Flow Lens

Security & data handling
Open tool →

Summary

Flow Lens is a single HTML file that runs entirely inside the user's web browser. It has no server, no backend, and no data transmission. The CSV file you load into it never leaves your machine under any circumstances.

Short version for IT approval: Flow Lens is a local browser tool. It reads a CSV from your file system into browser memory, renders charts, and discards the data when you close the tab. No data is sent anywhere, no accounts are required, and nothing is installed.

Data handling

QuestionAnswer
Is the CSV uploaded to any server?No — read by the browser's File API into memory only
Is any data transmitted over the internet?No — CSV data never leaves the device
Is any data written to disk or browser storage?No — no localStorage, cookies, or IndexedDB writes
Is data retained after closing the tab?No — all data is discarded on tab close
Does the tool collect analytics or telemetry?No — no analytics, no usage tracking, no error reporting
Is a login or account required?No
Does it make any network requests?No — fully self-contained, works offline immediately
Can it be used offline?Yes — always, with no setup required

Network activity

Flow Lens makes zero automatic network requests. All JavaScript libraries are bundled directly inside the HTML file. Opening the tool does not contact any external server under any circumstances.

The tool is a single self-contained file. No CDN, no external dependencies, no internet connection required — ever.

Libraries bundled inside the file

The following open-source libraries are embedded directly in flow-lens.html at fixed versions:

Chart.js4.4.0Renders all charts
chartjs-adapter-date-fns3.0.0Date handling for chart axes
PapaParse5.4.1Parses the CSV file
html2canvas1.4.1Screenshot export

User-initiated links — only when clicked

The tool contains links to an online user guide and the author's website. These open in a new browser tab only when explicitly clicked by the user, and carry no data.

Risk assessment

RiskLevelNotes
Data exfiltration to a remote server None No outbound data calls exist in the code
Data persisted on the user's machine None No storage writes of any kind occur
Unauthorised access to data None No server, no shared instance, no login — data exists only in a single local browser session
Supply chain compromise via CDN None No CDN is used — libraries are bundled at fixed versions inside the file. No external code can be injected.
Installation of software None No installation required — it is a single file opened in a browser

Independent verification

Anyone with browser developer tools can verify these claims without trusting this document:

  1. Open flow-lens.html in Chrome or Edge.
  2. Open Developer Tools (F12) and go to the Network tab.
  3. Drop a CSV onto the page and interact with the charts.
  4. Confirm that no network requests are made after the initial library loads — and that no requests contain CSV data.

All application logic is plain JavaScript inside the single HTML file and is fully human-readable. The source code is publicly available at github.com/Simeon-techbss/flow-lens.