RunConvert

Legal

Privacy Policy

Last modified: June 16, 2026

Welcome to RunConvert, operated by Wibbrix (“we”, “us”, or “RunConvert”). Your privacy is our top priority. This Privacy Policy outlines how we collect, use, share, and protect your personal information when you use our file conversion services at runconvert.com (the “Site”) and related tools, including our API (collectively, the “Service”). Our Service allows you to convert files - such as images, documents, audio, and video - quickly and securely, whether for personal projects, professional workflows, or automated pipelines.

This policy applies to personal information that identifies you or makes you identifiable. It does not cover aggregated or anonymised data, nor data processed on behalf of enterprise customers, which is governed by our Data Processing Addendum. We are committed to transparency, data minimisation, and compliance with global privacy laws, including GDPR, CCPA, and Nevada regulations.


Scope of This Privacy Policy

This Privacy Policy explains how we handle personal information when you interact with the Service, whether as an individual user, a registered account holder, or an authorized user of an enterprise account. As the data controller, RunConvert determines the purposes and means of processing your personal information as described here.

This policy does not cover information about our employees, contractors, or job applicants, nor does it apply to non-personal data like anonymised usage statistics.

Data Minimisation Commitment

At RunConvert, we adhere to the principle of data minimisation, collecting only the data necessary to provide and improve the Service. When you upload a file, we temporarily store it for processing and delete it immediately after conversion is complete (or within 24 hours at most). We do not mine or analyse file contents for purposes beyond your requested conversion task.

We avoid creating user profiles for marketing unless you explicitly consent, and we limit third-party data sharing to what is essential for Service delivery.

Region-Specific Disclosures

California Residents

Under the CCPA, you have rights to access, delete, or opt out of data sales. We do not sell personal information as defined by the CCPA. Requests can be submitted to [email protected].

Nevada Residents

Nevada Revised Statutes Chapter 603A allows opting out of certain data sales. We do not sell personal information per this law.

EEA, UK, and Switzerland

See the European Privacy Disclosures section below for legal bases, cookie practices, and your rights under GDPR. Your data may be transferred to countries like the United States using Standard Contractual Clauses.


1. Information We Collect and How We Use It

We collect personal information to deliver, enhance, and secure the Service. This includes data you provide directly, information from third parties, and data collected automatically.

1.1 Information You Provide

  • Registration:Name, email, and optional profile details when you sign up. Enables account creation, authentication, and personalised communication.
  • Payment:Billing details processed by Stripe. We do not store credit card numbers. See Stripe's privacy policy at stripe.com/privacy.
  • Uploaded files:Files are temporarily stored for processing, encrypted, processed automatically without human intervention, and deleted immediately after conversion (or within 24 hours at most). We do not access file contents beyond what is needed for your task.
  • Communications:Name, email, and message content when you contact us for support or send a contact form submission.
  • Feedback:Survey responses and beta testing input used to improve features and format support.

1.2 Information from Third Parties

  • SSO:Using GitHub, Google, or similar - we receive your name and email based on your privacy settings with that provider.
  • Analytics providers:Usage insights from Posthog and Google Analytics to help us understand how the Service is used and identify improvements.
  • Business partners:Data from marketing platforms to optimise campaigns, always in line with this policy.

1.3 Automatically Collected Information

We use cookies and similar technologies to collect:

  • Device information: IP address, browser type, device model, operating system
  • Usage data: pages visited, links clicked, time spent, conversion frequency
  • Approximate location from IP address for server routing (e.g., nearest region for faster conversions)

1.4 Purposes of Use

  • Deliver the Service, including processing file conversions and managing accounts
  • Communicate about account updates, job statuses, webhook events, or support queries
  • Market our services with opt-out options at any time
  • Analyse usage to enhance features and add new format support
  • Prevent fraud, enforce our Terms of Service, and protect our systems
  • Comply with legal obligations, such as retaining billing records for tax purposes

2. How We Share Personal Information

  • Service providers:Third parties like Stripe (payments), AWS / Hetzner / OVH (hosting), and Posthog (analytics) process data under strict confidentiality agreements.
  • Legal authorities:We share data to comply with laws, respond to valid legal process, or protect our rights and users.
  • Business transfers:In mergers or acquisitions, data may be transferred with assurances it is handled per this policy.
  • With consent:We share data with third parties if you explicitly authorise us to do so.
  • Anonymised data:Aggregated, non-identifiable data may be shared for research or service improvement.

We do not share uploaded files for marketing purposes or sell personal information as defined by CCPA or Nevada law.


