Last Modified: June 26, 2025

Welcome to RunConvert, operated by RunConvert Solutions, Inc. ('we', 'us', or 'RunConvert'). Your privacy is our top priority. This Privacy Policy outlines how we collect, use, share, and protect your personal information when you use our file conversion services at runconvert.com (the 'Site') and related tools, including our API and mobile app (collectively, the 'Service'). Our Service allows you to convert files—such as images, documents, or videos—quickly and securely, whether for personal projects, professional portfolios, or web optimization.

This policy applies to personal information that identifies you or makes you identifiable ('personal information'). It does not cover aggregated, anonymized, or deidentified data, nor does it apply to data processed on behalf of enterprise customers ('Customer Data'), which is governed by our Data Processing Addendum. If your data is part of Customer Data, please consult the relevant customer’s privacy policy.

We are committed to transparency, data minimization, and compliance with global privacy laws, including GDPR, CCPA, and Nevada regulations. Below, we detail our practices to help you make informed decisions about using our Service.

This Privacy Policy explains how we handle personal information when you interact with the Service, whether as an individual user, a registered account holder, or an authorized user of an enterprise account. As the data controller, RunConvert determines the purposes and means of processing your personal information as described here.

Additional privacy notices may apply for specific scenarios, such as when you use our AI-powered conversion tools or participate in beta testing. This policy does not cover information about our employees, contractors, or job applicants, nor does it apply to non-personal data like anonymized usage statistics.

At RunConvert, we adhere to the principle of data minimization, collecting only the data necessary to provide and improve the Service. For example, when you convert a file, we temporarily store it for processing but delete it within 24 hours. We do not mine or analyze file contents for purposes beyond conversion, ensuring your data remains private and secure.

Our approach extends to all data collection. We avoid creating user profiles for marketing unless you explicitly consent, and we limit third-party data sharing to what’s essential for Service delivery, such as payment processing or analytics.

- California Residents: Under California Civil Code Section 1798.83, you can request information about personal information shared with third parties for direct marketing. We use tracking tools to measure ad performance and deliver personalized ads, which you can manage via Privacy Settings. California users also have rights under the CCPA to access, delete, or opt out of data sales (we do not sell data as defined by CCPA).

- Nevada Residents: Nevada Revised Statutes Chapter 603A allows opting out of certain data sales. We do not sell personal information per this law, but you can submit requests at [email protected].

- EEA, UK, and Switzerland: For users in the European Economic Area, United Kingdom, or Switzerland, our European Privacy Disclosures detail legal bases, cookie practices, and your rights under GDPR.

International Transfers: Your data may be transferred to countries like the United States or Singapore, where data protection laws differ. We use safeguards like Standard Contractual Clauses to ensure compliance with GDPR and other regulations.

We collect personal information to deliver, enhance, and secure the Service. This includes data you provide directly, information from third parties, and data collected automatically through cookies and similar technologies. Below, we categorize the data and explain its uses.

- Registration Information: When you sign up, we collect your name, email address, and optional details like a username or profile picture (e.g., via GitHub SSO). This enables account creation, authentication, and personalized communication, such as conversion status updates or support responses.

- Payment Information: For subscriptions or premium packages, we collect billing details (e.g., name, address, Tax ID) through third-party processors like Stripe. We do not store sensitive financial data like credit card numbers; see Stripe’s privacy policy at stripe.com/privacy.

- Uploaded Files: When you upload files for conversion , we temporarily store them on our servers for processing. These files are encrypted, processed automatically without human intervention, and deleted within 24 hours or upon your manual deletion. We do not access file contents beyond what’s needed for conversion.

- Communications: Contacting us via email, contact form, or live chat provides us with your name, email, and message content. We use this to address inquiries, resolve issues, or gather feedback. For example, if you report a conversion error, we may use your input to debug the issue.

- AI Tool Inputs: Our AI-powered tools (e.g., for optimizing conversion settings) collect your queries and generated outputs. We also access metadata about your files (e.g., database structure) with consent to improve AI accuracy. For instance, if you ask for compression tips, we store the query to refine our algorithms.

- Feedback and Surveys: If you participate in optional surveys or beta testing, we collect your responses to improve features, like adding new file formats or streamlining the interface.

You decide what data to provide, but some information (e.g., email for account creation or files for conversion) is required to use the Service.

