Privacy
ShiftKit is built around the idea that your config never leaves your machine. This page describes exactly what data is collected and what isn’t.
What we don’t collect
- Your config input. Conversion runs in a Web Worker in your browser. The page makes no network requests with your input.
- Accounts or identifiers. There is no signup, no login, no cookie set by ShiftKit.
- Cross-site tracking. No advertising trackers, remarketing pixels, or fingerprinting. ShiftKit uses Cloudflare Web Analytics, which is cookieless and does not track individuals across sites.
What we do collect
Your hosting provider records standard request logs (IP address, user agent, URL requested, timestamp) for operational and abuse-prevention purposes. ShiftKit does not link these logs to any other identifier.
Cloudflare Web Analytics. A cookieless beacon that reports anonymous, aggregate pageview and performance metrics (page timing, Core Web Vitals). Your pasted config is never sent to it.
A first-party Core Web Vitals endpoint (/api/vitals) receives anonymous performance numbers from your browser via navigator.sendBeacon: the metric name (LCP, INP, CLS, TTFB, FCP), its numeric value, the rating bucket, and the pathname of the page you were on. No IP address, user agent, cookie, or device identifier is sent in the payload; the request itself is subject to the same hosting-provider request logs noted above and is not cross-referenced.
Third-party links
Pages link out to npm, GitHub, and similar sites. Once you click a link, that site’s privacy policy applies - not this one.
Changes to this policy
Material changes to data collection (analytics, ads, etc.) will be reflected here before they take effect. The git history of this page is the canonical record.
Contact
Questions about privacy: see the contact page.