Privacy Policy

info Introduction

FastlyConvert ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information.

This service is operated by TOTM Tech LTD.

folder_open Information Collection

File Processing

To complete file conversion, compression, or transcription services, your files are temporarily uploaded to our servers for processing. We use professional FFmpeg engine and Whisper AI technology to ensure high-quality processing results.

• Temporary Storage: Files are stored only during processing and are automatically deleted within 24 hours after completion
• Access Control: Our system processes files automatically with no human access to or viewing of your file contents
• Encrypted Transfer: All file transfers are encrypted via HTTPS/SSL
• On-Demand Deletion: You can contact us at any time to request immediate deletion of your files

Account Information

When you register an account, we collect:

• Email address
• Username (if provided)
• Password (stored encrypted)
• Subscription information

Usage Data

• Conversion count and types (anonymous statistics)
• Browser type and version
• IP address (for security purposes only)
• Access date and time

analytics How We Use Information

We use the collected information to:

• Provide and improve our services
• Process subscriptions and payments
• Send service-related notifications
• Prevent fraud and abuse
• Comply with legal obligations

balance Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our file conversion services, manage your account, and fulfill subscription obligations.
• Legitimate Interest: Analyzing usage patterns to improve our services, preventing fraud and abuse, and ensuring network security.
• Consent: Where you have given explicit consent, such as for marketing communications or optional analytics. You can withdraw consent at any time.
• Legal Obligation: Processing required to comply with applicable laws, regulations, or court orders.

security Data Security

We implement industry-standard security measures to protect your information:

• SSL/TLS encrypted transmission
• Password hash encryption storage
• Regular security audits
• Access control and permission management
• Automatic backup and disaster recovery

cookie Cookie Usage

We use cookies and similar technologies to improve your experience on FastlyConvert. Below is a summary of the cookies we use:

Essential Cookies

• Authentication token (authToken): Stored in localStorage to maintain your login session. Removed when you log out.
• Language preference: Remembers your selected language across visits (stored in localStorage).
• User settings: Stores your account preferences locally for faster page loads.

Analytics Cookies

• Google Analytics (_ga, _ga_*): We use Google Analytics 4 (Measurement ID: G-KXBLTVEYYH) to understand how visitors interact with our site. These cookies collect anonymized usage data including pages visited, time on site, and referral sources. Duration: up to 2 years.

Payment Processing Cookies

• Stripe (__stripe_mid, __stripe_sid): Set by our payment processor Stripe for fraud prevention and to process payments securely. These cookies are essential for checkout functionality. Stripe is PCI DSS Level 1 compliant.

You can manage cookie preferences through your browser settings. For detailed information about each cookie, see our Cookie Policy.

apps Third-Party Services

We use the following third-party services:

• Stripe: Payment processing for web (PCI DSS compliant)
• Apple StoreKit and App Store Server API: iOS payment processing and subscription event notifications
• MongoDB Atlas: Database hosting (encrypted storage)
• Cloudflare: CDN and security protection
• Google AdSense: Web advertising services and personalized ad delivery
• Google Mobile Ads SDK (AdMob): iOS rewarded video ads (non-personalized in v1.0)
• Sign in with Apple: iOS authentication

smartphone Mobile Apps (iOS)

This section describes data practices specific to our iOS app, FastlyConvert Files (App Store ID 6771623513). When you use the iOS app, the practices below apply in addition to the general practices described elsewhere on this page. Where this section conflicts with the general policy, this section governs for the iOS app only.

On-Device File Processing

Six of nine conversion tools in our iOS app run entirely on your device using Apple's native frameworks (ImageIO, PDFKit, Core Graphics): HEIC to JPG, PNG to JPG, JPG to PNG, WebP to JPG/PNG, image compression, and image to PDF.

For these tools, your files never leave your device. We do not see, store, log, or analyze the contents of files processed on-device. We have no technical ability to access them.

Three tools require backend processing and behave per the standard "File Processing" practices: PDF to Word, PDF compression, and image to WebP. For these tools, files are uploaded over HTTPS, processed by our backend, returned to the device, and deleted within 24 hours.

Apple In-App Purchase (StoreKit)

When you purchase a subscription or credit pack through the iOS app, Apple handles the payment transaction directly. We never receive your payment card details, billing address, or any sensitive financial information. Apple provides us only with a signed transaction receipt (JWS), the product identifier, the original transaction ID, and the subscription environment indicator.

