Your data, protected
Security & Privacy
Your files are your business. We built every layer of Convert.FAST to keep it that way.
Last updated: December 2025
Encryption
All connections use TLS 1.3 with perfect forward secrecy. Files are encrypted on disk using AES-256-GCM with unique per-job keys. During conversion, files are decrypted only in memory for the milliseconds-to-seconds they're being processed, then immediately re-encrypted. Decrypted data is never written to disk.
Where Your Data Lives
All processing servers are physically located in the European Union on dedicated infrastructure we control. Your files are stored and processed exclusively within EU borders, ensuring GDPR compliance and protecting your content from foreign surveillance laws.
Cloudflare as a GDPR-compliant processor. File uploads transit through Cloudflare's network, which acts as a data processor under GDPR. Cloudflare provides DDoS protection and edge security—but does not store, analyze, or retain your file data. All files are encrypted in transit and processed exclusively on our EU infrastructure.
Automatic Deletion
All files are automatically deleted 1 hour after conversion completes—regardless of plan tier. You can also delete files immediately after downloading. Once deleted, files are securely wiped and cannot be recovered.
What we retain (for billing and fraud prevention): job identifiers, conversion type, file sizes, processing time, and credits consumed.
What we do NOT store:
- Filenames (only file extensions)
- File contents or thumbnails
- EXIF metadata extracted from images
- IP addresses (only transient rate-limiting hashes)
No Third-Party Processing
Unlike services that rely on cloud APIs, we process files entirely on infrastructure we own. We use a mix of open-source and commercial libraries with no external API dependencies. Your files are never sent to third-party services for processing.
Privacy Defaults
Image metadata stripped by default. EXIF data including GPS coordinates, camera info, and timestamps are removed from converted images to protect your privacy.
Audio metadata preserved by default. ID3 tags (artist, album, title) and chapter markers are retained during audio conversion to maintain playback organization. No personal or location data is typically embedded in audio files.
No AI training. We do not train machine learning models on user-uploaded files. Your content is used solely for the conversion you requested.
No analytics on file contents. We don't scan, fingerprint, or analyze file contents for advertising or profiling.
No filename analysis. We don't log, analyze, or monetize your filenames. We have no interest in what you're converting or why.
Your Rights (GDPR)
Under GDPR, you have the right to:
- Access your job metadata
- Delete your files immediately (manual delete button) or request account data deletion
- Export your job history
- Object to processing
To exercise your rights, email privacy@convert.fast. We respond within 30 days. See our full Privacy Policy for details.
Contact
- Security issues: security@convert.fast
- Privacy requests: privacy@convert.fast
- General support: support@convert.fast