The Zero-Trust Architecture.
How specific design choices in WebAssembly and client-side encryption allow FyTools to process sensitive data without ever seeing it.
1The "Air Gap" Philosophy
In traditional web applications, "processing a file" means uploading it to a backend server. This creates three distinct points of failure:
- Transit Risk: Files can be intercepted during upload/download.
- Storage Risk: Files persisted on servers (even temporarily) can be leaked.
- Access Risk: Server administrators effectively have "God mode" access to your data.
The FyTools Solution
We moved the entire backend engine into your browser using WebAssembly. Once the tool loads, the connection to our server is effectively severed. Your file never leaves your device's RAM.
2Sandbox Isolation
FyTools runs inside a strict browser sandbox. It utilizes the File System Access API solely to read user-selected files and write the processed result back.
WASM memory is linear and isolated. It cannot access the DOM or cookies unless explicitly bridged, preventing XSS attacks from reading file contents.
You can verify this yourself: Open your browser's Network tab while processing a PDF. You will see zero outbound requests.
3Client-Side Encryption
For tools involving passwords (like PDF Protect/Unlock), the cryptographic operations utilize the native Web Crypto API.
This means the "key" (your password) exists only as an ephemeral variable in your browser's execution context. It is never hashed, stored, or transmitted. When you refresh the page, it is gone forever.