If you discover a security vulnerability in JsonExport, please report it responsibly:
- Email: Open a security advisory on GitHub
- Response Time: We aim to respond within 48 hours
- Disclosure: We will work with you to address the issue before public disclosure
JsonExport is designed with privacy and security as core principles:
- No Server Upload: All JSON parsing and conversion happens entirely in your browser
- Zero Network Calls: Your data never leaves your machine during conversion
- No Backend: There is no server storing or processing your data
- No Tracking: We don't collect, store, or transmit any user data
- No Analytics on Conversion: Your JSON content is never logged or analyzed
- Local Storage Only: Any temporary data is stored only in your browser's memory
- Open Source: Full transparency - review our code on GitHub
- Dependency Audits: Regular npm audit checks for vulnerable dependencies
- Static Export: Application is deployed as static HTML/JS/CSS files
We support the latest deployed version on jsonexport.com.
- Use HTTPS: Always access JsonExport via HTTPS (https://jsonexport.com)
- Keep Browsers Updated: Use the latest version of modern browsers for security patches
- Verify Source: Only use the official domain or clone from our official GitHub repository
- Content Security Policy (CSP): Strict CSP headers to prevent XSS attacks
- Subresource Integrity (SRI): Ensuring loaded resources haven't been tampered with
- HTTPS-Only: All connections are encrypted
Last Updated: January 2026