3. Control Over Your Information

  • Email opt-out:Unsubscribe from marketing emails via the 'unsubscribe' link in any email. Transactional and service emails are mandatory.
  • Account management:Update or delete your account in Settings. Deletion removes personal data within 72 hours.
  • File deletion:Uploaded files are deleted immediately after conversion completes or within 24 hours. You may also delete them manually from your job history.
  • Data requests:Request access, correction, or deletion of your data by emailing [email protected].

5. Data Retention and Security

  • Uploaded files:Deleted immediately after conversion completes or within 24 hours at most.
  • Account data:Removed within 72 hours of account deletion.
  • Log data:IP addresses and usage logs retained for up to 180 days.
  • Billing data:Retained up to 10 years to comply with applicable tax laws.

Our security measures include SSL/TLS encryption in transit, encrypted storage, secure cloud infrastructure (AWS, Hetzner, OVH), and strict access controls. Files are processed in isolated environments. In the event of a data breach, we will notify affected users promptly in accordance with applicable laws.


7. Children's Privacy

The Service is not designed for children under 13, and we do not knowingly collect their personal data. If we discover such data has been collected, we delete it immediately. Contact us at [email protected]if you believe we have inadvertently collected a child's information.


8. Incident Response and Data Breach Notification

We maintain a robust incident response plan. If a breach occurs, we will:

  • Investigate promptly to assess scope and impact
  • Notify affected users within 72 hours if required by GDPR or other applicable laws
  • Take corrective actions, such as enhancing security protocols or revoking compromised credentials

To report a security concern, email [email protected].


9. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or a prominent notice on the Site. The “Last Modified” date at the top of this page will always reflect the current version. We encourage you to review this page periodically.


10. Contact Us

Wibbrix (operating RunConvert)

76 Healy Road, Victoria, Australia

Email: [email protected]

For GDPR-related complaints, you may also contact your local supervisory authority - for example, the UK Information Commissioner's Office (ICO) if you are based in the United Kingdom.

4. Cookies and Tracking Technologies

We use cookies and tracking technologies to keep you signed in, secure the Service, and analyse usage patterns.

CookieTypeWhen droppedDurationPurposePrivacy notice
SessionStrictly NecessaryOn sign-in7 daysAuthenticate and maintain your logged-in sessionRunConvert Privacy
StripeStrictly NecessaryWhen accessing payment interface30 min / 1 yr / 2 yrDetect and prevent fraudulent paymentsStripe Cookie Settings
CloudflareStrictly NecessaryOn first site access30 min / sessionIdentify and block bots; manage trafficCloudflare Cookies
PosthogAnalyticsOn service access1 yearMonitor and analyse usage to improve the ServicePosthog Privacy
Google Analytics 4AnalyticsOn first site accessUp to 2 yearsMeasure performance and personalise ads (with consent)GA Privacy
Google AdsAdvertisingAfter interacting with our ads90 daysMeasure ad performance (with consent)Google Ads Privacy

You can disable cookies in your browser settings, but this may affect Service functionality (e.g., staying signed in or tracking job status). Learn more at allaboutcookies.org.

European Privacy Disclosures

For users in the EEA, UK, or Switzerland, these disclosures provide additional detail per GDPR requirements.

10.1 Legal Bases for Processing

  • Contract (Art. 6(1)(b)):Account creation, file processing, and payment processing, as outlined in our Terms of Service.
  • Legitimate interests (Art. 6(1)(f)):Service improvements, fraud prevention, and customer support where our interests do not override your rights.
  • Consent (Art. 6(1)(a)):Marketing emails and non-essential analytics or advertising cookies, which you can withdraw at any time.

10.2 Data Retention

  • Uploaded files deleted immediately after conversion or within 24 hours
  • Account data removed within 72 hours of deletion
  • Telemetry and log data anonymised after 180 days
  • Billing data retained up to 10 years for legal compliance

10.3 International Transfers

Data may be transferred to the United States or other countries for processing via our cloud infrastructure. We use Standard Contractual Clauses (SCCs) and other GDPR-compliant safeguards to protect your data during any such transfers.

10.4 Your Rights

Under GDPR, you have the right to:

  • Access your data and learn how it is processed
  • Rectify inaccurate or incomplete data
  • Erase data when it is no longer needed (right to be forgotten)
  • Restrict processing in certain circumstances
  • Receive your data in a portable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time without affecting prior processing

Exercise these rights by emailing [email protected]. You may also lodge a complaint with your local supervisory authority (e.g., the UK ICO or your EEA national authority).

10.5 Cookies in the EEA, UK, and Switzerland

Strictly necessary cookies (session, Cloudflare, Stripe) are required for core Service functionality and do not require separate consent under Art. 6(1)(b) GDPR. Analytics and advertising cookies (Posthog, Google Analytics, Google Ads) require your explicit consent. Declining these cookies does not prevent you from using RunConvert's conversion features.