Security
Your files deserve serious protection.
RunConvert is built security-first. From encryption in transit to isolated processing containers, every layer of our platform is designed to keep your files private, safe, and yours alone.
Security highlights
Built for trust at every layer.
Multi-Factor Authentication (MFA)
Secure your RunConvert account with Multi-Factor Authentication. By requiring a second verification step, MFA ensures only authorized users can access your account, adding an extra layer of protection.
Isolated Processing Environments
Every file conversion job runs in its own isolated container. Your files are never mixed with other users' jobs - even our team cannot access your uploaded content during processing.
GDPR & Privacy Compliance
RunConvert is built privacy-first. We process only the minimum data needed, delete files immediately after conversion, and provide a Data Processing Agreement (DPA) on request.
Data Encryption
All file uploads and downloads are encrypted with TLS/SSL in transit. Sensitive data such as API keys is encrypted at the application level for maximum protection at every layer.
Vulnerability Management
We conduct regular penetration tests and use automated scanning tools to identify vulnerabilities before they become threats. Our platform is continuously updated to address emerging security risks.
DDoS Protection
Our platform is shielded from DDoS attacks with Cloudflare at the CDN level and network-layer defenses to block brute-force attempts, keeping your conversion workflows uninterrupted.
Commitment
Our commitment to security
At RunConvert, the safety and privacy of your files is our top priority. Our platform is built on a multi-layer security program combining modern technical controls with strict organizational policies. Whether you convert a single image or run thousands of API jobs per day, every file is handled with the same level of care.
Standards
Cloud infrastructure standards
RunConvert runs on ISO 27001-certified cloud infrastructure providers (Hetzner, OVH, AWS). Our data centres operate under internationally recognized standards for availability, confidentiality, and physical security. We continuously monitor our supplier security posture and require data processing agreements from all sub-processors.
Isolation
Data isolation for maximum privacy
Your files are yours alone. Each conversion job runs in a separate, ephemeral container that is destroyed as soon as the job completes. This architectural isolation means that even in the event of a misconfiguration, no job can access another user's data. Our team cannot read your files - for support cases, you must manually share files.
File handling
Immediate file deletion
We do not store your files any longer than necessary. Uploaded files are deleted immediately after conversion completes - or within 24 hours at most. RunConvert is a conversion tool, not a storage service. For persistent storage you can connect your own Amazon S3 bucket or Google Drive via webhooks.
Transfers
Encrypted data transfers
All file uploads and downloads use SSL/TLS encryption with modern, secure cipher suites. Our network is protected by firewalls and actively monitored to detect and block unauthorized access patterns. API traffic uses the same encryption stack as the web interface.
Infrastructure
Scalable and resilient infrastructure
RunConvert is engineered to handle demand peaks without compromising performance. Our distributed infrastructure automatically scales to manage high conversion volumes. Processing resources are isolated per tenant, so one user's heavy workload cannot affect another's conversion speed or reliability.
Access control
Access control and authentication
Our web interface uses strong authentication with optional two-factor authentication (2FA). API access uses bearer tokens with scoped permissions, and all API activity is logged. You can review API usage and revoke tokens at any time from your account settings.
Development
Secure development practices
Our engineering team follows OWASP secure development guidelines. All code changes go through peer review before deployment. We run automated vulnerability scans in CI and conduct periodic penetration testing against our API and web surface. Security findings are prioritized and patched on a risk-adjusted schedule.
Availability
Fault tolerance and availability
RunConvert maintains a 99.9% monthly uptime SLA. Our infrastructure spans multiple availability zones to eliminate single points of failure. Automated health checks and failover routing ensure that transient hardware or network issues do not interrupt your workflows.
Privacy
GDPR and privacy compliance
As a privacy-first platform, RunConvert is committed to GDPR compliance. We process personal data under lawful bases (contract, legitimate interest, or consent), retain data only as long as required, and support data subject access and deletion requests. A Data Processing Agreement (DPA) is available on request - contact [email protected].
Why trust RunConvert?
Security is not an afterthought.
RunConvert combines speed, format breadth, and enterprise-grade security to deliver a file conversion experience you can trust. Whether you're converting a single file or automating pipelines with our API, we've got your back.