All Tools
Privacy Policy — ConverterKit

Your Privacy,
Our Promise.

We built ConverterKit around one core belief — your files are yours. Read exactly how we protect your data, your trust, and your rights.

Zero Data Collected No Tracking No Ads GDPR Friendly
Files Uploaded
Never to servers
Ads / Trackers
Absolutely none
Data Encryption
AES-256 in-browser
Compliance
GDPR, CCPA Ready

Last Updated

February 27, 2026 — Version 3.0

Current & Active
01

Overview

Welcome to ConverterKit ("we", "our", or "us"). We operate theconverterkit.com and related tools. This Privacy Policy explains what information we collect, how we use it, and the steps we take to protect your privacy.

ConverterKit was architected from day one with privacy as a non-negotiable constraint — not a feature added later. Everything we build starts with the question: can we do this without touching user data? Usually, the answer is yes.

The Short Version

Your files are processed entirely in your browser using WebAssembly. They never leave your device. We do not upload, store, or analyze your files under any circumstance. We are a zero-knowledge platform by design.

By using ConverterKit, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our services.

02

Data We Collect

We collect as little data as technically possible. Here is a transparent breakdown of everything we may receive:

Data Type Collected? Purpose Retention
Uploaded files / contentNeverN/A — processed in-browser onlyNever stored
IP addressBrieflyRouting, DDoS protection (Cloudflare)Up to 24 hours
Browser / device infoMinimalAnonymous usage analytics (no fingerprinting)30 days, aggregated
Contact form inputsMinimalResponding to your inquiryUntil resolved
Cookies / localStorageMinimalPreferences (theme, language)12 months or until cleared
Personal identifiersNoneN/ANever collected

We do not require account creation. We do not collect your name, email, phone number, or any personally identifiable information unless you voluntarily contact us through our support form.

03

How We Use Data

Any minimal data we receive is used solely to operate and improve the service. Specifically:

  • To deliver the core file conversion functionality via WebAssembly
  • To maintain server infrastructure, monitor uptime, and prevent abuse
  • To understand aggregate usage patterns — what tools are used most — with zero individual tracking
  • To respond to support messages or feature requests you send us
  • To detect and mitigate security threats, fraud, or malicious activity
We Never

Sell, rent, lease, or otherwise monetize your data. We do not use your data to build advertising profiles, and we do not share it with data brokers, advertisers, or marketers under any circumstances.

04

File Processing

This is the most important section of this document. Please read it carefully.

100% Client-Side Processing

All file conversions happen directly inside your web browser using WebAssembly (WASM) — a high-performance binary instruction format that runs in the browser sandbox. Your files are loaded into your device's local memory and processed entirely on your machine.

  • Files are never uploaded to our servers
  • Files are never transmitted over the internet during conversion
  • Files are never stored, cached, or logged by ConverterKit
  • Converted output files are delivered directly to your device's download folder
Technical Guarantee

Our architecture physically prevents file data from reaching our servers. This isn't a policy promise — it's a technical constraint. There is no server endpoint that accepts file uploads because we never built one. You can verify this through browser developer tools by monitoring network requests during a conversion.

Memory Handling

Files are loaded into browser memory (RAM) temporarily for processing. Once your browser tab is closed or refreshed, this memory is automatically freed by the browser. ConverterKit does not persist file data to IndexedDB, localStorage, cookies, or any other browser storage mechanism.

05

Cookies & Local Storage

We use a minimal number of cookies and browser storage entries solely for functional purposes. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

What We Store Locally

  • Theme preference — light or dark mode selection, stored in localStorage
  • Language preference — your selected UI language
  • Recent tool visits — to surface your most-used converters (stored locally, never sent to us)
Cookie-Free Analytics

We use privacy-preserving, cookieless analytics that count page visits without identifying individuals. No cross-site tracking. No cookie consent banners needed. Data is aggregated and cannot be tied to any specific person.

You can clear all locally stored preferences at any time by clearing your browser's site data. This will not affect your ability to use ConverterKit.

06

Third-Party Services

We use a small, carefully vetted set of third-party infrastructure providers. None of these providers receive your files or personal data beyond what is described below:

  • Cloudflare — CDN, DDoS protection, and edge delivery. Cloudflare may log IP addresses for security purposes per their privacy policy.
  • Vercel / hosting provider — Static asset hosting. Only serves HTML, CSS, and JavaScript files; no user data processing.
  • Plausible Analytics — Privacy-first, cookieless, GDPR-compliant analytics. No personal data, no cross-site tracking, no fingerprinting.

We do not integrate with Google Analytics, Facebook Pixel, Hotjar, Mixpanel, or any behavioral tracking platform. We do not embed social media widgets that track users across the web.

No Advertising Networks

ConverterKit shows zero ads and has no relationship with any advertising network. There is no ad SDK, no retargeting pixel, and no programmatic advertising infrastructure anywhere in our codebase.

07

Your Rights

Regardless of where you are in the world, we honor the following rights. Because we collect so little data, exercising most of these rights is already trivially satisfied.

  1. Right to Access — You can request a summary of any personal data we hold. In almost all cases, the answer will be "none."
  2. Right to Erasure — You can request deletion of any data associated with your contact form submission or support inquiry.
  3. Right to Portability — If we hold any data about you, you can request it in a machine-readable format.
  4. Right to Rectification — If any data we hold is inaccurate, you can request correction.
  5. Right to Object — You can object to any processing of your personal data. Since we do so little processing, this is rarely relevant.
  6. Right to Withdraw Consent — Where processing is based on consent, you can withdraw at any time without affecting prior lawfulness.

To exercise any of these rights, contact us at privacy@theconverterkit.com. We respond to all privacy requests within 30 days.

08

Data Security

We take security seriously, even in a zero-data architecture. The following measures are in place:

  • All web traffic is served over HTTPS with TLS 1.3
  • Content Security Policy (CSP) headers prevent unauthorized script execution
  • Subresource Integrity (SRI) checks verify the integrity of all loaded assets
  • Regular security audits and dependency vulnerability scanning
  • WebAssembly sandbox ensures file processing cannot interact with external systems
  • No database means no database breach — there is nothing to steal
Reporting Vulnerabilities

If you discover a security vulnerability, please report it responsibly to security@theconverterkit.com. We investigate all reports promptly and will acknowledge your contribution if you wish.

09

Children's Privacy

ConverterKit is a general-purpose productivity tool. We do not knowingly collect any data from children under the age of 13 (or 16 in the EU under GDPR). Since we do not collect accounts or personal data, this is not a concern in practice.

If you are a parent or guardian and believe a child has submitted personal data to us through our contact form, please contact us at privacy@theconverterkit.com and we will promptly delete it.

10

Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Increment the version number displayed in the banner above
  • Post a notice on our homepage for major changes

We encourage you to review this page periodically. Continued use of ConverterKit after changes constitutes acceptance of the revised policy. We will never make changes that weaken your privacy protections without prominent notice.

Our Commitment

We will never change our core commitment: your files are processed locally and we do not sell your data. Any future monetization strategy will be built around tools and features — not data exploitation.

11

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please reach out. We are a small team and we read every message personally.

Governing Law

This Privacy Policy is governed by applicable data protection laws. For users in the European Economic Area, this policy is designed to be consistent with GDPR requirements. For California residents, we honor all rights afforded under the CCPA.

Privacy by design.

Experience the only file converter that truly cannot see your files — not by policy, but by architecture.

Start Converting Free
Scroll to Top