Client-Side Architecture
No Server Processing
SplitBox runs entirely in your browser using JavaScript. There is no backend server that receives, processes, or stores your data.Zero Network Requests
After the initial page load, SplitBox makes no network requests for data processing. Your lists stay on your device.
No Analytics
SplitBox does not use analytics, tracking pixels, or any telemetry services. Your usage patterns are completely private.
How It Works
When you use SplitBox:Processing occurs locally
All parsing, validation, deduplication, and splitting happens in your browser using Web Workers for performance.
Results stay local
Output batches are generated in memory and displayed in the UI. They’re never transmitted anywhere.
The Web Worker technology used for splitting keeps the UI responsive during large operations, but the worker still runs entirely within your browser sandbox.
Data Storage
What Gets Stored
SplitBox uses minimal browser storage:| Storage Type | What’s Stored | Why |
|---|---|---|
| LocalStorage | Theme preference (splitbox-theme) | Remembers your dark/light mode choice between sessions |
| Memory (RAM) | Your input data and split results | Temporary storage while you work |
LocalStorage only contains your theme preference (“dark” or “light”). Your actual list data is never persisted to disk.
What Doesn’t Get Stored
- Input data
- Split results
- Configuration settings (batch size, mode, etc.)
- Preprocessing options (dedupe, validation)
- Any personally identifiable information
Security Guarantees
No External Dependencies for Processing
SplitBox’s core processing logic is self-contained:- Parsing: Uses native JavaScript string methods
- Splitting: Pure JavaScript algorithms
- Validation: RegExp patterns executed locally
- Export: Browser’s built-in File API and Blob construction
Safe for Sensitive Data
Because processing is 100% client-side, SplitBox is safe to use with:Personal Information
Customer emails, user IDs, or other PII can be processed without compliance concerns.
Financial Data
Transaction IDs, account numbers, or payment references stay completely private.
Internal IDs
Database keys, API tokens, or internal identifiers never leave your machine.
Confidential Lists
Proprietary data, internal codenames, or confidential references are processed locally.
Even though SplitBox is safe to use with sensitive data, always follow your organization’s data handling policies.
Technical Implementation
Open Source Transparency
SplitBox is open source, which means:- You can review the source code to verify privacy claims
- Security researchers can audit the implementation
- You can self-host if you have additional security requirements
Technology Stack
The client-side architecture uses:- React 19: UI rendering without any server-side components
- Web Workers: Background processing that runs in your browser’s isolated context
- Browser APIs: Native File, Blob, and Clipboard APIs for export/copy operations
- No CDN dependencies: All code is bundled and served from the same origin
The build process creates a static site with no dynamic server-side rendering. You can even save the page locally and use it offline.
Offline Capability
Works Without Internet
After the initial page load, SplitBox can function completely offline:- Open SplitBox while connected to the internet
- The page loads and caches resources
- Disconnect from the internet
- Continue using SplitBox normally
GDPR & Compliance
No Data Controller Issues
Because SplitBox never processes data on a server:- No data collection: There’s no personal data to handle under GDPR
- No data transfer: Data doesn’t cross borders or leave your device
- No retention policies needed: Nothing is stored beyond your browser session
- No breach risk: There’s no server to compromise
Privacy by Design
SplitBox follows privacy-by-design principles:Data Minimization
Only stores the absolute minimum (theme preference) to function.
Purpose Limitation
The only stored data (theme) is used solely for its stated purpose.
Transparency
This documentation clearly explains what happens to your data (nothing).
User Control
You control all data operations: paste, process, copy, download, clear.
Best Practices
Recommended Usage
To maintain privacy and security when using SplitBox:Use HTTPS
Always access SplitBox via HTTPS to ensure the code itself isn’t tampered with in transit.
Self-Hosting
For maximum security and control:- Clone the SplitBox repository
- Build the project locally
- Host it on your internal network or serve it as a static site
- Your data never even reaches the public internet
Self-hosting instructions are available in the SplitBox repository README. The build process creates a static
dist/ folder you can serve with any web server.Verification
How to Verify Client-Side Processing
You can verify SplitBox’s privacy claims yourself:- Open your browser’s Developer Tools (F12)
- Go to the Network tab
- Paste data and click Split
- Observe: No network requests are made during processing
You may see requests for fonts or static assets on initial load, but no requests occur during the actual splitting operation.
Inspect LocalStorage
- Open Developer Tools (F12)
- Go to Application > Storage > LocalStorage
- Find the SplitBox domain
- Verify: Only
splitbox-themeis stored with a value of “dark” or “light”
Questions About Privacy
If you have questions or concerns about how SplitBox handles data, you can:- Review the source code in the GitHub repository
- Open an issue to ask specific privacy questions
- Contribute security improvements via pull requests