Privacy Policy
We believe privacy is a right, not a feature. Here's exactly how we handle your data.
Overview
GDPR CompliantConvertHub ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our online file conversion platform at converthub.io.
We operate on a privacy-first philosophy: your files are processed transiently and deleted automatically. We never sell your data. We never store your files longer than necessary.
Data We Collect
We collect only the minimum data necessary to provide our services:
Information You Provide
- Files: Files you upload for conversion are temporarily stored during processing only.
- Email: If you subscribe to our newsletter, we store your email address.
- Contact Information: If you contact support, we store your name and email for correspondence.
Automatically Collected Data
- Usage analytics: Page views, tool usage frequency, and performance metrics (no personal identifiers).
- IP Address: Collected for security and rate-limiting purposes, not stored permanently.
- Browser information: User agent, screen resolution (for UI optimization only).
- Cookies: Session and preference cookies (see Cookies section).
File Upload & Handling
EncryptedAll files uploaded to ConvertHub are handled with the following safeguards:
- Encrypted in transit: All file uploads and downloads use TLS 1.3 encryption (HTTPS).
- Isolated processing: Each conversion job runs in an isolated container environment with no access to other users' files.
- No human access: No ConvertHub employees can view, access, or read your file contents during or after processing.
- No indexing: Your files are never indexed, analyzed for advertising, or used to train AI models without explicit consent.
- Temporary storage: Files are stored on encrypted cloud servers only for the duration of conversion + a 1-hour deletion window.
Auto File Deletion Policy
Auto DeleteWe operate a strict automatic deletion policy for all uploaded files:
| Event | Deletion Timeline |
|---|---|
| Conversion completed | Input file deleted within 5 minutes |
| Output file available | Deleted 1 hour after generation |
| Session expired / abandoned | Deleted within 1 hour |
| Server reboot | All temporary files cleared |
You can also manually delete your output file at any time using the provided delete link in the download interface.
Security Standards
Enterprise GradeWe implement industry-standard security measures:
- TLS 1.3: All data in transit is encrypted using modern TLS.
- AES-256 at rest: Temporary files are stored with AES-256 encryption.
- Container isolation: Each processing job is containerized and runs in a sandboxed environment.
- Rate limiting: API rate limiting prevents abuse and DDoS attacks.
- Dependency audits: Regular automated security scans of all dependencies.
- Penetration testing: Annual third-party penetration tests on our infrastructure.
- SOC 2 Type II compliant cloud: Our cloud infrastructure providers are SOC 2 compliant.
AI Processing Disclosure
AI PoweredConvertHub uses AI models for certain features. Here is a full disclosure:
AI Features and Data Handling
- AI Background Removal: Uses a local inference model. Files are not sent to external AI APIs.
- AI Image Enhancement: Processed on our own inference infrastructure.
- AI Auto-Captions: Speech-to-text is processed server-side. Audio is not retained after caption generation.
- AI Compression: ML-based compression algorithms run locally — no external sharing.
Third-Party Services
We use trusted third-party providers to operate our platform:
| Service | Purpose | Data Shared |
|---|---|---|
| Cloudflare | CDN, DDoS protection | IP address (anonymized) |
| AWS S3 | Temporary file storage | Encrypted file blobs |
| Vercel | Web hosting | Request logs (anonymized) |
| PostHog | Analytics | Anonymous usage events |
| Resend | Newsletter emails | Email address (newsletter subscribers only) |
All third-party providers are bound by data processing agreements (DPAs) compliant with GDPR Article 28.
Your Rights (GDPR)
GDPRIf you are in the European Economic Area (EEA), you have the following rights under GDPR:
- Right of Access: Request a copy of personal data we hold about you.
- Right to Rectification: Correct inaccurate personal data.
- Right to Erasure: Request deletion of your personal data ("right to be forgotten").
- Right to Portability: Receive your data in a machine-readable format.
- Right to Object: Object to processing based on legitimate interest.
- Right to Restrict Processing: Request restriction of processing under certain circumstances.
- Right to Withdraw Consent: Withdraw consent at any time for consent-based processing.
To exercise your rights, contact us at privacy@converthub.io. We will respond within 30 days.
Children's Privacy
ConvertHub is not directed at children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children.
If you believe we have inadvertently collected data from a child, please contact us at privacy@converthub.io and we will delete it promptly.
Contact Us
For all privacy-related inquiries, please contact our Data Protection team:
Email: privacy@converthub.io
Response time: Within 5 business days (GDPR: max 30 days)
Website: converthub.io