<samlguy.com/>

Privacy Policy

Effective: May 2025

Everything is processed in your browser. Nothing you paste — SAML assertions, JWTs, certificates, or any other identity data — is ever transmitted to or stored on any server.

What this tool does

samlguy.com hosts a client-side identity decoder. SAML assertions, JWTs, and any other content you paste are decoded entirely within your browser. Nothing you paste is transmitted to or stored on any server.

Data we do not collect

  • The content you paste into the decoder
  • SAML assertions, JWTs, certificates, or any identity data
  • IP addresses, usage patterns, or behavioral analytics
  • Account information (there are no accounts)

OIDC discovery proxy

The planned OIDC discovery feature sends an issuer URL to a server-side proxy, which fetches the issuer's .well-known/openid-configuration endpoint on your behalf to avoid browser CORS restrictions. The proxy forwards the response and does not log or store the issuer URL or the response.

Local storage

Your light/dark theme preference is saved to localStorage in your browser. This value never leaves your device.

Hosting

This site is served via Cloudflare Pages. Cloudflare may collect standard web server logs (IP address, request path, timestamp) in accordance with their own privacy policy. samlguy.com does not have access to those logs.

Contact

Questions about this policy can be sent to samlguy@kellenmurphy.com.