−cookie modals, ad banners, opaque data collection
−"sign up to use this basic utility"
−uploading your JWT tokens to someone's mystery server
+runs in your browser — no network calls for core tools
+one tap from home, no signup, no dark patterns
+frontend is open source — auditable, self-hostable anywhere
// tech stack
$ cat stack.txt
# the stack
astro · static site generator, zero js by default
css · vanilla, custom-properties for theming
typescript · for catalog types and build-time logic
fonts · system ui + jetbrains mono (monospace only)
icons · tabler icons (open source, mit)
hosting · static, deployable anywhere
analytics · cloudflare web analytics # cookieless, aggregate only
# what's not here
× react / vue / svelte
× tracking pixels, retargeting, third-party ads
// changelog
$ git log --oneline
# released
v1.0.0-alpha · 2026.05 · pro billing, legal compliance, 3-way diff
+ robokassa payments, plan expiry, json → typescript
+ regex pattern library, share config, history export
+ gdpr & fz-152 privacy policies, consent checkbox
v0.19-beta · 2026.05 · 22 tools, privacy policy, SEO, open source frontend
v0.18 · 2026.05 · CI/CD, security hardening, 22 tools live
+ csv ↔ json, xml ↔ json, number base converter
+ string inspector, text diff, case normalizer
+ bcrypt, html entities, url encoder, curl converter
v0.1 · 2026.04 · initial launch — 7 core tools
# roadmap
next · color converter, yaml ↔ json, markdown → html
· lorem ipsum, qr code, word counter
later · developer plan, sql / html / css formatters
· dns lookup, cidr calculator // questions
security & privacy
Q.where exactly is my data processed?+
for all core tools (JSON, JWT, Base64, regex, hashing, etc.) — exclusively in your browser. processing runs via JavaScript and the WebCrypto API on your device. your tokens, API
keys, and log payloads physically cannot leave your tab because there is no backend for
these operations.
for Pro cloud features (batch jobs, large file processing,
REST API) data is transmitted to an isolated server, processed in memory, and immediately
discarded — never logged, never stored.
Q.any trackers, ads, or cookies?+
none. no Google Analytics, no Facebook Pixel, no retargeting scripts, no third-party
cookies. the only analytics is Cloudflare Web Analytics — cookieless, privacy-first,
aggregate only (which pages load, which country). it has zero access to anything you paste into
the tools. no cookie banner because there are no cookies to consent to.
Q.can I use whittly offline?+
once a page is loaded, yes — all core tools work without internet. self-hosting is easy:
clone the
frontend repo and serve the static files however you like. the API is proprietary and runs separately.
pro & pricing
Q.why introduce paid plans if core tools are free?+
core tools are browser-local and cost almost nothing to run. but cloud features — batch
processing, large file handling, REST API endpoints — require real server-side compute.
paid tiers exist solely to cover those infrastructure costs. not to fund ads, not to build
a data profile on you, not to create lock-in. the free tier stays complete and useful forever.
Q.what does pro actually cost?+
Pro is $6/month (390 ₽) or $49/year (2 900 ₽) (~2 months free) — available
now.
Developer is $24/month (1 990 ₽) or $199/year (14 900 ₽) — coming soon. see
the
pricing page for details.
philosophy
Q.why "whittly"?+
to whittle is to slowly shave a piece of wood with a sharp knife until you get exactly the
shape you want — nothing more, nothing less. it felt right for a project about small,
sharp tools and about whittling away the noise of most dev-tool sites: the banners, the
modals, the mystery servers, the dark patterns. cut until only the useful part remains.
Q.can I contribute a tool?+
please do. the frontend is open source — each tool is one self-contained Astro component.
open an issue on
GitHub describing what you want to add, or send a pull request directly.