Your files never leave your device.

All computation happens locally in your browser using standard Web APIs — the Canvas API for images, Web Audio API for audio files, the File API for reading documents, and JavaScript libraries like PDF.js and pdf-lib for PDF manipulation. When you convert, compress, or analyse a file, your browser is doing the work directly, not a remote server.

This means there is no upload step, no queue, and no third-party cloud service processing your documents. The data path is: your device → your browser → your device. Full stop.

We have no infrastructure capable of storing user files because we deliberately built none. Files you open in our tools are read via the browser's File API and held temporarily in browser memory for the duration of the operation. When you close the tab or navigate away, that memory is released by the browser's garbage collector.

We do not log file names, file sizes, file contents, or any metadata about the documents you process. There are no databases, object-storage buckets, or logging pipelines attached to our tools.

AllConverter.tools is served exclusively over HTTPS. We enforce TLS 1.2 as a minimum, with TLS 1.3 preferred. HTTP Strict Transport Security (HSTS) is enabled to prevent protocol downgrade attacks, ensuring your browser will always connect over an encrypted channel — even if you manually typehttp://by mistake.

Static assets are delivered via a CDN with edge certificates, ensuring low-latency encrypted connections regardless of your geographic location.

A small number of tools make outbound requests to third-party APIs to provide their functionality. The Website Speed Checker calls the Google PageSpeed Insights API — only the URL you enter is sent, never any file or personal information. The Redirect Checker and Canonical Tag Checker use the Microlink API, which similarly receives only the URL you submit.

No tool on this platform sends your files, document content, or personally identifiable information to any external service. When an API is involved, the tool interface makes that clear.

We use Google Analytics 4 to understand aggregate usage — which tools are popular, how visitors navigate the site. GA4 collects anonymised page-view and event data. No PII is included in these events and IP anonymisation is enabled.

Google AdSense is used to display advertising. AdSense may set cookies on your device in accordance with Google's own privacy policy to serve contextually relevant ads. You can opt out of personalised advertising via Google's Ad Settings. We do not sell your data. We do not build individual user profiles. We have no user account system and therefore hold no passwords, email addresses, or personal records of any kind.

To get the most secure experience when using AllConverter.tools:

• Use a modern, up-to-date browser — Chrome, Firefox, Safari, and Edge all receive regular security patches.
• Bookmark allconverter.tools directly and navigate from your bookmark rather than search results, to avoid landing on lookalike domains.
• For highly sensitive documents, you can disconnect from the internet before using any tool. Since all processing is local, every tool will continue to work offline once the page has loaded.
• After processing a sensitive file, clear your browser's memory cache if you share your device with others.

We take security reports seriously. If you discover a vulnerability — whether in our code, our infrastructure, or the behaviour of a tool — we ask that you report it to us privately before disclosing it publicly, so we can address it promptly.

Please send a clear description of the issue, the steps to reproduce it, and any proof-of-concept material to:

We will acknowledge your report within 48 hours and aim to resolve confirmed vulnerabilities within 14 days. Researchers who responsibly disclose valid issues are credited in our changelog with their permission.