We also subscribe to Apple Server-to-Server Notifications V2 (ASSN V2). Apple notifies our backend of subscription events (renewal, expiration, refund, cancellation). These notifications contain transaction metadata only — never your name, email, or payment details. Apple's privacy practices for payment processing are documented at Apple Privacy.

We retain Apple transaction identifiers, product identifiers, subscription status, renewal status, refund status, and related receipt validation records for as long as needed to provide subscription access, prevent fraud, handle support requests, comply with tax and accounting obligations, and resolve disputes.

Sign in with Apple

The iOS app supports Sign in with Apple as an optional authentication method. When you choose to sign in, Apple may share your name (only on first sign-in; you can edit or hide it) and your email address OR an Apple-provided relay email address (you choose). If you hide your email via Apple's relay service, we communicate with you only through that relay address and never see your real email.

You can revoke Sign in with Apple at any time via iOS Settings → [Your Name] → Sign in with Apple → FastlyConvert Files → Stop Using Apple ID. Revoking access via Settings does not delete your account on our backend. To fully delete your account, use the "Delete Account" option inside the iOS app (Settings tab → Danger Zone), which cascades a deletion of your User record, Subscription, Conversion history, Notifications, and Referrals on our backend.

Google AdMob (iOS)

The iOS app integrates the Google Mobile Ads SDK (AdMob) to display rewarded video ads when you choose to watch one in exchange for additional free conversion credits. Rewarded ads are entirely opt-in — you must tap the "Watch ad" button to see one. The iOS app does not display banner ads, interstitial ads, or any other ad format.

We have disabled the App Tracking Transparency (ATT) prompt for v1.0. As a result, AdMob serves non-personalized ads on iOS, we do not request access to your iOS Advertising Identifier (IDFA), and AdMob collects only non-identifying signals (approximate location from IP, device type, ad impression and click data). You can disable rewarded ads entirely by upgrading to any paid subscription tier.

Google's mobile ad data practices: Google Mobile Ads SDK Privacy.

iOS Data Collected and Linked to You

In the App Store, we declare the following data as collected and linked to your identity:

• Identifiers: Backend account user ID
• Contact Info: Email address (from Sign in with Apple, or guest-mode sign-in fallback)
• Contact Info: Name (optional, from Sign in with Apple)
• Purchases: Apple StoreKit purchase history (subscription / credit pack records)
• Usage Data: Aggregate conversion counts (which tool, success / failure, no file content)

We declare the following data as collected but not linked to you:

• Identifiers: AdMob's anonymized advertising signals (non-personalized mode)
• Diagnostics: Apple-provided crash data

We do not collect: file contents, photos or files outside what you explicitly pick, location, contacts, calendar, health data, financial info (Apple handles payment processing end-to-end), browsing history outside our app, sensitive personal info as defined by CPRA/PIPL.

Cross-Platform Account

If you create an account on fastlyconvert.com and also sign in to the iOS app with the same email, your account is unified. Credits purchased on iOS are spendable on the web (and vice versa). Pro subscription purchased on iOS unlocks Pro features on the web (and vice versa). Conversion history is per-platform — iOS history stored locally on device via SwiftData; web history stored on our backend.

Refunds: If Apple refunds a credit pack purchase, we clamp your spendable credit balance to zero at minimum (we do not allow negative balances). This is irreversible per our refund policy. Subscription refunds expire your subscription status immediately.

Deleting your FastlyConvert account removes account data from our systems as described in this policy, but it does not cancel an active Apple subscription. To stop future Apple billing, you must cancel the subscription through your Apple ID subscription settings.

iOS App Permissions Requested

• Photos Library (add only): Required only when you tap "Save to Photos" after a successful conversion.
• Photos Library (read): Required only when you pick a source photo. Apple's PhotosPicker limits our access to just the file you explicitly pick — we cannot see other photos.
• No other permissions requested: We do not request access to location, contacts, calendar, microphone, camera (for v1.0), motion, or any other sensitive iOS API.

ads_click Advertising and Partners

We use Google AdSense to display advertisements on our website. Google AdSense and its partners may use cookies and similar technologies to deliver personalized ads based on your browsing history and interests.

For more information about Google's privacy practices, visit: Google Privacy Policy

ads_click Detailed Google AdSense Data Handling

This section explains how Google AdSense handles advertising data on FastlyConvert. Google acts as an independent advertising technology provider when it serves, measures, and protects ads shown on our pages. We do not give Google access to the files you upload for conversion, compression, transcription, or other processing tasks.

