Privacy Policy

Last updated: January 31, 2026

Introduction

At ConvertHub, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our file conversion service, including our website and API. Please read this privacy policy carefully. By using our service, you consent to the practices described in this policy.

Information We Collect

To provide our file conversion services, we collect the following types of information:

Information You Provide

  • Files you upload for conversion
  • Information about the files (name, size, format)
  • Your email address (for account creation and notifications)
  • Payment information (for paid subscriptions, processed by Stripe)
  • Account credentials and profile information

Information Collected Automatically

  • IP address and approximate location
  • Browser type and version
  • Device information and operating system
  • Usage data (pages visited, features used, conversion types)
  • Cookies and similar tracking technologies

API-Specific Data

  • API keys and authentication tokens
  • API request logs (endpoint, timestamp, response status, file metadata)
  • Rate limit and usage statistics
  • Integration metadata (user agent, request origin)

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our file conversion service
  • Process your file conversions and deliver results
  • Manage your account and subscription
  • Process payments and prevent fraud
  • Send transactional emails (conversion notifications, receipts)
  • Monitor and analyze usage patterns to improve our service
  • Enforce our Terms of Service and prevent abuse
  • Respond to your support requests
  • Comply with legal obligations

How We Handle Your Files

File Storage Period

  • Free users and guests: Your converted files are stored for 24 hours after conversion, then permanently deleted.
  • Paid users: Your files are stored until you manually delete them from your account.
  • API uploads: Follow the same retention policy based on your account type.
  • Immediate deletion: All users (including guests) can delete their converted files immediately after download using the "Delete file now" option — no need to wait for automatic deletion.
  • Failed conversions: If a conversion fails, no files are stored on our servers. Source and partial output files are discarded immediately.

We use CloudFlare R2 (a secure cloud storage service) to store your files. All uploaded and converted files are transferred and stored with encryption to help protect your data. We do not access or view the content of your files except in limited circumstances where it's necessary to provide support or troubleshoot issues at your request.

Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

  • Essential Cookies: Required for the service to function (authentication, session management).
  • Analytics Cookies: Help us understand how visitors use our website to improve the service.
  • Preference Cookies: Remember your settings and preferences.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our service.

Third-Party Services

We use the following third-party services to operate our platform:

  • CloudFlare: For content delivery, DDoS protection, and file storage (R2). CloudFlare Privacy Policy.
  • Amazon Web Services (AWS SES): For sending email notifications about your file conversions. AWS Privacy Policy.
  • Stripe: For secure payment processing. We do not store your full credit card details on our servers. Stripe Privacy Policy.

These third-party services have their own privacy policies governing how they use your information. We recommend reviewing their privacy policies to understand how they handle your data.

API Privacy Considerations

For API Users

If you use our API, please be aware of the following:

  • Request Logging: We log API requests for debugging, abuse prevention, and usage tracking. Logs include timestamps, endpoints, response codes, and file metadata (not file contents).
  • Log Retention: API request logs are retained for 90 days, then automatically deleted.
  • Your Responsibility: If you build applications using our API, you are responsible for informing your end users about data processing and obtaining any necessary consents.
  • API Key Privacy: API keys should be treated as sensitive credentials. We store API keys in hashed form after initial generation.

Privacy Considerations for File Conversion

Important File Privacy Considerations

  • Sensitive Information: We recommend not uploading files containing highly sensitive personal data (such as financial records, medical information, or governmental IDs) unless absolutely necessary.
  • File Content: Our automated systems process your files for conversion, but we do not manually review or analyze the content of your files.
  • Metadata: Be aware that files often contain metadata (like creation date, device information, or location data) that may remain in the converted file.
  • Permanent Deletion: When files are deleted from our system, they are permanently removed and cannot be recovered. Make sure to download your converted files within the applicable storage period.

Data Security

We implement appropriate security measures to protect your personal information and uploaded files:

  • Encryption during file transfer (TLS/SSL)
  • Secure storage of files at rest
  • Limited access to file storage systems
  • Hashed storage of passwords and API keys
  • Regular security audits and updates
  • Rate limiting and abuse detection

While we strive to use commercially acceptable means to protect your data, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Data Retention

We retain your information for the following periods:

  • Account Data: Retained while your account is active. When you delete your account, your personal information is permanently deleted from our servers immediately.
  • Converted Files: 24 hours (free) or until manual deletion (paid). Users can delete files immediately after download. Failed conversions do not store any files.
  • Payment Records: Retained for 7 years for tax and legal compliance.
  • API Logs: Retained for 90 days.
  • Support Correspondence: Retained for 2 years after last contact.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. Our servers and third-party service providers are located in various regions, including the European Union and the United States.

When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Your Rights

Depending on your location, you may have certain rights regarding your personal information:

For All Users

  • Right to access your personal information
  • Right to correct inaccurate information
  • Right to delete your information and account
  • Right to withdraw consent

For EEA Residents (GDPR)

  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority

For California Residents (CCPA)

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your rights

To exercise these rights, please contact us using the information in the "Contact Us" section below. We will respond to your request within 30 days.

Children's Privacy

Our service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete it.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. For significant changes, we will notify you via email or a prominent notice on our website. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Contact Us

If you have any questions or concerns about this Privacy Policy, or wish to exercise your data rights, please contact us at:

Email: [email protected]

Data Protection Inquiries: [email protected]

We aim to respond to all privacy-related inquiries within 30 days.