Convert
Convert.FAST Current

Transform files between formats
Compress.FAST

Shrink files without losing quality
PDF.FAST Soon

Professional PDF tools
Tools.FAST

Your complete file toolkit

100

Your data, protected

Security & Privacy

Your files are your business. We built every layer of Convert.FAST to keep it that way.

Last updated: December 2025

Encryption

All connections use TLS 1.3 with perfect forward secrecy. Files are encrypted on disk using AES-256-GCM with unique per-job keys. During conversion, files are decrypted only in memory for the milliseconds-to-seconds they're being processed, then immediately re-encrypted. Decrypted data is never written to disk.

Where Your Data Lives

For standard conversions, your files are stored and processed entirely on infrastructure we own in the European Union. Files stream from your browser to our servers in Germany, encrypted with TLS 1.3.

For AI-powered features (audio transcription, and upcoming OCR/upscaling), files are sent to vetted GDPR-compliant providers. See How Your Files Are Processed below for details on our provider requirements.

Automatic Deletion

All files are automatically deleted 1 hour after conversion completes—regardless of plan tier. You can also delete files immediately after downloading. Once deleted, files are securely wiped and cannot be recovered.

What we retain (for billing and fraud prevention): job identifiers, conversion type, file sizes, processing time, and credits consumed.

What we do NOT store:

  • Filenames (only file extensions)
  • File contents or thumbnails
  • EXIF metadata extracted from images
  • IP addresses (only transient rate-limiting hashes)

How Your Files Are Processed

Standard Conversions (Images, Documents, Ebooks, Archives)

For the vast majority of conversions—image format changes, document conversions, ebook transformations, and archive operations—we process files entirely on infrastructure we own in the European Union. Your files never leave our servers. We use open-source libraries (libvips, FFmpeg, Pandoc) with no external API calls.

AI-Powered Features (Audio Transcription, Coming Soon: OCR, Upscaling)

Some advanced features use specialized AI providers to deliver quality that local processing cannot match. For these features:

  • GDPR-compliant providers only. We use providers with full Data Processing Agreements and Standard Contractual Clauses.
  • No AI training. Your files are never used to train models. Processing is solely for your requested conversion.
  • Immediate deletion. Files are deleted from provider systems immediately after processing completes.
  • Processor role. Providers act as data processors under our instructions—they cannot use your data for any other purpose.

We carefully vet all AI providers based on privacy practices, security certifications, and GDPR compliance—not just performance.

Privacy Defaults

Image metadata stripped by default. EXIF data including GPS coordinates, camera info, and timestamps are removed from converted images to protect your privacy.

Audio metadata preserved by default. ID3 tags (artist, album, title) and chapter markers are retained during audio conversion to maintain playback organization. No personal or location data is typically embedded in audio files.

No AI training. We do not train machine learning models on user-uploaded files. Your content is used solely for the conversion you requested.

No analytics on file contents. We don't scan, fingerprint, or analyze file contents for advertising or profiling.

No filename analysis. We don't log, analyze, or monetize your filenames. We have no interest in what you're converting or why.

Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access your job metadata
  • Delete your files immediately (manual delete button) or request account data deletion
  • Export your job history
  • Object to processing

To exercise your rights, email privacy@convert.fast. We respond within 30 days. See our full Privacy Policy for details.

Contact