Trust and safety
Clear processing boundaries before you run a tool.
BoringKit is a private utility workspace for files, text, URLs, jobs, credits, and API automation. The product should tell you whether work stays in the browser, uses a guarded server request, or enters a queued worker path before sensitive input leaves the tab.
Browser-side when practical
Light text, data, image, PDF, developer, business, and privacy utilities stay in the browser when the tool supports it.
Uploads are explicit
Worker and API jobs ask for upload only after the job is accepted and the page shows the tool path.
Temporary by default
Server input and output are handled as temporary job artifacts, with expiry and download intent details shown in the product.
Scoped API keys
API access belongs to signed-in accounts and should use separate keys for production, CI, and local testing.
Local vs worker processing
Tool pages and API docs use the same model so a browser action does not masquerade as an API job and a worker upload is not hidden inside a local tool.
Browser-side tools
Input stays in the tab for supported local tools.
Use for sensitive small text, CSV, checksum, image, or browser-capable PDF work.
Guarded server requests
Public URL checks use a protected fetch path with unsafe URL rejection.
Use for metadata and Open Graph checks on pages you are allowed to inspect.
Worker jobs
Files upload to private temporary storage for queued document, media, batch, or API-capable processing.
Use for large files, video/audio, document engines, retained output, and automation.
Private workspace
Signed-in history stores job records, output metadata, credit entries, and expiry state under your account.
Use when you need traceable runs, API keys, billing context, or support follow-up.
Private workspace positioning
Workspace history is account-scoped and meant for your jobs, credits, output metadata, API keys, billing context, and support recovery. It is not public publishing, shared hosting, or permanent file storage.
File expiry honesty
Download URLs are temporary. Job rows can be closed where supported, but audit, billing, security, and support records may remain when the service needs them.
Provider-agnostic operations
Payment, AI, storage, email, analytics, and processing providers can change by environment. Public copy describes the behavior BoringKit owes you, not a permanent vendor promise.
Trust checks before using a tool
Tool path
Confirm whether the page says in-browser, guarded server check, API job, or worker job.
Input limits
Check accepted file types, size limits, URL rules, page counts, duration, and unsupported formats.
Output window
Download or copy the result before temporary output, workspace history, or download intent expires.
Support context
Keep the tool name, job ID, account email, and non-sensitive failure details for support follow-up.
Risky tool disclosures
BoringKit should be useful without overstating security. These categories must show honest limitations on the relevant tool pages and in support/docs copy.
Redaction tools
Use true content removal where supported. A visible box is not enough if hidden text remains searchable or copyable.
Protect or unlock PDF
Password and permission behavior depends on source permissions, supported encryption, and whether you are authorized to modify the file.
PII and secret scanners
Detection is pattern-based and can miss context. Treat the result as triage, not a legal, compliance, or incident-response guarantee.
Safe URL checks
BoringKit can inspect risk signals and block unsafe fetch targets, but it cannot guarantee a destination is harmless.
Metadata removal
Common metadata can be removed, but later apps, exports, screenshots, or document systems can add new metadata.
Common trust questions
Does BoringKit upload every file?
No. Browser-side tools should keep supported input in the tab. Worker and API jobs upload only when the product shows an explicit upload or job path.
Are BoringKit download links permanent?
No. Worker output links are temporary download intents. Move completed output to your own storage before the displayed expiry window ends.
Can I use BoringKit for company data?
Only when you are authorized and the tool path, file expiry window, account policy, and any company or legal requirements allow it.
Operational notes
BoringKit API and auth routes use the public API origin at https://api.arconath.com/boringkit/v1. That origin is an infrastructure address, not BoringKit marketing copy.
For billing, privacy, account, security, or job-output questions, contact support with the account email, tool name, job ID, and the shortest safe description of the issue.