Last updated:
Privacy Policy
This policy explains what Utilio receives, what stays in your browser, when a tool may need a network request, and how you can contact us about privacy rights.
Summary
Local tools
For local tools, files, pasted text, and results are processed in your browser and are not uploaded to Utilio servers.
Network tools
DNS Lookup is a network tool: the domain and DNS record type are sent to Cloudflare DNS over HTTPS to return DNS records.
No accounts or payments
Utilio works without accounts, payments, public user hosting, or server processing queues for user files.
Analytics opt-out
Analytics is on by default for reliability and demand measurement, and stays off when Global Privacy Control, Do Not Track, or the local opt-out is present.
Analytics preference
EnabledAnalytics is enabled on this browser.
This setting is stored locally in your browser. If analytics is disabled, or if the browser sends a privacy opt-out signal, Utilio does not send analytics events from this device.
Basics
1. Operator, scope, and contacts
This policy applies to the public pages, tools, and contact channels on utilio.to, including the English and Russian versions of the site.
For GDPR, UK GDPR, CCPA/CPRA, Russian Federal Law No. 152-FZ On Personal Data, and similar rules, the operator or controller is the published Utilio service operator below. That operator determines the purposes and means of processing for utilio.to.
- Service operator/controller: Utilio.
- Public service domain: https://utilio.to.
- Privacy requests: privacy@utilio.to.
- Legal notices and official correspondence: legal@utilio.to.
2. What user data means here
Personal data means information that identifies, relates to, describes, or can reasonably be linked to an identified or identifiable person. Different laws use terms such as personal data, personal information, sensitive personal information, or special categories of data; this policy uses a general term, while specific rights apply only where the relevant law applies.
Tool data means the files, images, documents, text, domains, URLs, passwords, keys, parameters, values, and results that a user selects, pastes, uploads, or generates inside a tool.
3. How tools work in the browser
Tools that run locally perform the core operation in the browser using browser features, JavaScript, WebAssembly, and browser memory. In this model, Utilio does not receive the source file, pasted text, or tool result on its servers.
DNS Lookup uses a network request to Cloudflare DNS over HTTPS. The browser sends Cloudflare the domain name and DNS record type; local file content is not involved in that tool.
When analytics has not been disabled, product analytics sends only technical tool events to the Utilio API: category, tool id, locale, runtime type, event type, analytics permission state, size ranges, input counters, and technical identifiers for related tool or FAQ links. File contents, unprocessed text, passwords, keys, tokens, and tool results are not allowed in analytics events.
Local processing does not protect against risks on your own device. Your operating system, browser, extensions, device sync, enterprise monitoring, malware, or a shared computer may access data. Do not handle confidential documents on an untrusted or shared device.
4. Accounts, payments, server files, and third-party requests
Utilio does not create user accounts, take payments, issue API keys, host user content publicly, or accept user files into server processing queues.
The Utilio server receives technical website requests, health/API requests, and product analytics events when analytics has not been disabled in the browser. Server logs may contain IP address, user agent, URL, request time, response status, and security information.
Third-party network requests include Cloudflare DNS over HTTPS for DNS Lookup. Google Analytics and Yandex Metrica load when the corresponding production counter is configured and analytics has not been disabled in the browser.
Data and purposes
5. Categories of data that may be processed
Utilio minimizes data and separates local tool data, technical network data, analytics with opt-out controls, and voluntary communications.
- Request and security data: IP address, user agent, URL, referrer, language, request time, response status, technical errors, rate-limit events, and protection logs.
- Tool data: category, tool id, locale, event type, technical counters such as file count or event size, and technical identifiers for related tool or FAQ links. File contents, unprocessed text, passwords, keys, tokens, and secrets are not stored in product analytics.
- Local preferences: interface theme in localStorage and analytics preference in localStorage.
- Contact data: email, name, organization, role, request subject, attachments, and message text if you voluntarily contact support, privacy, legal, security, or business channels.
- DNS Lookup data: domain name, DNS record type, and DNS over HTTPS response returned by Cloudflare.
- Local tool data: files, images, documents, text, generation parameters, and results that remain in the browser and do not become Utilio server user files.
6. Purposes
Utilio processes data only for limited, understandable purposes connected to operating the service.
- Providing the selected tool, displaying the result, and performing the user request.
- Security, rate limiting, and protection against spam, DDoS, malware, credential abuse, scraping, Terms violations, and unauthorized access.
- Diagnostics, bug fixing, reliability measurement, infrastructure planning, and understanding tool demand.
- Responding to support requests, privacy requests, copyright notices, abuse reports, security reports, and official requests.
- Complying with applicable law, protecting the rights of Utilio, users, and third parties, and preserving evidence in a dispute.
7. Legal bases for EU/EEA/UK and similar regimes
Where GDPR, UK GDPR, or similar rules apply, Utilio uses these legal bases: performance of the user's request or contract for site operation and the selected tool; legitimate interests for security logs, rate limiting, abuse prevention, diagnostics, rights protection, and minimal operational statistics; legitimate interests or consent where required for analytics; legal obligation and legitimate interests for legal notices, request responses, claims, and evidence preservation.
You can disable analytics on this page. Disabling analytics does not make earlier processing unlawful.