- Single Sign-On (SSO): Using SSO via GitHub, Google, or Twitter, we receive your name, email, or profile details based on your privacy settings. This simplifies login and personalizes your experience, such as displaying your GitHub username in your profile.

- Social Media: Engaging with us on platforms like Twitter or LinkedIn may provide your profile information (e.g., username, profile picture). We use this to respond to comments, share your posts (with consent), or promote our Service.

- Business Partners: We may receive data from partners like analytics providers (e.g., Posthog) or marketing platforms to enhance our services. For example, we might learn which ad led you to our Site to optimize campaigns.

- Other Sources: Data from mergers, acquisitions, or third-party providers (e.g., demographic data) may be combined with our records to improve Service delivery or marketing, always in line with this policy.

We use cookies, web beacons, and similar technologies to collect usage data, including:

- Device Information: IP address, browser type, device model, operating system, and unique identifiers (e.g., persistent device IDs). This helps us optimize the Service for your device.

- Usage Data: Pages visited, links clicked, time spent, conversion frequency, and email interactions (e.g., opening a newsletter). For example, we track which file formats are popular to prioritize development.

- Location Data: Approximate location from your IP address for geotargeting, such as selecting the nearest server (e.g., US or Germany) for faster conversions.

This data supports Service functionality, security (e.g., detecting abuse), analytics, and personalized ads (with consent).

We use personal information to:

- Deliver the Service, including processing file conversions and managing accounts.

- Communicate about account updates, conversion statuses, or support queries (e.g., notifying you when a batch conversion completes).

- Market our services, such as sending newsletters about new file formats or discounts, with an opt-out option.

- Analyze usage to enhance features, like improving conversion speed or adding support for formats like HEIC.

- Prevent fraud, enforce our Terms of Service, and protect our systems, such as blocking suspicious IP addresses.

- Comply with legal obligations, like retaining billing records for tax purposes.

- Fulfill purposes you consent to, such as featuring your converted images in our gallery with permission.

We share personal information only when necessary, including:

- Service Providers: Third parties like Stripe (payment processing), AWS (hosting), or Posthog (analytics) process data under strict confidentiality agreements. For example, AWS stores your uploaded files temporarily during conversion.

- Affiliates: RunConvert subsidiaries or parent companies use data for internal operations, following this policy.

- Legal Authorities: We share data to comply with laws, respond to subpoenas, or protect our rights, such as reporting fraudulent transactions.

- Business Transfers: In mergers or acquisitions, data may be transferred, with assurances it’s handled per this policy.

- With Consent: We share data publicly or with third parties if you authorize us, like showcasing your converted artwork.

- Anonymized Data: We share aggregated, non-identifiable data (e.g., conversion trends) for research or marketing.

We do not share uploaded files for marketing or sell personal information as defined by CCPA or Nevada law.

- Email Opt-Out: Unsubscribe from marketing emails via the 'unsubscribe' link. Service-related emails (e.g., conversion confirmations) are mandatory.

- Account Management: Update or delete your account in the Site’s settings. Account deletion removes data within 72 hours, including AI tool inputs and profile details.

- File Deletion: Uploaded files are deleted within 24 hours or when you manually delete them via the conversion dashboard.

- Data Requests: Request access, correction, or deletion of your data at [email protected]. We may verify your identity to protect your account.

- AI Tool Preferences: Opt out of AI tool data collection or adjust settings to limit metadata access in your account.

We use cookies and tracking technologies to improve your experience, secure the Service, and analyze usage. The table below lists the cookies we use:

Disable cookies via your browser settings, noting that this may affect Service functionality (e.g., login or file tracking). Manage ad and analytics cookies via Privacy Settings. Learn more at allaboutcookies.org. For example, blocking Stripe cookies may prevent payment processing.

We retain personal information only as needed for the purposes outlined or as required by law:

- Uploaded Files: Deleted within 24 hours or upon manual deletion to minimize storage.

- Account Data: Removed within 72 hours of account deletion, including AI inputs and profile details.

- Log Data: IP addresses and usage logs are kept for 180 days to detect abuse or optimize performance.

- Billing Data: Retained for up to 10 years to comply with tax laws.

