Back to Hub
The Zero-Trace Promise

Privacy Manifesto.

We built TypeMorph because we were tired of risking proprietary schemas by pasting them into random online converters.

1. 100% Local-First Execution

When you paste a 10,000-line JSON payload or a highly confidential PostgreSQL dump into TypeMorph, it never leaves your machine. All parsing, type inference, and code generation happens strictly within the secure sandbox of your web browser. We do not have a backend database to store your inputs. The two exceptions are covered in sections 3 and 4 below — both require explicit action from you.

2. What We Actually Collect

We use Google Analytics to collect aggregated analytical data such as page views and usage. We do not collect personally identifiable information, and we do not use it for retargeting advertising or data sales.

3. Feedback You Submit

TypeMorph includes an optional in-app feedback form. If you choose to submit feedback, the text you enter is sent to our Cloudflare D1 database and stored so we can read it. Submission is always voluntary and initiated by you. No schema content, no code, and no personal identifiers are included — only the message you type.

4. URL Import & What Leaves Your Browser

TypeMorph can load schemas directly from a URL. Here is exactly what happens in each case:

  • Schema conversion — always local. Parsing, type inference, and code generation happen entirely in your browser. The schema content is never sent to any server.
  • Direct fetch (CORS-allowed URLs). Your browser fetches the URL directly. No server is involved. This is the default path for most public OpenAPI specs.
  • Proxy fetch — explicit opt-in only. When a URL is blocked by CORS, TypeMorph stops and shows a warning. It does not silently route the request through a server. If you choose to click "Try via proxy," the URL is sent to our Cloudflare Worker, which fetches the content on your behalf and returns it. Do not use the proxy for internal, authenticated, or otherwise sensitive URLs.

The short version: if you never click "Try via proxy," nothing beyond standard page analytics ever leaves your machine.

5. Cookies & Local Storage

We use your browser's Local Storage to save your UI preferences (like Dark Mode) and temporarily cache your last clipboard text so you don't lose work if you accidentally refresh the page. This data lives on your hard drive, not ours.

"Our philosophy is simple: Developer tools should solve problems, not create security vulnerabilities. Your code is yours."

Last Updated: June 2026