Privacy
Your images never leave your browser.
ConV is engineered so that image pixels and related metadata from your local files are not transmitted to our servers. This policy explains what that means in practice, what data we still process, and your rights.
The tool uses WebAssembly codecs and parallel Web Workers for decode, resize, and encode. Processing is performed in memory in your browser tab. Optimised files can be packaged into a ZIP archive that is generated locally and downloaded directly from your device. EXIF and other metadata removal is performed locally as part of the chosen workflow (including lossless in-place stripping for supported formats).
No server involved in image processing
Stripe Payments Europe, Ltd. and affiliated Stripe entities process payment data to operate checkout, invoicing, and subscriptions. Stripe acts as a payment processor under its own terms and privacy policy. Image files and outputs from the tool are not transmitted to Stripe under this architecture. To recognise entitled users on return visits we set a first-party HTTP-only cookie containing a signed session token (not a raw Stripe customer ID). Stripe is queried live on each request to verify whether an active subscription exists โ no subscription status is stored locally.
ConV has no password system and no user database. If you lose access to your session (e.g. cleared browser cookies or a new device), you can request a secure sign-in link at /login. We look up your email address against Stripe customer records. If a matching active subscription is found, a time-limited link (valid 15 minutes) is sent to that email via our email provider (Resend). The link is cryptographically signed โ no subscription status is included in the token. Clicking it sets the same signed session cookie as described above. We do not store email addresses beyond what Stripe already holds for billing purposes. No passwords are created or stored at any point.
We use strictly necessary cookies where required to operate secure billing flows (for example an HTTP-only cookie storing a Stripe customer identifier after successful checkout). We do not use advertising cookies. We do not use cross-site tracking cookies for ad networks. For details and retention, see our Cookie policy.
Where analytics are enabled, they are configured to be privacy-friendly: no Google Analytics, no cross-site tracking IDs used for advertising, and no automated ad profiling based on your behaviour on the service. If analytics are off, only technical server logs as described above may be collected by infrastructure.
If we process personal data about you (for example billing records via Stripe, or log data attributable to you), you may have the following rights under the GDPR, subject to legal conditions:
| Right | Summary |
|---|---|
| Access | Request information about personal data we hold about you. |
| Rectification | Request correction of inaccurate personal data. |
| Erasure | Request deletion where applicable (for example when no longer needed). |
| Restriction | Request restriction of processing in defined cases. |
| Data portability | Receive structured data you provided where processing is contract-based and automated. |
| Objection | Object to processing grounded on legitimate interests, where applicable. |
| Complaint | Lodge a complaint with a supervisory authority in your country, in particular in the EU Member State of your habitual residence or place of work. |
While ConV is designed to process images locally and to strip metadata where requested, the following technical limitations apply:
ConV does not provide legal advice. Nothing in this Privacy Policy, the Terms of Service, or anywhere else on this website constitutes legal, regulatory, or compliance advice. You remain solely responsible for ensuring your use of the Service and its outputs complies with all applicable laws and regulations, including the GDPR, CCPA, and any industry-specific privacy requirements. Consult a qualified legal professional for advice specific to your situation.
Data protection and privacy enquiries relating to ConV may be directed to: [email protected]