What Google AdSense Collects on Our Site

• Cookie identifiers: Google may use advertising cookies such as the DART cookie, NID cookie, and IDE cookie to recognize a browser or device and measure ad delivery.
• IP address: Google may process your IP address for approximate geographic targeting, regional ad delivery, abuse prevention, and fraud detection.
• Browser and device details: Google may collect browser type, operating system, device type, screen resolution, language settings, and similar technical signals.
• Page activity: Google may process the pages you visit on FastlyConvert, ad impressions, ad clicks, view interactions, time spent on pages with ads, and relevance scoring signals.
• Approximate location: Google may infer city level or region level location from your IP address. We do not provide precise GPS location to Google AdSense.

What Google AdSense Does Not Collect on Our Site

• Uploaded file contents: File processing happens on our backend systems. File names, file contents, and processed output files are not exposed to AdSense ad scripts.
• Account credentials: Google AdSense does not receive your password, authentication tokens, session tokens, or private account security data from us.
• Contact and payment details: We do not share email addresses submitted through our forms, support messages, card numbers, billing details, or Stripe payment data with AdSense.

Personalized and Non Personalized Ads

By default, users in the EU, UK, and EEA see non personalized ads unless explicit consent is provided through our cookie consent mechanism. California users may opt out of advertising related data sharing through Global Privacy Control signals. Other users may see personalized ads based on browsing history, ad interactions, and Google account settings. You can change ad personalization at any time at Google Ads Settings.

Third Party Ad Networks and Consent

Google AdSense may serve ads from partner networks listed in our ads.txt file. Each partner network has its own privacy practices. You can review Google's explanation of partner site data use at Google Partner Sites. We display a cookie consent banner on first visit where required, and you can modify consent at any time by reopening the banner if available or by changing browser settings. We honor Do Not Track and Global Privacy Control signals where supported by applicable law and our technical systems.

Ad Reports and Inquiries

To report a problematic ad, use the AdChoices icon shown on the ad when available, or email us at privacy@fastlyconvert.com with the page URL, screenshot, and approximate time you saw the ad. You can also use Google's ad reporting guidance at Google Ads Help.

verified GDPR Compliance (EU Users)

FastlyConvert complies with the EU General Data Protection Regulation and the UK GDPR when we process personal data from users in the European Union, European Economic Area, and United Kingdom. The data controller for FastlyConvert is TOTM Tech LTD, the company that decides why and how personal data is processed for this service.

Our legal bases for processing are described in the Legal Basis for Processing section. In summary, we process personal data when it is needed to provide the file conversion service, manage accounts and subscriptions, protect the service from fraud and abuse, comply with legal duties, and handle optional features that rely on consent.

Specific GDPR Rights

• Right to access, Article 15: You may request a copy of the personal data we hold about you. We respond within 30 days unless the request is unusually complex.
• Right to rectification, Article 16: You may ask us to correct inaccurate or incomplete account data, contact details, or billing profile information.
• Right to erasure, Article 17: You may request deletion of personal data when it is no longer needed, when consent is withdrawn, or when processing is unlawful. This is also known as the right to be forgotten.
• Right to restrict processing, Article 18: You may ask us to limit how we use your data while a dispute, correction request, or objection is being reviewed.
• Right to data portability, Article 20: You may request personal data you provided to us in a structured, commonly used, machine readable format.
• Right to object, Article 21: You may object to processing based on legitimate interests, including direct marketing. We do not continue direct marketing after a valid objection.
• Automated decision making, Article 22: We do not use automated decision making that produces legal effects or similarly significant effects about you.

To exercise GDPR rights, email privacy@fastlyconvert.com. Please include the email address connected to your account and the right you want to exercise. We may ask for reasonable identity verification before acting on a request. We normally respond within 30 days.

You also have the right to lodge a complaint with your supervisory authority, such as the UK Information Commissioner's Office, the French CNIL, the German Federal Commissioner for Data Protection and Freedom of Information, or another authority in your country. For international transfers outside the EEA or UK, we use Standard Contractual Clauses and related safeguards where required. You may contact our Data Protection Officer at dpo@fastlyconvert.com.

shield California Consumer Privacy Act (CCPA) Compliance

California residents have specific rights under the California Consumer Privacy Act and the California Privacy Rights Act. This section describes the categories of personal information we may collect from California users and how those users can exercise their privacy rights.

