Last updated: March 2024

Privacy Policy

We take your privacy seriously. Here's exactly how we handle your data.

Table of Contents
  1. Data We Collect
  2. How We Use Your Data
  3. File Handling & Deletion
  4. Cookies
  5. Third-Party Services
  6. Your Rights (GDPR)
  7. Security
  8. Contact

1. Data We Collect

Account Data (registered users only)

When you create an account we collect: your name, email address, and hashed password. We never store plain-text passwords. If you sign in with Google or GitHub, we receive your name and email from that provider.

Usage Data

We collect anonymous usage statistics (conversion counts, tool used, input/output formats, file sizes). These are never linked to your identity on the free plan.

Technical Data

IP address (for rate limiting and fraud prevention), browser user agent, and basic log data kept for 30 days.

2. How We Use Your Data

  • To provide and improve the conversion service
  • To send transactional emails (verification, password reset, conversion complete)
  • To enforce rate limits and prevent abuse
  • To display your conversion history (registered users)
  • To send product updates (only with explicit consent, opt-out anytime)

We never: sell your data, use it for advertising, or share it with third parties except as described below.

3. File Handling & Deletion

Your uploaded files are automatically deleted from our servers within 2 hours of conversion.

Files are stored temporarily in encrypted storage during processing. No human ever views your files. Output files follow the same 2-hour deletion schedule. We do not train AI models on your file content.

4. Cookies

We use:

  • Session cookie: Keeps you logged in (essential, expires on browser close or 30 days)
  • CSRF token: Security cookie for form protection (essential)
  • Analytics cookie: Anonymous usage tracking (can be declined)

We do not use advertising or tracking cookies from third parties.

5. Third-Party Services

  • Mailtrap / SMTP provider: For sending transactional emails
  • Google OAuth / GitHub OAuth: Optional social sign-in (if you choose to use it)
  • Remove.bg: Only if you use the AI Background Remover tool (file sent to their API)

6. Your Rights (GDPR & CCPA)

You have the right to:

  • Access: Request a copy of data we hold about you
  • Correction: Update incorrect personal data
  • Deletion: Delete your account and all associated data
  • Portability: Export your conversion history as JSON/CSV
  • Objection: Opt out of any non-essential data processing

To exercise these rights, email [email protected].

7. Security

All data is transmitted via TLS 1.3. Passwords are hashed with bcrypt. Our infrastructure uses encrypted storage, regular security audits, and follows OWASP guidelines. We run a responsible disclosure program — report security issues to [email protected].

8. Contact

For privacy questions or requests: [email protected]

We will respond to all requests within 30 days.