This site is built around one strict rule: nothing you type ever leaves your browser. That isn’t a promise — it’s a property the browser itself enforces. Here is exactly how it’s done, and how you can verify it in 60 seconds.
The architecture
Each form is a single static HTML page. No server processes any of your answers.
Your in-progress answers are saved in your browser’s localStorage — not a cookie, not a session token, not a request to us.
When you finish, you download the result as a PDF (rendered by your browser’s built-in print-to-PDF) or as a JSON file. Both go straight to your computer.
There are no third-party scripts, no analytics, no trackers, no fonts loaded from elsewhere. Even our fonts are self-hosted.
The lock: Content-Security-Policy
Every page on this site sets a strict CSP that the browser enforces:
connect-src 'none' is the key line. It tells your browser to refuse every outbound network request this page could ever attempt — fetch, XHR, WebSocket, EventSource, beacon, anything. Even if a bug or a malicious extension tried to send your data somewhere, the browser would block it. This is enforced at the browser layer, not by our code.
Verify in 60 seconds
Read the CSP. Open DevTools (F12) → Network tab → reload → click the HTML document → Headers. You’ll see Content-Security-Policy with connect-src 'none'.
Watch the network. With Network open, fill in a form, scroll, click buttons. Only the HTML, fonts, and engine files load. No third-party domains. No POSTs.
Try to cheat it. In DevTools Console, paste fetch('https://example.com'). The browser blocks it with a CSP violation message. The same rule applies to every line of JavaScript on this page.
Airplane-mode test. After a form loads, turn off Wi-Fi. Fill fields, autosave still works, download PDF and JSON still work. A page that can’t reach the network can’t exfiltrate anything.
Read the source. The whole site is plain HTML / CSS / JavaScript with zero external dependencies. Press Ctrl+U (or Cmd+Option+U) on any page to view source.
What is not hidden
The hosting provider sees that an IP visited the URL — same as any website. They cannot see what you type.
Your browser’s autofill may store data locally; that’s your browser, not this site.
When you share the downloaded file by email or upload, the security of that channel is on you.
Want to add a form?
Each form is a JSON file in the /forms/ directory of the open-source repo. A small build script renders each into its own static page. If you have a paper form you’d like to see online, browse the catalog — or fork the repo and add your own.