Security

Your files never leave your device — and you can verify it.

100% Private — Files never leave your device
Every conversion runs 100% in your browser — zero files uploaded, ever.

How it works

Conventional online converters work by upload: your file travels to their servers, is converted there, and comes back as a download — leaving a copy of your contract, photo or recording on hardware you don't control. Converting Free removes that step entirely. We compile the conversion engines themselves — FFmpeg for video and audio, pdf.js and pdf-lib for PDFs, libarchive for archives — to WebAssembly and ship them to your browser, where they run on your own CPU. Your file is read into your tab's memory, processed there, and saved straight to your Downloads folder. There is no upload endpoint on our side at all — we couldn't receive your files even by accident.

Verify it: watch the network

Don't take our word for it — your browser can audit us in under a minute:

  1. Open DevTools with F12 (or Cmd+Option+I on a Mac) and switch to the Network tab.
  2. Pick any tool on this site and convert a file.
  3. Read the requests: you'll see the site fetch its own code and the engine it needs — and zero upload requests. No POSTs carrying your file, no third-party domains, no beacons.

Verify it: the airplane-mode test

The second proof needs no DevTools. Load a tool page and run one conversion so your browser caches the engine, then switch on airplane mode (or unplug your network) and convert another file. The conversion still works — because there was never a server involved in it. A converter that uploads your files cannot pass this test; ours doesn't notice the internet is gone.

What we don't collect

  • No accounts — there is nothing to sign up for, so there is no profile of you to build or leak.
  • No file storage — files are processed in your tab's memory and never transmitted, so we hold no copies, ever.
  • No tracking of file contents — we never see your files, their names, sizes or types; there are no analytics scripts, tracking pixels or ad networks on these pages.

The security headers we ship

Every page is served with hardened HTTP headers you can inspect in the same Network tab:

  • Content-Security-Policy (CSP) — scripts, styles, images and connections are restricted to this site's own origin. The browser itself blocks any request to a third-party server, so even a compromised dependency couldn't quietly exfiltrate data.
  • Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy (COOP/COEP) — these isolate the site from other origins (and enable the multithreaded WebAssembly our compressors use) so no cross-site page can reach into this one.
  • X-Frame-Options: DENY and X-Content-Type-Options: nosniff — the site can't be embedded in a hostile frame or have its files reinterpreted as something else.

The code is open for inspection

Claims like these should be checkable at the source. The code behind Converting Free is published at github.com/RareJosh/converterfree, where you can read exactly what runs in your browser — every converter, every tool, and the complete absence of an upload endpoint.