Privacy Explained: How Pruneify Keeps Your Text Private
Most AI text detection tools require you to paste your content into a web form that uploads it to a server. You have no control over what happens next — whether it is logged, stored, used for training, or shared. Pruneify takes a fundamentally different approach. Every operation — detection, normalization, formatting, and export — runs 100% in your browser. Your text never leaves your device. This guide explains exactly how that works, what is stored, what is not, and why client-side processing matters for privacy.
Key Takeaways
- All text processing — detection, normalization, formatting — runs in your browser via JavaScript. No server ever sees your text.
- No uploads, no API calls for analysis, no backend processing. Zero network requests carry your content.
- User preferences and session (including pasted text) are stored in localStorage; analysis history (up to 50 entries) in IndexedDB. All in your browser. Clear anytime via site data.
- No analytics cookies, no tracking pixels, no third-party scripts that access your content.
- GDPR compliant by architecture — no personal data is collected or transmitted.
100% Client-Side Processing: What It Means
"Client-side" means the code runs in your web browser, not on a remote server. When you paste text into Pruneify, the JavaScript loaded in your browser performs every operation: scanning for templated phrases, calculating sentence burstiness, measuring vocabulary richness, detecting tone, normalizing characters, and formatting output. The result is displayed directly in your browser tab.
At no point does the application send your text over the network. You can verify this yourself: open your browser's developer tools, switch to the Network tab, paste text, and run detection. You will see zero requests carrying your content. The only network activity is the initial page load (HTML, CSS, JavaScript) — after that, everything is local.
This architecture is not just a privacy feature — it also makes Pruneify fast. There is no round-trip latency to a server. Detection completes in milliseconds, not seconds. And it works offline: once the page is loaded, you can disconnect from the internet and the tool still functions.
Takeaway: Client-side means your text stays on your machine. Period. No server, no upload, no exception.
What Server-Based AI Detectors Do With Your Text
Most AI text detection tools on the market are server-based. You paste text into a form, it is sent to a backend API, processed by a machine learning model, and a score is returned. What happens to your text after that depends entirely on the provider's privacy policy — and most policies are vague.
Common practices among server-based detectors include:
- Logging: Text is stored in server logs for debugging, sometimes indefinitely.
- Training: Submitted text may be used to retrain or fine-tune detection models.
- Third-party sharing: Some services use third-party infrastructure (cloud APIs, analytics) that may have separate data access.
- Retention: Even if a policy says "we do not store your text," server logs, CDN caches, and database backups can retain content for weeks or months.
For casual use, this may be acceptable. For educators checking student submissions, businesses reviewing proprietary documents, or anyone handling sensitive content, it is a risk. Once your text leaves your device, you lose control over it.
Takeaway: Server-based tools create a data custody chain you cannot audit. Client-side tools eliminate that chain entirely.
Client-Side vs. Server-Side AI Detection: Privacy Comparison
| Factor | Pruneify (client-side) | Server-based detectors |
|---|---|---|
| Text uploaded to server | No — never | Yes — required for analysis |
| Server logs of your text | None | Possible — depends on provider |
| Text used for model training | No | Possible — check privacy policy |
| Third-party data access | None | Possible — cloud infra, analytics |
| Works offline | Yes — after page load | No — requires network |
| GDPR data transmission | Not applicable — no data leaves device | Applies — data crosses boundaries |
| Verifiable by user | Yes — check Network tab | No — backend is opaque |
What Pruneify Stores (and What It Does Not)
Stored: User Preferences Only
Pruneify stores your settings — sensitivity slider position, normalization toggle states — in your browser's localStorage. These are small key-value pairs (a few bytes) that persist between sessions so you do not have to reconfigure the tool each time. localStorage is scoped to your browser and domain. No other website can read it.
Stored Locally: Session (localStorage)
To restore your work across refreshes, Pruneify saves your session in pruneify-session (localStorage). This includes pasted or uploaded text (inputs) and the active tab. It persists until you clear site data or close the tab, depending on your browser.
Stored Locally: History (IndexedDB)
Analysis history is stored in IndexedDB (pruneify-history): up to 50 entries with rawText, outputText, and summary. This lets you browse past analyses. All of it stays in your browser — nothing is sent to any server. If you want a copy elsewhere, use the export feature.
How to Clear Your Data
To remove all stored text and history: open Developer Tools (F12) → Application (or Storage) → Storage → Clear site data. Or use your browser's "Clear browsing data" and include cookies and site data. See the Cookie Policy for step-by-step instructions per browser.
No Cookies for Tracking
Pruneify does not set analytics cookies, tracking pixels, or fingerprinting scripts. The only cookies, if any, are essential session cookies set by the hosting platform. See the cookie policy for details.
No Analytics, No Tracking, No Third-Party Scripts
Pruneify does not use Google Analytics, Facebook Pixel, Hotjar, Mixpanel, or any analytics platform. There is no JavaScript from third-party domains that can access your content. The only scripts loaded are Pruneify's own application code.
