Security & Privacy

When you upload a file to any Nanoscope tool, it is read and processed entirely inside your browser using JavaScript running on your own device. No file content is ever transmitted to our servers — not during upload, not during processing, and not when you download the result.

This is not a policy choice — it is a technical constraint built into how the tools work. There is no server receiving your CSV, no database storing your transactions, and no background job processing your data. The computation happens locally, in the same way a desktop application would.

The only server call a Nanoscope tool makes is to initiate a payment checkout. When you click “Export”, your browser is redirected to Polar’s hosted payment page. Polar is the payment processor we use; they handle card details and PCI compliance. We receive a confirmation token when payment succeeds.

At no point during the payment flow does any file content, row data, or column values leave your browser. The checkout request contains only: a product identifier (which tool you are paying for) and metadata needed to restore your session after payment (a size count and a checksum of your file, not the file itself).

File contents

Never transmitted. Not to Nanoscope, not to Polar.

Payment details

Handled by Polar on their own page. Never seen by Nanoscope.

Email address

Only if Polar asks for a receipt address — this goes to Polar, not to Nanoscope.

IP address

Our hosting provider logs standard web server access logs, which include IP addresses. No file content is associated with these logs.

After you upload a file and complete the mapping step, your processed results are held in your browser’s sessionStorage. This is a temporary storage area that:

• Exists only for the current browser tab
• Is automatically cleared when you close the tab
• Is never shared between tabs or windows
• Is stored on your device only, not on any server

The session is used to restore your place after the payment redirect — so you arrive back at the download step without having to re-upload your file. The data in sessionStorage is cleared as soon as you download your file or navigate away from the tool.

Nanoscope Tools requires no account creation. There is no login, no profile, and no stored history of your uploads or purchases. Each session is independent.

We do not use analytics cookies or cross-site tracking. Standard server access logs (IP address, timestamp, URL requested) are retained for security and abuse monitoring purposes only.

Because Nanoscope tools process data entirely in the browser with no server transmission of file content, they are technically compatible with use cases involving sensitive data. However:

• Nanoscope Tools has not entered into a Business Associate Agreement (BAA) and does not represent itself as a HIPAA-covered service
• We make no guarantees about the security of your local device or browser environment
• Use of any web application for handling PHI is subject to your organisation’s own compliance requirements

If your compliance requirements prohibit processing sensitive data in any browser-based tool, this applies here too. Consult your compliance officer.

Nanoscope Tools uses the following third-party services:

Polar

Payment processing. Receives product selection and billing details. Never receives file content.

Vercel

Hosting and CDN. Serves the application files. Receives standard HTTP request metadata (URL, IP, user agent). No file content.

Google Fonts

Font loading (DM Sans, JetBrains Mono). Standard font delivery; no user data involved.

If you have a question about how a specific tool handles your data, the source code for all processing logic is available for review. The core transforms are in lib/core/ and the tool components are in components/tool-apps/.