Privacy Policy
Last updated: 2026-02-27
This Privacy Policy explains what information curl2code.com collects, how we use it, and your choices regarding your data. By using curl2code, you also agree to our Terms of Service.
Information We Collect
curl2code is designed with privacy in mind. All curl-to-code conversions happen entirely in your browser using WebAssembly — your curl commands and generated code are never sent to our servers unless you explicitly use the Share or AI features. We collect minimal data necessary to operate and improve the service.
Analytics Data
With your explicit consent, we use Google Analytics to collect anonymous usage analytics. This includes events such as which languages you convert to, which features you use (Smart Clean, Split View, etc.), and general interaction patterns. We do not track the content of your curl commands or generated code. Analytics data is collected only after you accept analytics cookies via our consent banner. We respect your browser's Do Not Track (DNT) setting.
Share Links
When you create a share link, we store the curl command, selected language, and generated code on our servers. Share links are publicly accessible to anyone with the URL. No personal information (such as your name, email, or IP address) is associated with a share link. Share links may have an expiration date, after which the data is deleted.
Error Monitoring
We use Sentry for error monitoring under legitimate interest to maintain service reliability. Sentry captures JavaScript errors and performance data in production only. Sensitive data (such as API keys in AI proxy requests) is automatically redacted before being sent to Sentry. Error data is sampled at a low rate (10%) and does not include the content of your curl commands or generated code.
Rate Limiting
To prevent abuse of our API endpoints (AI proxy, share link creation), we temporarily store your IP address in Redis for rate limiting purposes. This data is automatically deleted after the rate limit window expires (60 seconds). IP addresses are not logged permanently or used for any other purpose.
Cookies
We use one essential cookie: cc_consent — stores your cookie consent preferences (which categories you accepted or rejected). This cookie is necessary for the website to function properly and lasts for one year. Analytics cookies are only set after you explicitly consent via our cookie banner. You can change your cookie preferences at any time through the "Cookie Settings" link in the footer.
Local Storage
We use your browser's local storage to save your preferences, including your selected theme (light/dark), language preferences, recent language selections, Smart Clean options, and AI provider settings (including your API keys). This data never leaves your browser and is not accessible to us or any third party. You can clear local storage at any time through your browser settings.
AI Features (Bring Your Own Key)
curl2code offers optional AI features (Explain and Reverse) that require you to provide your own API key from a supported provider (OpenRouter, OpenAI, Anthropic, or Google AI). Your API key is stored only in your browser's local storage and is sent to our server solely to proxy the request to your chosen AI provider. We never log, store, or retain your API key on our servers. When you use AI features, the content of your curl command or code is sent through our proxy to the AI provider you selected. Please review the privacy policy of your chosen AI provider, as their terms apply to the data they process.
Third-Party Services
We use the following third-party services: Sentry — error monitoring (legitimate interest); OpenRouter, OpenAI, Anthropic, Google AI — AI features, only when you explicitly use them with your own API key. Our database (PostgreSQL) and cache (Redis) are self-hosted and not shared with third parties.
Data Retention
Share links are stored until their expiration date, or indefinitely if no expiration is set. Analytics data is processed in accordance with Google Analytics data retention policies. Rate limiting data in Redis is automatically deleted after 60 seconds. Error logs in Sentry are retained for 90 days. Local storage data persists in your browser until you clear it.
Your Rights
Under the General Data Protection Regulation (GDPR) and similar privacy laws, you have the right to: access the personal data we hold about you; request rectification of inaccurate data; request erasure of your data; restrict or object to processing of your data; data portability; and withdraw your consent at any time. Since curl2code does not require user accounts and collects minimal data, most of your data is already under your control (browser local storage, cookie preferences). To exercise any of these rights or if you have questions, please contact us.
Children's Privacy
curl2code is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically to stay informed about how we protect your information.
Contact
If you have any questions about this Privacy Policy or wish to exercise your data rights, please reach out via email at georgiy.khudobandaev@gmail.com or via Telegram at @Georgiy_H.