Overview
JWT Debugger is designed as a client-side tool for decoding, verifying, and generating JSON Web Tokens. Token processing is intended to happen in your browser, not on an application server operated by this tool.
Privacy and disclaimer
Privacy Policy
Last updated: May 13, 2026
Information You Enter
Tokens, secrets, public keys, private keys, and JSON payloads entered into the tool are processed locally in your browser. The static app does not intentionally transmit this input to a backend service for decoding, validation, signing, or verification.
Information We Do Not Intentionally Collect
This tool does not intentionally collect account information, authentication tokens, secrets, private keys, or decoded JWT payloads. Do not paste production secrets or sensitive personal data unless you understand and accept the risks of using a browser-based utility.
Local Storage and Browser Features
The site may store simple preferences, such as the selected light or dark theme, in your browser local storage. Clipboard actions only run when you click copy-related controls and depend on your browser permissions.
Hosting, Logs, and Third Parties
If this site is hosted by a third-party provider, that provider may collect standard technical logs such as IP address, user agent, requested URL, timestamps, and error information. External links, including LinkedIn and RFC references, are governed by their own privacy policies.
Work in Progress and Accuracy
JWT Debugger is a work in progress. Outputs may be incomplete, invalid, inaccurate, or unsupported in some cases, including unusual algorithms, malformed tokens, browser API differences, invalid keys, or edge cases in JWT/JWS handling. Always independently verify results before relying on them in production, security, legal, or compliance decisions.
No Warranty
The tool is provided as-is and as-available, without warranties of any kind. You are responsible for how you use the tool, the data you enter, and any decisions you make based on its output.
Security
Client-side processing can reduce server-side exposure, but it does not eliminate browser, device, extension, clipboard, network, or hosting risks. Use test tokens where possible and avoid entering highly sensitive production secrets.
Children's Privacy
This tool is intended for developers and technical users. It is not directed to children and does not knowingly collect personal information from children.
Changes
This policy may be updated as the tool evolves. Continued use after an update means you accept the revised policy.
Contact
For questions, connect with Ayush Kushwaha on LinkedIn.