Privacy

Your files should be converted, not exposed.

SecretConvert is private by architecture, not just by policy. Files are processed locally inside the confidential compute environment, exposed only through temporary signed downloads, and deleted after conversion or session expiry.

Built for contracts, reports, IDs, investor decks, and private business documents.

SecretConvert avoids the public converter pattern where files, names, metadata, and business context are handed to third-party processing APIs.

10 minutesDefault temporary job retention window

What we process

Only the files you choose for conversion and the selected tool options are processed for the temporary job.

No third-party conversion APIs

SecretConvert does not send documents, images, filenames, or metadata to external converter platforms.

Temporary job storage

Uploads are stored under a random UUID job folder, renamed to random safe filenames, and removed after conversion or TTL expiry.

Metadata cleaning

Strip author names, device data, GPS metadata, and software history where local tooling can remove it.

No training on user files

SecretConvert does not use uploaded documents, images, extracted text, or metadata to train models.

No selling or sharing files

Files are not sold, shared with data brokers, or routed to third-party file conversion services.

Confidential compute posture

The app is prepared to run behind Traefik on SecretVM, where workloads and temporary files stay inside the protected VM boundary.

Contact

Production operators should publish a support contact for privacy, security, and deletion questions.

Privacy commitments

Designed to reduce data exposure at every step.

No Google Analytics or tracking pixelsNo external CDN JavaScriptNo public upload directoriesNo original filename loggingNo document text loggingNo metadata loggingNo training on user filesNo selling or sharing files

What SecretConvert avoids

The application does not add Google Analytics, tracking pixels, external CDN JavaScript, public upload directories, or remote conversion APIs. The server code avoids logging original filenames, file contents, extracted text, and embedded metadata.

What remains your responsibility

Confidential computing protects the backend workload boundary, temporary files, process memory, and deployment secrets. It does not make already-public files invisible, revoke files shared elsewhere, or replace endpoint security on the device that uploads or downloads a document.

What we do not store

SecretConvert does not keep original filenames, document text, image metadata, or conversion inputs after the job completes. Outputs are available only through signed temporary links until the configured retention window expires.

File retention

Files are automatically deleted after conversion or session expiry. The default retention window is ten minutes and can be changed with FILE_TTL_MINUTES.