Join
1
0 Comments

I built a Login Leak Test for my privacy tool — here's how I designed it without storing user data

by Hammad (Cachify)

Hi everyone,
I’m working on Cachify, a browser-based privacy dashboard that helps users understand how exposed they are online. Yesterday, I shipped a completely new feature called Login Leak Test, and I wanted to share how I built it in a way that keeps the user’s email and password 100% private.

👉 What the Login Leak Test actually does

It doesn’t check real breaches.
It also never sends or stores the email/password.

Instead, it analyzes patterns in the user’s login details that commonly appear in leaked data:

Email guessability (name + birth year, predictable patterns, random strings)

Password predictability (length, common sequences, dictionary patterns)

Email structure risk (lots of digits, symbols, suspicious keywords)

Provider exposure (Gmail neutral, Proton low, Yahoo/Hotmail higher exposure in historical leaks)

All of this is done locally in the browser using JavaScript.

👉 Zero storage, zero logging

One requirement I forced myself to follow:

If the feature processes login details, it must never leave the user's browser.

So the entire test runs client-side, and once the results are shown, the data disappears.
No database writes, no logs, no tracking — nothing.

The only server call made is a tiny one that updates the user’s privacy score (just a number from 0–10). No sensitive data is sent.

👉 How the score works

Each of the four categories can be Low/Medium/High/Critical.
The final risk level is generated by a point system based on how many “High” indicators are found.

It feels simple, but users get a surprisingly insightful breakdown of why their login is predictable.

👉 Why I built this

Two reasons:

Privacy tools usually rely on external APIs or databases.
I wanted a feature that felt smart without needing external data.

Users love interactive tools.
This one lets them test something instantly and safely, without signup pressure.

And honestly — building something that analyzes login risk without touching the actual data was a fun challenge.

👉 What’s next

I’m planning:

A short video demonstration for social platforms

More tools that analyze privacy without requiring sensitive inputs

If anyone has thoughts on similar privacy-friendly approaches, I'd love feedback!

You can try free at: https://cachify.xyz

Thanks for reading ✨

Avatar for Hammad (Cachify) Hammad (Cachify)
on November 21, 2025
Say something nice to cachify…
Post Comment
Trending on Indie Hackers
I shipped 3 features this weekend based entirely on community feedback. Here's what I built and why. User Avatar 155 comments I'm a lawyer who launched an AI contract tool on Product Hunt today — here's what building it as a non-technical founder actually felt like User Avatar 139 comments “This contract looked normal - but could cost millions” User Avatar 53 comments 👉 The most expensive contract mistakes don’t feel risky User Avatar 39 comments I realized showing problems isn’t enough — so I built this User Avatar 32 comments The indie maker's dilemma: 2 months in, 700 downloads, and I'm stuck User Avatar 30 comments