Privacy & Security Model of the Verifier
The BIP39 Mnemonic Verifier was built from the ground up with privacy as the top priority. Every part of its operation happens exclusively inside your web browser. No phrase, no word, not even a single character of your input is ever sent to a server, logged, or stored anywhere outside your device.
The tool is delivered as a fully static website. Once the page loads, all JavaScript, the 2048-word BIP39 list, and the validation logic are already present in your browser cache. There are no API calls, no dynamic content fetches, and no background telemetry. This static nature means the application can even function completely offline after the first visit.
When you paste a mnemonic and click Analyze All, the processing uses only standard JavaScript string and array methods. The wordlist is a fixed array embedded directly in the code. Comparisons are done with simple includes checks. No cryptographic operations occur in the basic validation flow. Even in the advanced tabs, any seed or key derivation uses only client-side Web Crypto APIs and never leaves the browser sandbox.
No Storage or Tracking
The verifier does not use cookies, local storage, session storage, or IndexedDB. Nothing is saved between page loads or sessions. Each time you visit or refresh, the tool starts fresh. There are no analytics scripts, no third-party embeds, and no fingerprinting techniques. Your IP address and browsing behavior remain invisible to the host.
Because the site is hosted on a static platform such as GitHub Pages, the server has no knowledge of individual visits beyond basic access logs that contain no personal information tied to your mnemonic usage.
Reducing Risk Through Simplicity
By keeping the feature set minimal — wordlist membership only in the primary flow — the attack surface stays extremely small. There is no complex parsing logic that could be exploited, no external dependencies that could introduce vulnerabilities, and no persistent state that could leak data. Users can audit the behavior by reading the source or watching the network tab in developer tools to confirm zero outbound requests.
This privacy model makes the verifier suitable for sensitive tasks such as checking handwritten backups or phrases from air-gapped devices. It provides peace of mind that your mnemonic remains under your sole control at all times.