no accounts. no tracking.
files never leave your device.

1. who operates fatcousin

fatcousin — including fatcousin forensics, the stack pipeline, and every browser tool published at fatcousin.com — is operated by fatcousin labs inc., a company registered in Ontario, Canada. throughout this document we and the operator refer to fatcousin labs inc..

2. how your files are processed

every tool processes your data entirely on your device. files you select are read by JavaScript running in your own browser tab. heavy work (video, audio, machine learning, hashing) runs in web workers on your machine.

we do not upload, transmit, store, mirror, cache, or back up the files you process. we have no technical ability to access, recover, or review anything you put into a fatcousin tool. when you close the tab, the working data is gone. you can verify this yourself — load a tool, open your browser's network panel, and watch that no request carries your file. the no-egress test page makes this explicit.

3. what we do not collect

fatcousin has:

• no user accounts, logins, or profiles;
• no advertising, ad networks, or marketing pixels;
• no analytics or telemetry that fingerprints, profiles, or tracks a session across pages or visits;
• no cookies set by us for tracking. any browser storage we use (e.g. localStorage, sessionStorage, IndexedDB) stays on your device to hold your own work — tool preferences and, inside fatcousin forensics, your local case sessions — and is never sent to us.

one caveat worth stating plainly: data we keep in your browser stays on the device, but it is not private from other people who use the same browser profile. on a shared, monitored, or family computer, the next person could open your case sessions. for sensitive casework, use a device the other party can't access and clear your sessions and downloads when done.

4. the one thing we do collect: bug reports

when a tool errors, a small reporter can send an anonymous diagnostic report so we can fix it. soft errors are only sent if you choose to send them. if you dismiss the prompt (the ✕), nothing is sent. only when a severe crash prompt is left untouched does a redacted report submit automatically after about forty seconds, as a safety net. before anything is sent, you can expand “see exactly what we send” to read the precise payload.

a bug report contains only:

• the tool slug and the page URL you were on;
• the error message and JavaScript stack trace, with obvious PII (email addresses, things shaped like SSNs or phone numbers, and long digit sequences) stripped to «redacted» before anything is queued or sent;
• browser name + version, operating system, and screen size;
• for any files involved: file extension and size only — redacted to e.g. «redacted».csv · 2.1 MB. we never transmit the file name, and we never transmit any file content;
• an optional free-text note you type yourself (please don't paste sensitive details into it).

a report carries no identity — no name, no email, no account, no device identifier. report ids are generated locally and are random. reports are filed as tickets in our public issue tracker (GitHub) so anyone can see how we triage them. a note for sensitive casework: a file's extension is sent, but its name never is — so a filename that itself reveals a subject, a victim, or a case can't leak through a bug report.

retention: because reports become GitHub issues, they persist until closed and may remain in the repository's history afterward. they hold no identifying data, but if you want a report you submitted removed, email us with the report id (or enough detail to find the issue) and we will delete it.

5. hosting & server logs

the site is served by our hosting provider (Vercel) and its content delivery network. like any web host, their infrastructure may process standard request metadata — such as your IP address, the requested URL, and a timestamp — transiently to deliver pages and protect against abuse. we do not use that metadata to build profiles, we do not combine it with your file activity (which never reaches a server), and we do not sell or share it. tool bundles and pages are static assets cached at the edge.

6. third parties

we keep third parties to the minimum needed to run a static site:

• Vercel — hosting + CDN for the site and tool bundles;
• GitHub — where anonymous bug reports are filed as issues.

we do not embed third-party advertising, social trackers, or session-recording tools. external links you choose to follow are governed by their own privacy policies.

7. your rights (GDPR / CCPA and similar)

depending on where you live, you may have rights to access, correct, or delete personal data an organization holds about you. because fatcousin holds no accounts and bug reports are anonymous, we generally cannot link any data to a specific person, and we do not sell personal information. if you believe a bug report you submitted contains something you want removed, email us with the report id (or enough detail to find the issue) and we will remove it.

we do not knowingly collect data from children. fatcousin is intended for use by adults and professionals.

8. changes

this policy may be revised; check the version + last-reviewed date at the top of the page. material changes will bump the major version number.

9. contact

questions about this policy or a data request — reach fatcousin labs inc. at labs@fatcousin.com. this policy is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein — see the disclaimer for the full governing-law and jurisdiction terms.