Most-asked questions about the tool itself, about Base64 as a format, and the privacy guarantees that come with running everything client-side. If you can't find your answer here, check the How It Works page or get in touch.
Yes. No paywall, no usage limits, no "free trial." The site runs on a static host with no per-user costs to offset.
No. There's no account, no email gate, no cookie wall. Open the page, decode or encode, leave.
No. Every Base64 operation runs in JavaScript on your device. You can verify this in your browser's Network tab — clicking Decode or Encode triggers zero outbound requests. Even the page itself is just HTML, one CSS file, and one JavaScript file.
Once the page is loaded, yes. You can disconnect from the internet and keep decoding indefinitely. The page is small enough that mobile browsers cache it aggressively.
For now, no official embed widget. The simplest workaround is to link to this page. If embedding would genuinely help you, drop us a note and we'll prioritize it.
Base64 converts any sequence of bytes into a string drawn from 64 ASCII characters — letters A–Z and a–z, digits 0–9, and the symbols + and /. The encoded form can travel through systems that only handle text safely, like email bodies, JSON payloads, URLs, and HTML attributes. Read the complete primer for the full story.
No. It's an encoding, not encryption. Anyone with the encoded string can decode it back to the original — no key, no password, nothing. Use Base64 for transport, not for secrecy. If you need secrecy, use real encryption (AES, RSA, etc.) and optionally Base64-encode the ciphertext for transmission.
Standard Base64 uses + and / as two of its alphabet characters. Both have special meaning in URLs, so URL-safe Base64 replaces + with - and / with _. JWTs, OAuth tokens, and most modern APIs use the URL-safe variant. Our decoder handles both automatically. Full explainer here.
Padding. Base64 produces output in multiples of 4 characters. When the input bytes don't divide evenly by 3, = signs are appended to pad the output. One = means one byte of padding was needed; == means two. Detailed walk-through here.
Most often it's one of three things:
= or == until the length is a multiple of 4.- or _ mixed with + or /, something upstream got confused between standard and URL-safe formats.For more debugging tactics see Common Base64 errors and how to fix them.
The most likely culprit is the wrong character set. Try UTF-8 first — that handles almost everything modern. If the source is a legacy Windows or regional system, try Windows-1252 or the matching ISO-8859 variant. If the Base64 represents a binary file (image, PDF, executable), it won't render as readable text at all.
The tool decodes the Base64 and shows the raw bytes as text, which won't be readable for binary data. To save the decoded binary as a file, copy the decoded output and pipe it through a programming language or use a file-aware tool. For data URIs in HTML/CSS (like inline images), the prefix is stripped automatically.
Cost. Re-creating a TextDecoder for an obscure encoding on every keystroke is fast on a desktop but visibly laggy on low-end Android. UTF-8 covers the overwhelming majority of real-world cases for live decoding, so it's the locked default. For non-UTF-8 input, turn off live mode and use the Decode button.
No. There's no analytics on the decoder pages that captures user content. Standard server access logs (the kind every web host keeps) record IP addresses and page URLs — but never the contents of what you decode. See our privacy page for the specifics.
Decoding a JWT or API token to inspect it is generally safer than pasting it into a server-side tool — the token never leaves your device. That said, please be aware of your own organization's policies about handling credentials, and remember: seeing the token in plain text and logging it are different things, but both can be policy-violating depending on the rules you operate under.
Last updated May 2026. Questions? Email contactus@base64decode.tools.