Our security measures include SSL encryption, secure cloud servers (AWS, OVH, Hetzner in Germany or the US, based on your location), and access controls. For example, files are encrypted during upload and stored in isolated environments. While we strive for robust security, no system is infallible. In case of a breach, we’ll notify affected users promptly per applicable laws.

Our Service integrates with third-party tools to enhance functionality, such as:

- Payment Processors: Stripe for secure transactions.

- Analytics: Posthog and Google Analytics for usage insights.

- Customer Support: Freshdesk for managing inquiries.

We also link to external sites (e.g., social media or partner websites). These third parties have their own privacy policies, and we’re not responsible for their practices. For example, clicking a Twitter link on our Site subjects you to Twitter’s privacy terms. Always review third-party policies before sharing data.

The Service is not designed for children under 13, and we do not knowingly collect their data. If we discover such data (e.g., a child uploading a file), we delete it immediately. Contact us at [email protected] if you suspect we’ve collected a child’s information, and we’ll take swift action.

We maintain a robust incident response plan to address potential data breaches. If a breach occurs, we will:

- Investigate promptly to assess the scope and impact.

- Notify affected users within 72 hours if required by GDPR or other laws, providing details on the breach and mitigation steps.

- Take corrective actions, such as enhancing security protocols or resetting account access.

For example, if a server hosting temporary files is compromised, we’ll isolate the issue, delete affected data, and inform users whose files were involved. Contact [email protected] to report security concerns.

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email (to your registered address), Site notices, or in-app alerts. The 'Last Modified' date will be updated. For instance, adding support for a new file format might prompt a policy update to describe new data processing. Check this page regularly to stay informed.

For questions, data requests, or to exercise your rights, reach us at:

RunConvert Solutions, Inc.

76 Healy Road,

Victoria, Australia

Email: [email protected]

Phone: +94 71 11 76 154

Our Data Protection Officer is available via DataCo GmbH at www.dataguard.de. For GDPR-related complaints, contact your local supervisory authority, such as the UK ICO (ico.org.uk).

For users in the EEA, UK, or Switzerland, these disclosures provide additional details per GDPR requirements.

We process personal information under these legal bases:

- Contract (Art. 6(1)(b) GDPR): For account creation, file conversions, and payment processing, as outlined in our Terms of Service.

- Legitimate Interests (Art. 6(1)(f) GDPR): For service improvements (e.g., optimizing conversion algorithms), fraud prevention, and customer support.

- Consent (Art. 6(1)(a) GDPR): For marketing emails, non-essential cookies, or AI tool data collection, which you can withdraw anytime.

Processed data includes contact details, payment information, file metadata, and usage data, shared with providers like Stripe, AWS, Posthog, and Freshdesk under data processing agreements.

Retention periods vary by legal basis:

- Contract: Until the contract ends (e.g., account deletion), plus statutory periods (e.g., 10 years for tax records).

- Consent: Until you withdraw consent, such as unsubscribing from marketing.

- Legitimate Interests: For a reasonable period, considering your rights and the purpose (e.g., 180 days for logs).

- Legal Obligation: As required by law, such as retaining billing data for audits.

Files are deleted within 24 hours; account data within 72 hours of deletion. Telemetry data (e.g., conversion errors) is anonymized after 180 days.

Data may transfer to the US or Singapore for processing (e.g., AWS servers). We use Standard Contractual Clauses and other safeguards to ensure GDPR compliance. For example, file uploads from the EEA are processed on US servers only with these protections in place.

Under GDPR, you have rights to:

- Access your data and learn how it’s processed.

- Rectify inaccurate or incomplete data.

- Erase data when no longer needed.

- Restrict processing in certain cases.

- Port data to another provider.

- Object to processing based on legitimate interests (e.g., marketing).

- Withdraw consent at any time.

Exercise these rights by emailing [email protected]. We’ll verify your identity to protect your data. You can also lodge complaints with authorities like the Bavarian State Office for Data Protection Supervision (www.lda.bayern.de).

We use cookies as listed in the table above. Strictly necessary cookies (e.g., Stripe, Cloudflare) are required for Service functionality and do not require consent per Art. 6(1)(b) GDPR. Analytics and advertising cookies (e.g., Google Analytics, Google Ads) require your consent, manageable via Privacy Settings. Refusing these cookies may limit personalized features but won’t affect core Service use.