The library code itself is self-hosted on our own server rather than loaded from third-party CDNs, specifically to minimize external connections. One exception: the background removal detection model's data file (as opposed to the code that runs it) is, at the time of writing, loaded from its original hosting source rather than our own server — we're working toward self-hosting this file too, and will update this page once that's complete. As explained above, this file contains no user data in either direction.

Children's privacy

FormatDog is not directed at children under 13, and we do not knowingly collect personal information from children. Since the site doesn't collect personal information from any user in the first place, this is true for visitors of any age.

Your rights and choices

Because FormatDog doesn't collect or store your files or personal information, there is generally nothing for us to access, correct, or delete on your behalf. For choices related to advertising cookies, see the "Cookies and advertising" section above. If you have questions about data protection rights that apply in your specific location, we recommend consulting your local data protection authority, as requirements vary by country and region.

Changes to this policy

We may update this policy from time to time, for example as tools are added or advertising is introduced. Material changes will be reflected in the "Last updated" date at the top of this page. We encourage you to review this page occasionally if you have concerns about how the site works.

Contact us

Questions about this policy or how FormatDog works? Visit our Contact page to reach us.