What We Collect from California Residents

• Identifiers: Email address, IP address, account ID, and similar identifiers used for account access, security, and service delivery.
• Internet or network activity: Usage patterns, browser type, device details, page activity, conversion activity, and security logs.
• Commercial information: Subscription status, plan type, payment history, refund status, and purchase related records handled with our payment processors.
• Inferences: Aggregated usage statistics that help us understand which conversion tools are used most often and how to improve the service.
• Data we do not collect: We do not collect biometric data, precise geolocation, or sensitive personal information such as government ID numbers, medical details, religious beliefs, or full financial account credentials.

Specific CCPA and CPRA Rights

• Right to know: You may request the categories and specific pieces of personal information we collect, use, disclose, or share.
• Right to delete: You may request deletion of personal information we hold about you, subject to legal and security exceptions.
• Right to opt out: We do not sell personal information for monetary consideration. The CPRA's broader sharing definition may apply to some advertising data, and you may opt out of that sharing.
• Right to non discrimination: Exercising your rights will not affect service quality, account access, or pricing.
• Right to correct: You may request correction of inaccurate personal information connected to your account.
• Right to limit sensitive personal information: We do not collect sensitive personal information as defined by the CPRA for the purpose of inferring characteristics.

To exercise these rights, email privacy@fastlyconvert.com or use the form at /contact. We may ask you to confirm ownership of the email address associated with your account. Authorized agents must provide written authorization and enough information for us to verify the request. We respond within 45 days, or within 90 days for complex requests when allowed by law.

Do Not Sell or Share My Personal Information: California residents may opt out of advertising related data sharing by emailing us or by using browser based Global Privacy Control signals, which we honor where technically supported. You can also adjust personalized advertising through your browser and Google ad settings.

policy PIPL Compliance (China Users)

FastlyConvert complies with the Personal Information Protection Law of the People's Republic of China, also known as PIPL, for users in mainland China. PIPL has applied since November 2021 and sets rules for personal information collection, use, retention, transfer, and deletion.

For users in mainland China, we collect personal information based on your consent or when it is necessary to provide the requested service, such as account access, file conversion, security checks, subscription management, and support. You have rights to access, correct, delete, transfer, and withdraw consent for your personal information. If you withdraw consent, some account or service features may no longer work because we may need certain information to provide the service.

• Cross border data transfer: Before transferring personal information out of China, we conduct security assessments and use safeguards intended to protect your information during transfer and processing.
• Sensitive personal information: We do not collect biometric data, religious beliefs, medical details, full financial details, precise location tracking data, or other sensitive personal information for profile building.
• Account deletion: You may request account deletion by emailing privacy@fastlyconvert.com. We delete the account and associated personal data within 15 working days unless retention is required by law.
• Minors under 14: Parental or guardian consent is required. We do not knowingly collect personal information from users under 14.

We do not maintain a registered local representative in mainland China. You may contact us at privacy@fastlyconvert.com for any PIPL related concern, access request, deletion request, or consent withdrawal request. If your concern is not resolved with us, you may report it to the Cyberspace Administration of China or another competent authority.

gavel Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data. You can delete your account from Account Settings, or email us at privacy@fastlyconvert.com.
• Right to Data Portability: Request a machine-readable copy of your data.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time without affecting prior processing.
• Right to Object: Object to processing based on legitimate interests.
• Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe your rights have been violated.

To exercise any of these rights, contact us at privacy@fastlyconvert.com. We will respond within 30 days.

schedule Data Retention

We retain your data only for as long as necessary. Account data is retained while your account is active and will be permanently deleted within 30 days after account deletion. Temporary files are deleted as soon as possible after processing, no later than 24 hours.

public International Data Transfers

FastlyConvert operates globally, and your data may be processed in countries other than your own. Our servers are hosted via cloud providers (including services in the United States and Europe). We ensure that any international data transfers comply with applicable data protection laws, including the use of Standard Contractual Clauses (SCCs) where required.

child_care Children's Privacy

Our services and iOS app are not intended for children under 13 years of age. We do not knowingly collect personal information from children. The App Store age rating for FastlyConvert Files is 4+ because the app contains no objectionable content, but we expect parental supervision for use by minors. If you believe a child under 13 has provided personal information to us, please contact privacy@fastlyconvert.com for prompt deletion.

update Policy Changes

We may update this Privacy Policy from time to time. Significant changes will be notified via email or website notice. Continued use of services constitutes acceptance of the updated policy.