This is a deliberate choice. Analytics tools are useful for product development, but they introduce third-party code with its own data collection, cookie policies, and privacy implications. For a tool that handles potentially sensitive text, the tradeoff is not worth it.
Takeaway: No tracking means no data leaks through analytics pipelines. Your usage of Pruneify is not monitored, profiled, or logged.
GDPR Compliance: Privacy by Architecture
GDPR regulates the collection, processing, and transmission of personal data. Most compliance frameworks assume data flows from the user to a server. Pruneify sidesteps this entirely: no personal data is collected, no data is transmitted, and no data is processed on a server. GDPR obligations around data transmission, storage, consent, and right to deletion do not apply because the data never leaves your device.
This is sometimes called "privacy by architecture" or "privacy by design" — building the system so that privacy violations are structurally impossible, not just policy-prohibited. You do not need to trust a privacy policy; you can verify the architecture yourself.
For organizations in the EU, EEA, or any jurisdiction with strict data protection laws, client-side tools eliminate a category of compliance risk. No Data Processing Agreements (DPAs) are needed. No cross-border data transfer issues arise. See the GDPR page for the full statement.
Takeaway: Client-side architecture is the strongest form of GDPR compliance — it makes data collection impossible, not just prohibited.
Privacy for Educators and Academic Institutions
Educators checking student submissions for AI-generated content face a dilemma: most detection tools require uploading student work to a third-party server. In the US, FERPA (Family Educational Rights and Privacy Act) restricts the disclosure of student education records to third parties. In the EU, GDPR applies to student data.
Pruneify eliminates this concern. No student text is uploaded, logged, or transmitted. Educators can paste student work, run detection, review the breakdown, and close the tab — leaving no trace on any server. Students can also self-check their own drafts before submission without privacy risks.
Takeaway: For academic use, client-side detection avoids FERPA and GDPR complications entirely. Learn how to detect AI-generated text with the same privacy guarantees.
Privacy for Businesses and Sensitive Content
Businesses reviewing proprietary content — marketing copy, internal communications, legal documents, product specifications — cannot afford to upload that content to a third-party AI detector. Leaks, logging, and training on proprietary data are real risks.
With Pruneify, the risk is zero. Your proprietary text stays in your browser. No NDAs or vendor security reviews are needed for a tool that never touches your data. IT departments do not need to approve a data processing pipeline because there is no pipeline.
Takeaway: Client-side processing means no vendor risk, no data custody chain, and no compliance overhead.
How to Verify That Your Text Is Not Uploaded
Do not take our word for it. Verify it yourself:
- Open Pruneify in your browser and navigate to the tool.
- Open Developer Tools (F12 or Ctrl+Shift+I / Cmd+Option+I).
- Switch to the Network tab. Clear existing entries.
- Paste text into Pruneify and run detection.
- Check the Network tab. You will see zero requests that contain your text. No POST requests, no API calls, no data leaving your browser.
This level of verifiability is impossible with server-based tools. You cannot inspect what a remote server does with your data after receiving it. With client-side tools, the proof is in your own browser.
Frequently Asked Questions
Does Pruneify upload my text to a server?
No. Pruneify runs entirely in your browser. Detection, normalization, and formatting all happen client-side using JavaScript. Your text never leaves your device — there is no backend server that processes, stores, or logs your content.
What data does Pruneify store?
User preferences (sensitivity, toggles) are stored in localStorage. Session inputs (including pasted/uploaded text) are saved in localStorage so you can restore your work. Analysis history (rawText, outputText, summary, up to 50 entries) is stored in IndexedDB. All of this stays in your browser — nothing is sent to any server. You can clear it anytime via browser settings or Developer Tools → Application → Storage → Clear site data.
Is Pruneify GDPR compliant?
Yes. All stored data (preferences, session, history) stays in your browser only — nothing is transmitted to our servers. There are no analytics cookies, no tracking pixels, and no third-party scripts that access your content. The contact form sends data to Discord; see the Privacy Policy for that. Client-side storage is transparent and you can clear it at any time.
Can I use Pruneify for confidential or sensitive text?
Yes. Because all processing happens locally in your browser, Pruneify is safe for confidential documents, student submissions, proprietary content, and any text you would not want uploaded to a third-party service. Nothing leaves your device.
Your text is your data. Pruneify processes it 100% in your browser — no uploads to our servers, no tracking, no analytics. Detection, normalization, and formatting all happen locally. Preferences, session, and history are stored in localStorage and IndexedDB in your browser only; nothing is sent to any server. You can clear all of it anytime. GDPR compliant by architecture. Verifiable with a browser and a Network tab. Try Pruneify — free, no signup, fully private. For the legal details, see our Privacy Policy, GDPR statement, and Cookie Policy.