How to Verify a Website's Privacy Claims Yourself

The most reliable way to verify privacy claims is to observe what data actually leaves your computer. Every modern browser includes tools that let you monitor network activity in real time. This is not about trusting what a website says—it's about seeing what it does.

When you use a file processing tool, one of two things happens: either your file data is sent to a remote server (an upload), or it's processed entirely within your browser. Network monitoring reveals which is occurring.

• Uploads appear as outgoing POST or PUT requests with file data in the payload
• Local processing shows no outgoing requests during the actual file operation
• Some sites may send metadata or analytics separately from file content
• Look for requests to domains other than the site you're visiting

The key insight is that network requests cannot be hidden from browser DevTools. If data is being transmitted, you will see evidence of it.

Browser Developer Tools (DevTools) are built into every major browser and provide detailed visibility into what a website is doing. Here's how to use them for privacy verification:

Step 1: Open DevTools
Press F12 (Windows/Linux) or Cmd+Option+I (Mac) to open DevTools. Alternatively, right-click anywhere on the page and select "Inspect" or "Inspect Element".

Step 2: Navigate to the Network tab
Click on the "Network" tab in the DevTools panel. This shows all network requests the page makes in real time.

Step 3: Clear existing activity
Click the clear button (a circle with a line through it) to remove previous requests. This gives you a clean slate to observe.

Step 4: Perform the file operation
Now use the website's file processing feature. Select your file and initiate the operation (merge, convert, compress, etc.).

Step 5: Analyze the results
Watch the Network tab during processing. Click on any requests that appear to see their details. Look at the "Request" and "Payload" sections to see what data is being sent.

The simplest and most definitive test is to disconnect from the internet and see if the tool still works. If a website claims to process files locally, it should function without any network connection.

• Load the website while connected to the internet
• Disconnect your network (turn off Wi-Fi or unplug ethernet)
• Attempt to use the file processing feature
• If it works, the processing is genuinely local
• If it fails or shows connection errors, the tool requires server access

This test is binary and unambiguous. A tool that processes files on remote servers simply cannot function without network access. There is no way to fake local processing if the actual computation happens elsewhere.

Some websites may load initially but fail at the processing step when offline. This indicates they can display the interface locally but require server communication for the actual file operation. See Plain's verification guide for a detailed offline testing walkthrough.

While technical verification is the most reliable approach, privacy policies can provide useful context. However, they require careful reading to understand what's actually being said.

Look for specific claims
Vague statements like "we take privacy seriously" mean nothing. Look for specific, verifiable claims: "files are processed in your browser" or "data is deleted after 24 hours" are testable assertions.

Understand the scope
A policy may say "we don't sell your data" while still storing it indefinitely or sharing it with service providers. Read what is and isn't covered.

Check for contradictions
Marketing pages may claim "no uploads" while the privacy policy describes server processing for "service improvement." The legal document typically reflects the actual practice.

• Search for terms like 'upload', 'server', 'store', 'retain', 'process'
• Check data retention periods—indefinite storage is common
• Look for third-party service providers who may receive your data
• Note any language about using data for 'improving services' or 'analytics'

Plain's approach to privacy by design means there's no data to write policies about—if files never leave your device, there's no server-side data handling to disclose.

Verifying privacy claims doesn't require technical expertise—it requires observation. Browser DevTools and offline testing are accessible to anyone and provide definitive answers about how a website handles your files.

The techniques in this guide work for any website, not just file processing tools. Whenever a service claims to protect your privacy, you can verify those claims yourself using the same methods.

Trust should be earned through transparency and verifiability, not marketing language. The tools to verify are built into every browser—the question is whether you choose to use them.