JiffyWork
Back to help

Security

Security Policy

JiffyWork is a personal tools website for everyday office, document, table, image, text, and conversion workflows.

How Tools Handle Data

Most JiffyWork tools process files and text directly inside your browser. The site is designed so common tasks can run on your device without requiring an account or sending file contents to a JiffyWork application server.

Please avoid using public or shared devices for sensitive material. Browser storage and downloads are controlled by your device, browser profile, and operating system.

Sensitive Files

JiffyWork does not ask users to upload sensitive files for the current public tools. When a tool lets you select a file, selection happens through the browser file picker and the page can only read files you explicitly choose.

For highly sensitive documents, use a copy, review results before sharing, and clear browser data when working on a shared computer.

Server Conversion Roadmap

Future server-assisted conversion features will include separate explanations for upload behavior, temporary file storage, processing limits, result retention, cleanup timing, and failure handling.

Any server-assisted tool should make the upload boundary clear before processing starts. Until a real converter is implemented and documented, planned conversion adapters should be treated as diagnostics or workflow previews.

Reporting Security Issues

If you find a security issue, use this policy page as the public contact target. Do not send private documents, passwords, tokens, API keys, or personal identity files as proof. A minimal description, affected URL, browser version, and safe reproduction steps are enough.

JiffyWork does not publish a private email address on this page. A dedicated contact channel can be added later without changing the security.txt location.

Scope

Useful reports include unwanted file uploads, exposed private paths, unsafe public navigation to hidden admin areas, script injection, broken download boundaries, or security headers that interfere with safe use.

Out of scope: social engineering, denial-of-service testing, automated high-volume scans, or reports that require accessing data that is not yours.