Security model
CaptionShift is designed as a static, local-processing application.
- File conversion occurs on the user’s device.
- No analytics, ad pixels, remote fonts, or third-party scripts are included.
- The Content Security Policy blocks fetch, XHR, WebSocket, beacon, media, frame and worker connections.
- Input size and structure limits reduce browser resource-exhaustion risk.
- Generated files are created with browser Blob downloads.
Payment isolation
Paddle checkout code is hosted on a separate checkout portal. The converter pages keep a strict policy that blocks third-party scripts, frames, and background network requests, so payment code cannot read an opened file.
No web application can promise absolute security. Users should keep browsers updated and review converted output before importing it into another system.