Skip to content

Philosophy

How we build

The engineering principles behind every Ultim8Soft product. Browser-only, privacy-first, built to last.

Privacy-first engineering

Privacy is not a feature we bolt on after shipping. It is the first question we ask about any product decision: does this require user data to leave the device? If the answer is yes, we find another way. The online tools encode, decode, hash, format, and convert everything inside the browser tab. Your input never reaches a server because there is not a server sitting between you and the result. The code that does the work arrives as static files from a CDN, executes in your browser’s JavaScript runtime, and vanishes when you close the tab. No persisted state, no background sync, no telemetry on what you typed.

This stance extends across the whole portfolio. Mobile apps in development will do their work on the device. The units converter will run inside the browser the same way the developer tools do. We do not draw a line between products and say some of them get the privacy treatment and others do not. The principle is the same everywhere: your content is yours, and we do not build infrastructure that requires us to handle it.

Browser-only architecture

Every tool on tools.ultim8soft.com is a single static HTML page with its own JavaScript module. There is no application server, no database, no API gateway, no microservice mesh, no container orchestrator. The whole surface area is a bucket of HTML and JS files served through a CDN. When you request a tool, CloudFront delivers a flat file from S3. The file has not been assembled on a server at request time because there is nothing to assemble. It was written once and published when we were ready.

This means we ship updates when we are ready, not on a deployment schedule dictated by a backend team’s release calendar. There is no staging environment that differs from production because there is no backend. A CSS tweak, a new language, a bug fix — all of them land by updating a file in a bucket and invalidating the CDN cache. The whole process takes about a minute from commit to production. That simplicity is the point: we spend our time building tools rather than operating the infrastructure that runs them.

Native Web APIs

We use what the browser already ships. The Web Crypto API handles hashing and keyed operations. The File API reads local images for QR decoding and EXIF inspection without uploading them. The Clipboard API moves text in and out of tools without hidden form submissions. IndexedDB stores user preferences like theme choice and locale — on the device, not in a cookie jar shipped to someone else’s server. Service Workers cache the static assets so the tools work offline after the first visit. Every one of these capabilities is a native browser API that removes the need for a round trip to a server.

The advantage goes beyond privacy. Browser APIs are faster than a network call because the work happens on the same machine that is displaying the result. Hashing a string with Web Crypto takes microseconds. Formatting JSON is a function call on the same thread. The tool responds instantly because there is nothing to wait for outside the browser. When we look at a problem, the first question is not which library to import — it is whether the browser already has an API for it. Most of the time it does.

The cost argument

A browser-only architecture costs nearly nothing to run when nobody is using it. Our monthly infrastructure bill for the tools site is measured in single dollars most months: S3 storage for a few hundred kilobytes of HTML and JS, CloudFront data transfer at fractions of a cent per request, and a handful of Route 53 hosted zones. There are no compute instances sitting idle between users. There is no database reserved capacity. The cost scales with actual usage because the CDN pricing model is pay-per-request, and there is no backend that needs to stay warm.

This matters because it changes what we can afford to offer. A free tool that costs a fraction of a cent per thousand requests is sustainable in a way that a free tool with a server behind it is not. There is no pressure to monetise through data collection, upsells, or subscription walls. The tools stay free because the architecture makes free affordable. We have not invented a clever business model to pay for servers — we eliminated the servers.

Longevity approach

Static HTML and vanilla JavaScript age better than framework-dependent applications. A page built with plain HTML, CSS, and the DOM APIs that have been stable for twenty years will still render in a browser from 2026 without a transpilation step, a dependency update, or a rebuild. The same cannot be said for an application that depends on a specific version of a JavaScript framework, a build toolchain, and a package ecosystem that shifts every eighteen months. We pick the technology that has already proven it lasts.

This is not nostalgia. It is a practical choice for a small team that does not want to spend its maintenance budget on keeping up with framework churn. The base64 encoder we wrote for the first version of the tools site still works without changes. The CSS variables map to the same tokens they mapped to on day one. When we add a new tool, we write it the same way as the first one because the approach has not stopped being effective. The architecture buys us the one thing a small operation needs most: the freedom to keep building instead of constantly rebuilding.