Privacy Policy

Overview

Payload Playground is a free, client-side security testing toolkit. We are committed to protecting your privacy. This policy explains what data we collect, what we do not collect, and how your information is handled when you use our website at payloadplayground.com and the payload-playground CLI package on npm.

What Data We Collect

We collect minimal, anonymized usage data through third-party analytics services:

• Google Analytics — collects anonymized pageview data including pages visited, session duration, approximate geographic region, browser type, and device category. IP addresses are anonymized by Google. No personally identifiable information (PII) is collected.
• Vercel Analytics — collects anonymized web performance metrics such as page load times and Web Vitals. No PII is collected.

What Data We Do Not Collect

We do not collect, store, or transmit any of the following:

• Names, email addresses, or any personal information
• Account credentials (there are no user accounts)
• Any input you enter into generators, tools, or the encoding pipeline
• Payloads, tokens, hashes, or any data you process on the site
• Payment or billing information
• IP addresses (Google Analytics anonymizes these automatically)

Client-Side Processing

All tools, generators, and the encoding pipeline run entirely in your browser using client-side JavaScript. No input data is ever sent to our servers or any third party. Your payloads, tokens, hashes, encoded data, and all other tool input and output remain exclusively on your device.

Local Storage

We use your browser's local storage for two purposes only:

• Theme preference — stores whether you selected dark or light mode so your preference persists between visits.
• Generator settings — stores your last-used configuration for payload generators (e.g., selected payload type, encoding options) so you can resume where you left off.

This data is stored locally on your device and is never transmitted to any server. You can clear it at any time through your browser settings.

Cookies

The following cookies may be set when you visit Payload Playground:

No advertising, marketing, or tracking cookies are used. You can block or delete these cookies through your browser settings without affecting core functionality.

No User Accounts

Payload Playground does not offer user accounts, registration, or login functionality. There is no sign-up process, no email collection, and no newsletter. All features are available immediately without any form of authentication.

CLI Package

The payload-playground CLI package (available on npm) runs entirely on your local machine. It does not collect any data, send analytics, or make network requests. All payload generation and utility functions execute locally.

Third-Party Services

We use the following third-party services:

• Google Analytics — for anonymized usage statistics. Google Privacy Policy
• Vercel — for hosting and performance analytics. Vercel Privacy Policy
• npm (GitHub) — for distributing the CLI package. GitHub Privacy Statement

Children's Privacy

Payload Playground is not directed at children under the age of 13. We do not knowingly collect any information from children. The tools are intended for security professionals, researchers, and students engaged in authorized security testing and education.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected on this page with an updated "Last updated" date. We encourage you to review this page periodically.

Contact

If you have any questions about this privacy policy, please contact us at [email protected].