Logo
FreeMetaTools

Security Policy

Last Updated: June 11, 2026

At FreeMetaTools.com, we are committed to maintaining a secure and reliable platform for our global users. We employ security practices across our server configurations, codebases, and frontend client sandboxes to protect data integrity and prevent unauthorized access.

Transport Security (HTTPS Only)

All web traffic is forced to use encrypted **HTTPS** connections. We enforce HTTP Strict Transport Security (HSTS) to prevent man-in-the-middle attacks and ensure browsers only connect to our domain using TLS 1.2 or TLS 1.3 encryption protocols.

Isolated Client-Side execution

By architecture design, 90% of our codebases process inputs locally within your browser's sandboxed JavaScript context. This means:

  • No Server Attacks: Because inputs are not sent to our server database, SQL injections, server-side parameter manipulations, or backend credential theft have no impact on your inputted texts or hashes.
  • Cross-Site Scripting (XSS) Prevention: All inputs rendered inside our output components are fully sanitized and escaped. We do not evaluate raw input strings as active HTML or script elements.

FastAPI Backend Security

For backend dependent utilities (e.g., PDF compilation or PowerPoint conversions), our Python compute nodes are hardened:

  • Isolated Containers: File operations run in locked down, unprivileged container instances with limited CPU, memory, and disk quotas to prevent Denial of Service (DoS) attacks.
  • Sanitized Input Parameters: File uploads undergo mime-type validation and header inspection to block malicious payloads or script execution.
  • No Persistence: Servers do not retain database connections containing user records or credentials.

Vulnerability Disclosure Program

We welcome contributions and audit reports from security researchers and ethical hackers. If you discover a vulnerability, misconfiguration, or security risk (such as XSS, CSRF, or server-side leaks), please report it responsibly:

  1. Report: Send a detailed description of the vulnerability, along with proof-of-concept steps, to our security desk at security@freemetatools.com.
  2. Review: Our engineering team will acknowledge your report within 48 hours and coordinate a fix.
  3. Resolution: Once resolved, we will publish the patch and, with your permission, credit you in our deployment notes. We ask that you refrain from public disclosure until the patch is applied.

Security Audits

We perform routine updates to our dependency libraries, frameworks, and Node packages to address known CVEs (Common Vulnerabilities and Exposures) and maintain a clean security index.