I Built a Free Privacy Toolkit with Next.js - 6 Tools, Zero Data Collection

Hafiz Khurram Javid — Sat, 14 Mar 2026 19:14:08 +0000

I spent the last few months building TrustScan - a free privacy and security toolkit with 6 tools. No accounts, no tracking, no data stored. Here's what I built, the tech decisions I made, and what I learned.

What It Does

TrustScan has 6 free tools:

Privacy Policy Simplifier - paste any privacy policy URL, get an AI-powered risk report with red flags, data collection breakdown, and a downloadable PDF
Website Privacy Audit - scan any URL for HTTPS, security headers, trackers, cookie consent, and privacy policy presence
Privacy Law Checker - answer 7 questions, find out which of 30+ privacy laws apply to your business
PDF Metadata Stripper - deep scan and strip hidden metadata from PDFs, 100% client-side
AI Training Opt-Out Hub - opt-out links for 30+ AI platforms in one place
Extension Security Auditor - analyze browser extension permissions and risks to identify potential security threats

Tech Stack

Next.js 14 with App Router and TypeScript
Tailwind CSS for styling with a custom dark/light theme system
Groq API (free tier) for the Privacy Policy Simplifier AI analysis
pdf-lib for client-side PDF metadata stripping
jsPDF for generating branded PDF reports
Netlify for deployment
JSON-LD structured data on every page for SEO

Key Architecture Decision: Client-Side First

The biggest design decision was making the PDF Metadata Stripper run entirely in the browser. Most "free" PDF tools upload your file to a server, process it, and send it back. That's a privacy risk - you're trusting a random server with your sensitive documents.

With pdf-lib, the entire stripping process happens in your browser tab. Zero network requests. You can verify this yourself by opening DevTools while using the tool.

This became a genuine differentiator. Users in the privacy community immediately noticed and appreciated it.

AI Without Breaking the Bank

The Privacy Policy Simplifier needed an LLM to analyze policies. I started with Anthropic's API, then tried Google's Gemini free tier. Problem: Gemini's free tier is blocked in the EU, and I'm based in Finland.

Switched to Groq (free tier, uses Llama models). It's fast, works globally, and the free tier is generous enough for a tool like this. The prompt engineering was the real challenge - getting consistent structured JSON output (company name, risk level, data collected, third parties, etc.) took many iterations.

SEO Strategy That's Starting to Work

Every tool page has:

10-15 targeted keywords in metadata
JSON-LD structured data (WebApplication + FAQPage + BreadcrumbList)
6 FAQ items with schema markup
Open Graph and Twitter card meta tags
Canonical URLs

I also wrote 12 blog posts targeting specific keywords like "how to remove metadata from PDF," "GDPR vs CCPA," and "best privacy policy summarizers." Each post links to a relevant tool, creating internal link loops.

The comparison posts ("Best Free PDF Metadata Removers" and "Best Free Privacy Policy Summarizers") are designed to capture "best X" searches where buying intent is high.

PDF Report Generation with jsPDF

The Privacy Policy Simplifier generates downloadable branded PDF reports. Built with jsPDF:

Risk-colored header banner (green/amber/red based on score)
Structured sections for data collected, third parties, rights, red flags
Footer on every page with date, disclaimer, and branding
Auto page breaks with footer preservation

One gotcha: splitTextToSize() calculates line wraps based on the current font size. If you set the font size after calling it, your text wrapping will be wrong. Set the font before measuring.

What I'd Do Differently

Start with SEO keyword research before naming tools. I called it "Privacy Policy Simplifier" but people search for "privacy policy summarizer." Same tool, wrong keyword. Had to fix this retroactively.
Build backlinks from day one. Great content with zero domain authority means Google won't rank you. I should have started directory submissions and community engagement alongside development, not after.
Ship fewer tools, promote more. 6 tools is a lot to maintain. I could have shipped 2-3 and spent the extra time on distribution.

What's Next

More comparison blog posts for SEO
Backlink building through directories, Quora, and community engagement
Additional tools covering AI disclosure scanning and digital identity exposure

If you work with privacy policies, PDFs, browser extensions, or compliance, give it a try at trustscan.dev. Everything is free. I'd love feedback from the dev community on the tools or the tech stack.

I'm a Wazuh Cybersecurity Ambassador and experienced Full Stack developer. TrustScan is my indie project built at the intersection of web development, AI, and privacy.

DEV Community: Hafiz Khurram Javid