Privacy Policy

This Privacy Policy explains how Universal Image Converter ("we", "our", "the Service") handles information when you use the application to convert image files. We designed the Service to avoid collecting more data than is strictly necessary for core functionality.

1.1 Uploaded Images

Files you upload are held only in server memory (RAM) for the duration of the conversion request. They are never written to disk (except transiently inside process memory), stored in a database, or reused after the HTTP response is returned.

1.2 Account Information

If you create an account to access trial or subscription features we store your email, a hashed password, subscription status, and timestamps (created/updated). No plaintext passwords are stored.

1.3 Billing

Subscription billing is handled by Stripe. We do not store full payment method data. Stripe provides us with references such as customer ID, subscription ID, status, period end, and price identifiers. All payment details remain with Stripe and are subject to Stripe's Privacy Policy.

1.4 Cookies / Sessions

Authentication uses secure HTTP-only cookies / JWT tokens to maintain your session. No tracking or advertising cookies are set by the Service itself. Third-party ad networks (e.g. Google AdSense) may set their own cookies if ads are shown to non-premium users.

1.5 Logs

We may record minimal server logs (timestamp, IP, route, basic error messages) solely for security and abuse mitigation. We do not log file contents or derived image data.

• Provide and operate the conversion functionality.
• Authenticate users and enforce trial / subscription access.
• Process payments and manage subscription lifecycle events.
• Prevent abuse (e.g. excessive automated requests).
• Comply with legal obligations if required.

Uploaded images: Discarded immediately after conversion response is generated.

Account & subscription data: Retained while the account is active and for a reasonable period afterward for billing/audit requirements.

Logs: Rotated and purged periodically (target < 30 days) unless required for security investigations.

We employ industry practices such as password hashing (bcrypt), encrypted transport (HTTPS), principle of least privilege for database access, and prompt patching of dependencies. No system can guarantee perfect security; we continuously review for improvements.

Your data may be processed on servers located in various regions depending on hosting provider infrastructure. By using the Service you consent to such transfers.

• Stripe: Payment processing.
• Google AdSense: Advertising for non-premium users (if enabled).
• Hosting Provider: Infrastructure & transient compute.

The Service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided data, contact us for removal.

Depending on jurisdiction you may have rights to access, correct, delete, or port personal data. Contact us to exercise these rights; we will verify identity before action.

If we materially change this policy we will update the date and may provide additional notice (e.g. banner or email if appropriate). Continued use constitutes acceptance.

For privacy inquiries or data requests please email: support@inakitsolutions.com