We built eight tools nobody asked for, then realised that's exactly the point.
BitMods has quietly shipped a small collection of developer and privacy utilities, all living under one Tools dropdown in the nav, all running entirely in your browser, none of them touching our database. If that sentence sounds like marketing copy, it isn't. There is no database row being written when you use these. There is no analytics event firing when you click Generate. We genuinely do not know and do not want to know what you do with them.
Why bother when this stuff already exists
Because most of it already exists badly. Search for a JSON formatter and you will find seventeen identical sites buried under autoplay ads, cookie banners, and a popup asking you to sign up before you can copy your own output. Search for a password generator and you will find a similar wasteland, except now you are trusting a stranger's server with the thing you are about to use to protect your accounts. That should bother you more than it apparently bothers most of the internet.
The pitch here is simple. Your input never leaves your machine. The tool runs in your browser using the Web Crypto API and native JavaScript, you close the tab, and it is gone. No accounts, no email capture, no "create a free account to save your history." That is the whole product.
What we actually built
Encrypt and Decrypt
The Encrypt / Decrypt tool does AES-GCM-256 encryption, fully client-side, using the browser's native crypto.subtle API rather than some hand-rolled cipher that looks clever and isn't. Generate a key, encrypt your text, share the ciphertext, and only someone with the same key can read it back. The key lives in your browser's local storage and never touches our server. We physically cannot see what you encrypt, because the encryption happens before anything would be sent anywhere, and nothing is sent anywhere.
Worth knowing: if you clear your browser storage, the key is gone for good. There is no recovery, no support ticket that gets your data back, because there is nothing on our end to recover from. That is a feature, not an oversight, but it does mean you should treat the key like the only copy of a thing you care about, because it is.
Password Generator
The Password Generator produces genuinely random passwords from 12 to 24 characters, built from whichever character sets you toggle on. It uses crypto.getRandomValues() rather than Math.random(), which matters more than it sounds like it should. Math.random() is not cryptographically secure and was never designed to be. A meaningful number of "secure" password generators floating around the web still use it, which is a small act of quiet negligence dressed up as convenience.
AI Content Checker
The AI Content Checker scores pasted text on how likely it is to have been written by a language model, based on seven weighted heuristics including em-dash frequency, a vocabulary list of words AI models overuse, sentence length uniformity, and a few other tells. We will be upfront about its limits because we'd rather be honest than impressive: it is heuristic, not a trained classifier, and academic or formal writing will sometimes trip it for the same reasons AI text does, because both can be stiff and over-structured. Treat the score as a conversation starter, not a verdict. We built it because the question "did a human actually write this" has become a genuinely interesting one to ask in 2026, not because we think we've solved detection. Nobody has.
JSON Formatter, Regex Tester, and Markdown Previewer
Three tools that exist because developers need them roughly weekly and the alternatives are uniformly mediocre. The JSON Formatter pretty-prints or minifies on demand and tells you exactly where your JSON broke instead of a vague "invalid input" shrug. The Regex Tester highlights matches live as you type, shows capture groups, and does not crash the page when you inevitably write a regex that is technically valid and semantically a war crime. The Markdown Previewer renders your Markdown into HTML side by side as you write, using a small dependency-free parser rather than pulling in some bloated third-party library you'd never audit.
Hash Generator
The Hash Generator computes MD5, SHA-1, SHA-256, and SHA-512 simultaneously from typed text or a dropped file. SHA-1, 256, and 512 use the browser's native SubtleCrypto digest function. MD5 does not exist in SubtleCrypto, deliberately, because MD5 has been cryptographically broken for years and browser vendors correctly refuse to make it convenient. We still included it because plenty of legacy systems and checksum verification still expect MD5, and pretending it doesn't exist doesn't make it go away. We just won't pretend it's secure.
Token Counter
The Token Counter gives you a live character, word, and estimated token count for anything you paste, useful for anyone wrangling prompts for an LLM and trying not to blow past a context window. The estimate uses the rough chars-divided-by-four approximation common to GPT-family tokenisers. It is explicitly labelled as an estimate, because every model family tokenises differently and anyone claiming exact cross-model token counts without loading the actual tokeniser is rounding aggressively and hoping you don't notice.
What's still missing, and what's coming
We are not pretending this list is finished. A Base64 encoder, a JWT decoder, a UNIX timestamp converter, and a few other genuinely useful utilities are already on the roadmap. If there's a developer or privacy tool you reach for constantly and you're tired of trusting a random ad-laden website with it, tell us. There's a decent chance we'll build it, because apparently that's just what we do now.
The actual point
None of these tools are individually revolutionary. A regex tester is a regex tester. What's different is that we built them because we wanted to use them ourselves, we built them to not collect anything, and we put them all in one place instead of scattering them across nine different sketchy domains each demanding their own cookie consent. If that sounds like a low bar, look at how few sites actually clear it.