MegaConvert
Sign Up
Documents Images Video Audio E-Books Spreadsheets Presentations Archives
Pricing About
Log In Sign Up

Privacy Policy

Last updated: April 2026

1. Introduction

MegaConvert.io (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and what rights you have regarding your data.

We process data in compliance with the EU General Data Protection Regulation (GDPR) and applicable German data protection law. Our servers are located in Germany, and we do not transfer your data outside the European Economic Area (EEA) unless explicitly stated in this policy.

By using MegaConvert.io, you acknowledge that you have read and understood this Privacy Policy.

2. What We Collect

2.1 Account Information

When you register for an account, we collect:

  • Email address — Used for account identification, login, and communication.
  • Password hash — We store a securely hashed version of your password. We never store your password in plain text.

2.2 Usage Data

We automatically collect certain information when you use the Service:

  • IP address — Used for security, rate limiting, and abuse prevention.
  • Browser type and version — For compatibility and debugging purposes.
  • Pages visited and actions taken — To understand how the Service is used and to improve it.
  • Conversion metadata — File format, file size, conversion type, and timestamps. We do not log file names or contents.

2.3 Payment Information

When you make a purchase, payment is processed by our third-party providers (PayPal, Stripe). We receive:

  • Transaction ID and payment status
  • Payer email (from PayPal) or last four digits of card (from Stripe)
  • Amount paid and currency

We never receive or store your full credit card number, CVV, or PayPal password.

3. What We Don’t Collect

We want to be clear about what we do not do with your data:

  • We do not read or access file contents. Your files are processed by automated conversion engines. No human reviews your files.
  • We do not track you across other websites. We have no tracking pixels, social media buttons, or cross-site tracking mechanisms.
  • We do not use Google Analytics or any third-party analytics platform that tracks individual users.
  • We do not sell or share your data with advertisers, data brokers, or any third party for marketing purposes.
  • We do not build profiles about you for targeted advertising.

4. How We Use Data

We use the data we collect for the following purposes:

  • Provide the Service — Process file conversions, manage your account, and deliver results. (Legal basis: contract performance, Art. 6(1)(b) GDPR)
  • Process payments — Handle transactions and maintain billing records. (Legal basis: contract performance, Art. 6(1)(b) GDPR)
  • Prevent abuse — Enforce rate limits, detect fraud, and protect the Service from misuse. (Legal basis: legitimate interest, Art. 6(1)(f) GDPR)
  • Improve the Service — Analyze aggregate usage patterns to improve performance and add features. (Legal basis: legitimate interest, Art. 6(1)(f) GDPR)
  • Communicate with you — Send essential service notifications, security alerts, and respond to support requests. (Legal basis: contract performance, Art. 6(1)(b) GDPR)
  • Legal compliance — Fulfill legal obligations such as tax record keeping. (Legal basis: legal obligation, Art. 6(1)(c) GDPR)

5. File Storage & Deletion

Your files are stored temporarily on our servers in Germany solely for the purpose of performing the requested conversion. Here is how we handle file storage:

  • Automatic deletion: Files are permanently deleted according to your account tier — 1 hour (free), 24 hours (pay-per-use), or up to 7 days (subscribers).
  • No permanent storage: We do not archive or keep copies of your files after the deletion period.
  • Encrypted at rest: All files are stored on encrypted storage volumes.
  • Isolated processing: Each conversion job runs in an isolated environment. Your files are not accessible to other users or conversion jobs.

You can also manually delete your files at any time from your conversion results page before the automatic deletion timer expires.

6. Cookies

We use only essential cookies required for the Service to function. We do not use third-party tracking cookies. For complete details, please see our Cookie Policy.

The cookies we use are:

  • PHPSESSID — Session cookie, required for login and security. Expires when you close your browser.
  • Dark mode preference — Stores your theme preference. Persistent.
  • Language preference — Stores your selected language. Persistent.

7. Third-Party Services

We share data with the following third-party services, strictly limited to what is necessary:

  • PayPal — Payment processing only. When you pay via PayPal, your transaction is processed under PayPal’s Privacy Policy.
  • Stripe (coming soon) — Payment processing only. Transactions will be processed under Stripe’s Privacy Policy.
  • Cloudflare — CDN and DDoS protection. Cloudflare may process your IP address and request headers to deliver and protect our Service. See Cloudflare’s Privacy Policy.

We do not use Google Analytics, Facebook Pixel, or any other advertising or analytics tracking service.

8. Your GDPR Rights

Under the General Data Protection Regulation, you have the following rights:

  • Right of Access (Art. 15) — You can request a copy of all personal data we hold about you.
  • Right to Rectification (Art. 16) — You can ask us to correct any inaccurate or incomplete personal data.
  • Right to Erasure (Art. 17) — You can request that we delete all your personal data (“right to be forgotten”). You can also delete your account at any time through your account settings.
  • Right to Data Portability (Art. 20) — You can request your data in a structured, commonly used, machine-readable format.
  • Right to Object (Art. 21) — You can object to processing of your data based on legitimate interest.
  • Right to Restrict Processing (Art. 18) — You can request that we limit how we use your data.
  • Right to Withdraw Consent — Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us at office@megaconvert.io. We will respond within 30 days as required by GDPR.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

9. Data Retention

We retain different types of data for different periods:

  • Account data (email, preferences) — Retained until you delete your account.
  • Uploaded files — Automatically deleted per tier policy (1 hour / 24 hours / 7 days).
  • Server logs (IP addresses, request data) — Retained for 30 days, then permanently deleted.
  • Payment records — Retained for 10 years as required by German tax law (Abgabenordnung, §147).
  • Support correspondence — Retained for 2 years after resolution, then deleted.

10. International Transfers

Our servers are located in Germany (Hetzner Online GmbH). All file processing and primary data storage occurs within the European Union.

Payment processors (PayPal, Stripe) may transfer limited transaction data to servers outside the EEA. These transfers are protected by Standard Contractual Clauses (SCCs) and/or adequacy decisions as required by GDPR.

Cloudflare may route traffic through servers outside the EEA as part of their CDN network. This is limited to request routing and DDoS protection, and is covered under their Data Processing Addendum.

11. Children’s Privacy

MegaConvert.io is not intended for use by children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at office@megaconvert.io.

12. Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit — All connections to MegaConvert.io are encrypted using TLS 1.2 or higher.
  • Encryption at rest — Uploaded files and database data are stored on encrypted volumes.
  • Access controls — Server access is restricted to authorized personnel only, using SSH key authentication.
  • Password hashing — User passwords are hashed using industry-standard bcrypt algorithms.
  • Isolated processing — File conversions run in sandboxed environments.
  • Regular security updates — We keep all server software and dependencies up to date.
  • Virus scanning — All uploaded files are scanned for malware before processing.

While we take all reasonable steps to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33.
  • Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Article 34.
  • Document the breach, its effects, and the remedial actions taken.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the “Last updated” date at the top of this page.
  • Notify registered users by email for significant changes.
  • Post a notice on our website.

We encourage you to review this page periodically. Your continued use of the Service after changes are published constitutes acceptance of the updated policy.

15. Contact & Data Protection Officer

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us: