graysond.xyz is built as a static site with local browser utilities. There are no visitor accounts, no public database, and no backend service collecting tool inputs.
The interactive tools run in the visitor's browser. Prompt text, passphrase input, hashes, network ranges, and runbook notes should not be sent to third-party services unless the site clearly says so and the product intentionally changes.
Analytics is limited to page views, section navigation, outbound clicks, and tool actions. It should never include text a visitor types into a tool.
Deployment secrets, Cloudflare API tokens, account identifiers, and private configuration do not belong in the public repository or public site.
This is not a claim that any website is risk-free. It is the current operating posture: keep the attack surface small, avoid unnecessary collection, disclose the analytics boundary, and treat security as part of the release process.
For related operations context, see Technical Operations and IT Documentation.