🔒 Security & Privacy

Your files never leave your device

Convertlo is built on a simple principle: the safest way to handle sensitive files is to never touch them at all. Every conversion runs locally inside your browser using JavaScript. There is no server, no upload, and no data retention — because there is nothing to retain.

🚫

Zero uploads

Your files are read from disk into your browser's memory using the File API. They are processed locally and deleted from memory when you close the tab. Nothing is transmitted over the network.

🖥️

Local processing only

The converter engines (Canvas API, Web Audio API, FFmpeg.wasm) run as JavaScript in your browser. They have no ability to send data to external servers — they can only read and write to your device's memory.

🔑

No account required

There is no login, no registration, and no email required. We have no way to associate a conversion with a person, because we do not know who is converting anything.

📴

Works offline

After your first visit, Convertlo installs as a Progressive Web App and caches itself. Image, audio, and document conversions work with no internet connection at all — proving no network access is needed.

🗑️

No retention

We have no servers storing your files because we have no servers receiving your files. There is nothing to retain, nothing to breach, and nothing to subpoena.

✅

Verifiable

You can verify this yourself: open your browser's network tab (F12 → Network) during a conversion. You will see zero file upload requests. The source code is straightforward HTML and JavaScript.

What data do we collect?

Your files

Never collected. Processed locally and released from memory when done.

File names or types

Never sent to any server. Used only locally to determine the converter to run.

Conversion history

Stored locally in your browser's localStorage only. Never sent anywhere. You can clear it at any time.

Format preferences

Stored locally in localStorage to remember your preferred format pairs. Never sent anywhere.

Page analytics

Google Analytics (page views, not file data). Loaded lazily after user interaction. No file names, types, or content are included.

IP address / device info

Standard web server logs from Vercel (our hosting provider), the same as any website. Not linked to conversions.

Common security questions

Is this safe for confidential documents?

Yes. Since your files never leave your device, Convertlo is safe for confidential, legally sensitive, or personal documents. The risk profile is the same as opening a file in a local application on your computer.

What if I convert a document on a work computer?

Your IT department can monitor network traffic but would see no file content, because no file content is transmitted. The only traffic is page assets (HTML, CSS, JS, fonts) — the same as loading any website.

Does FFmpeg.wasm send data anywhere?

No. FFmpeg.wasm is a WebAssembly binary that runs as a sandboxed JavaScript worker in your browser. It has no network access. The only network request is the initial download of the WASM binary itself from a CDN.

How can I verify no upload happens?

Open your browser's developer tools (F12), go to the Network tab, then convert a file. Filter by XHR/Fetch requests. You will see zero requests containing your file data. The only requests are for static assets like fonts and scripts.

What happens to my file after conversion?

The converted file exists as a Blob in memory. When you download it, a temporary object URL is created and immediately revoked after the download starts. When you close the tab or click "Convert another file," the original and converted data are removed from memory.

Ready to convert a file privately?

No upload, no account, no risk — your files stay on your device.

Start Converting →