The structural risk that remains in upload-based services
"Files are deleted right after processing" is a promise users cannot verify after the fact. Once data leaves your machine over the network, it has already passed through caches, logs, and infrastructure outside your control. Here's why NoSend Tools doesn't transmit user input at all.
"We delete after processing" is not the same as "never sent"
Most online file converters still work this way: you upload a file, the server processes it, and the result is sent back. Many of these services do honour their stated policy of deleting uploads after a short window. But from the user side, there is no way to verify after the fact that deletion actually happened.
Along the network path, your file may have passed through CDN caches, WAF buffers, error logs saved for debugging, reverse-proxy memory, and the operator's own access logs. The moment data is transmitted, it branches into multiple places that are out of your hands. Even when the operator is acting in good faith, the asymmetry — they can verify their own behaviour, but you cannot — is structural.
Terms of service: "may be used for quality improvement"
There is a second, subtler issue: many free services include a clause along the lines of "uploaded data may be used internally, in anonymised form, for quality improvement". By agreeing to the terms, the user has effectively granted the operator a right to use the data for purposes beyond the immediate processing request.
Confidential contracts, unreleased audio transcripts, photos with embedded GPS, production JWTs — anything where unintended secondary use would be a problem can flow into training datasets, test fixtures, or analytics through a single clause. The user has no realistic way to opt out except by not uploading.
Designs you can verify after the fact
NoSend Tools is built so that the path along which user input could be transmitted does not exist in code. WebAssembly builds of ffmpeg and pdf-lib, plus browser-native APIs such as Web Crypto and the Web Audio API, are called directly from the page and run inside the browser's memory.
"We don't send your data" written on a marketing page is different from "the code does not contain a path to send it." Open DevTools on a tool page, start the Network tab in recording mode, and you can watch the operation finish with zero outgoing requests. The whole site is on GitHub, so the implementation is auditable on its own terms.