Skip to content

Josh Labs · EDI Core

EDI Labs Data Handling

Effective April 17, 2026 · legal@josh.one

EDI payloads never leave your browser.

All parsing is performed by a WebAssembly module running locally in your browser tab. No EDI payload data (not a single segment, element, or character) is transmitted to Josh servers or any third party.

How parsing works

The EDI Core playground uses a parser compiled to WebAssembly (WASM). The WASM module is downloaded once when you first visit the page and runs inside your browser’s sandboxed JavaScript runtime. When you paste or load an EDI payload:

  1. The text is passed from the browser editor to the WASM parser, entirely in memory on your device.
  2. The parser produces structured output (segment tree, element values, diagnostics), also in memory.
  3. Results are displayed in the playground interface. No network request is made.

You can verify this in your browser’s DevTools Network panel: no requests containing EDI content are sent after the initial page load.

What we collect from playground usage

We collect nothing about the content of EDI payloads you process. We do not:

  • Log the text you paste or load.
  • Capture parsing results.
  • Record which sample files you open.
  • Correlate your EDI activity to any identity.

Standard infrastructure-level data (IP addresses, request timestamps, URLs) is processed by Cloudflare as described in the Privacy Policy §2.3. This does not include EDI payload content.

Policy acknowledgement

When you first open the playground, you are shown a brief policy acknowledgement gate. Your acceptance is stored in your browser’s localStorage under the key edi-policy-accepted. This stores only a boolean and a timestamp. No personal data. Clearing your browser storage resets the acknowledgement.

Browser storage

The playground may use localStorage to preserve your last-edited EDI content across page reloads (convenience feature). This data stays in your browser. Clearing site data in your browser removes it permanently.

Implications for regulated data

Because EDI payloads are processed entirely client-side, the playground does not constitute a “transmission” to Josh, LLC for purposes of HIPAA or other data protection laws. However:

  • Your device and browser are part of your own environment. You are responsible for the security of your device.
  • If you process real PHI on a device that is not under your organization’s security controls, that is a compliance matter for your organization to address.
  • The absence of server transmission does not make the playground HIPAA-compliant tooling. See the EDI Labs Terms of Use for the full disclaimer.

Questions

Privacy questions: legal@josh.one
Product questions: hello@josh.one

EDI Terms of Use → Privacy Policy → Legal Hub →