FileMorf
Menu

Legal

Privacy Policy

Last updated: December 29, 2024

Overview

FileMorf ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our file conversion service at filemorf.com (the "Service").

The short version: We process most files directly in your browser. We collect minimal data. We never sell your information.

1. Information We Collect

1.1 Files You Convert

Client-Side Processing: For most conversions (image format conversion, PDF merging/splitting, document conversion), your files are processed entirely in your browser. These files are never uploaded to our servers.

Server-Side Processing: Certain features (OCR text extraction, large file processing for Pro users) require server-side processing. In these cases:

  • Files are encrypted in transit using TLS 1.3
  • Files are stored temporarily in encrypted cloud storage
  • Files are automatically deleted within 24 hours of processing
  • We do not access or analyze file contents except as needed for processing

1.2 Account Information

If you create an account, we collect:

  • Email address
  • Name (optional)
  • Profile picture (if signing in with Google/GitHub)
  • Password hash (for email/password accounts)

1.3 Usage Data

We automatically collect:

  • Conversion operation types and counts (not file contents)
  • Feature usage patterns
  • Error logs and performance metrics
  • IP address (for rate limiting and security)

1.4 Cookies

We use essential cookies for:

  • Session authentication
  • Theme preferences (dark/light mode)
  • CSRF protection

We do not use tracking cookies or third-party analytics that follow you across the web.

2. How We Use Your Information

We use collected information to:

  • Provide and maintain the Service
  • Process your file conversions
  • Authenticate your account and manage subscriptions
  • Enforce usage limits (free tier: 25 conversions/day)
  • Prevent abuse, fraud, and security threats
  • Improve service performance and reliability
  • Send essential service communications (password resets, billing notices)

We do not:

  • Sell your personal information to third parties
  • Use your files to train AI models
  • Share your data with advertisers
  • Send marketing emails without consent

3. Data Retention

  • Files: Server-processed files are deleted within 24 hours. Client-side processed files never leave your device.
  • Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Usage logs: Aggregated usage statistics may be retained for up to 12 months for service improvement.
  • Billing records: Retained as required by law (typically 7 years for tax purposes).

4. Data Sharing

We share data only with:

  • Payment processors: Stripe processes payments. See Stripe's Privacy Policy.
  • Cloud infrastructure: Cloudflare (CDN, R2 storage), Neon (database). Data is encrypted at rest and in transit.
  • Authentication providers: Google and GitHub if you use social login. We receive only your email, name, and profile picture.
  • Legal requirements: We may disclose information if required by law, court order, or to protect our rights and safety.

5. Security

We implement industry-standard security measures:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Argon2id password hashing
  • Rate limiting and DDoS protection
  • Regular security audits
  • Minimal data collection principle

6. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate data
  • Deletion: Delete your account and associated data
  • Portability: Export your data in a standard format
  • Objection: Object to certain data processing

To exercise these rights, contact us at [email protected].

7. International Transfers

Our servers are located in the United States and Europe (via Cloudflare's global network). If you're accessing the Service from outside these regions, your data may be transferred to and processed in these locations.

8. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or sending an email. Continued use after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions or concerns:

Terms of Service →Back to FileMorf