8. Analytics, cookies, localStorage, and privacy signals
Utilio enables analytics by default to measure site reliability and tool demand. An opt-out is stored in localStorage under utilio-analytics-consent with the value 0.
The interface theme is stored locally under utilio-theme. These local values support user-selected settings and are not used for data sales.
When analytics has not been disabled, Utilio may send minimal tool-use events to the Utilio API and load external Google Analytics or Yandex Metrica scripts when the matching counters are configured in production. Webvisor is disabled in Utilio's Yandex Metrica configuration.
Global Privacy Control, Do Not Track, and compatible opt-out signals disable analytics in the browser. Utilio does not sell personal information, share it for cross-context behavioral advertising, or use tool data for advertising.
Rights and retention
9. Sensitive data, secrets, and rights in data
Utilio is not designed for special categories of personal data, medical data, government identifiers, financial secrets, passwords, private keys, access tokens, production credentials, children's data, or data you are not allowed to process.
You are responsible for having the right to use the files, URLs, domains, images, documents, text, and parameters you process through Utilio. If the data belongs to an employer, client, child, patient, public body, or third party, confirm that you have a lawful basis and permission.
10. Recipients, processors, and international transfers
Utilio uses infrastructure and service providers to operate the site: hosting, CDN/DNS, email infrastructure, the database for analytics with opt-out controls, Redis/rate limiting, object storage for infrastructure, monitoring, code repositories, anti-spam, Cloudflare DNS over HTTPS for DNS Lookup, and analytics providers when analytics has not been disabled in the browser.
Processors receive only the data needed for their function and do not receive a right to use it for their own purposes outside contract, their mandatory terms, or law.
Where data moves between countries, Utilio uses available contractual, technical, and organizational safeguards, including access limits, data minimization, and processor obligations. For EU/EEA/UK users, this may include standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms supported by the relevant law.
11. Retention and deletion
Local tool data is not stored by Utilio as user files. Closing the tab, resetting the tool, or clearing browser data removes local temporary values according to browser and device behavior. Results you download remain with you.
Usage analytics is stored as technical tool-use statistics and does not contain file contents or unprocessed text. Technical logs, security events, and product telemetry are kept only as long as needed for security, diagnostics, aggregated statistics, abuse prevention, and legal protection.
Contact correspondence is kept while handling the request and for a reasonable period afterwards to prove response, protect rights, comply with law, and handle repeat requests.
When data is no longer needed for the stated purposes and no legal basis requires longer retention, Utilio deletes, de-identifies, or aggregates it.
12. Your rights in the EU/EEA/UK, Switzerland, and similar regimes
Where applicable law gives you these rights, you may request access, a copy, correction, deletion, restriction, portability, objection, withdrawal of consent, and information about data recipients. Contact privacy@utilio.to.
We may ask you to verify your identity or the connection between your request and a specific email, message, anonymous identifier, or other context. If GDPR applies, the ordinary response period is one month unless law permits or requires a different period. You may also complain to a competent data protection supervisory authority.
13. United States privacy rights
For California residents and users in other U.S. states with privacy laws, rights include access/know, correction, deletion, portability, opt-out of sale or sharing, limits on sensitive personal information use, and non-discrimination for exercising rights within the applicable law. Utilio does not sell personal information, does not share it for cross-context behavioral advertising, and does not use sensitive personal information to infer user characteristics.
Submit requests to privacy@utilio.to. Utilio verifies the user's identity or authorized-agent authority before disclosing, correcting, or deleting data so that information is not sent to the wrong person.
14. Russian users and Federal Law 152-FZ
Where Russian Federal Law No. 152-FZ On Personal Data applies, Utilio defines processing purposes in advance, limits the personal data set to what is necessary, applies protection measures, does not disclose personal data to third parties without a lawful ground, and handles data subject requests under the applicable statutory procedure.
Utilio tools with browser processing do not create a server database of user files. When a user contacts Utilio channels, the user voluntarily sends email, message text, and attachments; those data are processed to respond, maintain security, protect rights, and comply with applicable requirements.
Security and changes
15. Children
Utilio is not intended for children under 13 and is not directed to children. If your country requires a higher digital consent age, use Utilio only with consent from a parent or legal guardian, or do not use the service.
If you believe a child sent personal data to Utilio, contact privacy@utilio.to, and we will review the request.
16. Security
Utilio uses reasonable technical and organizational measures, including HTTPS on the public domain, access limits, schema validation, rate limiting, separation of local and server processing, and data minimization. No internet service can guarantee absolute security.
Report security vulnerabilities to security@utilio.to. Do not access anyone else's data, harm service availability, or publish details before we respond.
17. Automated decisions and model training
In the current version, Utilio does not make decisions that have legal or similarly significant effects on users based solely on automated processing.
Utilio does not include AI tools and does not use user files, pasted text, or results to train AI models.
18. Changes to this policy
We may update this policy when tools, infrastructure, analytics settings, contacts, legal requirements, or the operating model change. The new version applies when published on utilio.to unless it states a later effective date.
For ordinary questions, contact support@utilio.to; for privacy requests, use privacy@utilio.to; for official legal matters, use legal@utilio.to.

