← Plöttr

How Plöttr handles your data, in one diagram

Plöttr data flow A static-file host (e.g. GitHub Pages) sends the Plöttr HTML, CSS, and JavaScript once to your browser at page load. From then on, the trust boundary is your own computer: you drop a CSV file in or paste table cells from Excel / Sheets, Plöttr runs the analysis locally, and the resulting SVG / PNG / CSV / R-script files download to the same machine. No outbound connection ever carries your data. Two security guards sit on the data path itself: every ingested payload is scanned for hostile cells (CSV / Excel formula injection, hostile column names targeting the R-script export) and surfaced in a warning banner; every downloaded CSV / R-script is sanitised so that any leftover trigger characters stay inert when re-opened in Excel or RStudio. GitHub Pages (or any static host) page load YOUR COMPUTER — nothing inside this box ever leaves it your CSV / TSV local disk or clipboard drop or paste Plöttr parses · computes · renders entirely in your browser you download ✓ scanned ✓ sanitised SVG · PNG · CSV · R to your local disk

Your data is safe

When you drop a file in or paste table cells, the chart and the statistics are built right there, inside your browser tab. Plöttr has no servers.

No monitoring

No analytics, no cookies, no trackers. The page doesn't record what you click, what you upload, or how long you stayed.

Open to scrutiny

Plöttr is open source. The whole codebase — including this page — is on GitHub. Read it, fork it, or run a local copy.

Want zero network at all? Plöttr is a static site, so you can clone it once and serve it locally for the rest of its lifetime — every request stays on your machine:

git clone https://github.com/evompmi/plottr.git
cd plottr && python3 -m http.server  ·  then open http://localhost:8000 in any browser

Any static-file server works (Python, npx serve, nginx, …); the compiled JS is checked into tools/ so there's no build step.