Data Retention Policy
Last updated: February 27, 2026
Overview
ConvertIntoMP4 is designed with data minimization as a core principle. We retain data only for as long as necessary to provide our service, comply with legal obligations, and maintain the security of our platform. This policy explains exactly how long each type of data is retained and how it is deleted.
Retention Schedule
| Data Type | Retention Period | Deletion Method | Notes |
|---|---|---|---|
| Uploaded files (disk) | 2 hours | Automatic | Permanently deleted from local disk after processing |
| Converted files (R2) | 2 hours (default) | Automatic | Pro/Business users can configure custom retention (up to 24 hours) |
| Conversion job metadata | 24 hours | Automatic (Redis TTL) | Job status, file names, formats, timestamps |
| Account data | Account lifetime | On account deletion | Email, name, profile, preferences, API keys |
| Conversion history | Account lifetime | On account deletion | Format pairs, timestamps, file sizes (no file content) |
| IP rate-limit data | 24 hours | Automatic (Redis TTL) | Anonymous conversion quotas, not linked to identity |
| Error logs (Sentry) | 90 days | Automatic | Stack traces, browser metadata, anonymized context |
| Server logs (Better Stack) | 30 days | Automatic | Request logs, performance metrics (optional service) |
| Analytics data | 14 months | Automatic (GA4 default) | Anonymized usage events, IP anonymization enabled |
| Database backups | 30 days | Rolling rotation | Encrypted PostgreSQL backups on separate storage |
| Payment records | As required by law | Per DodoPayments retention policy | Transaction history retained for tax/legal compliance |
Uploaded & Converted Files
File privacy is our highest priority. Here is exactly what happens to your files:
- Local disk: Files uploaded for conversion are stored temporarily on our Hetzner Cloud server in Helsinki, Finland. They are processed in isolated containers and are automatically deleted within 2 hours of upload, regardless of whether the conversion succeeded or failed.
- Cloudflare R2: Converted output files are uploaded to Cloudflare R2 object storage for download. They are automatically deleted within 2 hours by default. Paid plan users (Pro/Business) can configure a custom retention period of up to 24 hours through their dashboard settings.
- No backups: We do not create backups of user files. Once a file is deleted, it cannot be recovered.
- Disk janitor: An automated cleanup service runs every 5-30 minutes (frequency adapts to disk usage) and removes any orphaned files that may have been missed by the standard deletion process.
Account Data
For registered users, the following data is stored in our PostgreSQL database:
- Profile information: Email address, display name, avatar URL, notification preferences, and subscription status. Retained for the lifetime of your account.
- Conversion history: Records of past conversions including source format, target format, file size, and timestamp. No file content is retained. Retained for the lifetime of your account.
- API keys: Key hashes, scopes, and usage statistics. Retained until individually revoked or account deletion.
- Team data: Team memberships, invite history, and shared credit pools. Retained until the team is disbanded or you leave.
- Webhooks: Endpoint URLs, signing secrets (encrypted), and delivery logs. Retained until individually deleted or account deletion.
Account deletion: You can delete your account at any time from the dashboard settings. Upon deletion, all account data, conversion history, API keys, team memberships, and preferences are permanently removed from our database within 30 days. Deletion is irreversible.
Anonymous Usage Data
For users who convert files without creating an account:
- IP-based quota tracking: We store a hashed version of your IP address in Redis to enforce the daily conversion limit (5 free conversions per day). This data expires automatically after 24 hours and is not linked to any identity.
- No persistent records: Anonymous conversions do not create permanent database records. Once the Redis key expires, no trace of the conversion remains on our systems.
Logs & Monitoring
- Sentry (error monitoring): Error logs, stack traces, and browser metadata are retained for 90 days. All file paths in logs are sanitized (replaced with
[path]) to prevent accidental exposure of user data. - Better Stack (log aggregation): Server request logs and performance metrics are retained for 30 days. This is an optional service; when not configured, logs are only written to stdout within the Docker container.
- Application logs: Structured JSON logs written via Pino to stdout. In our Docker environment, these logs are retained according to the Docker logging driver configuration (typically 7 days with log rotation).
Database Backups
Our PostgreSQL database is backed up on a regular schedule. Backups are encrypted and stored on separate infrastructure. Backup files follow a 30-day rolling rotation policy, meaning backups older than 30 days are automatically deleted. Backups contain account data and conversion metadata only; they never contain user file content (files are stored on ephemeral disk and R2, neither of which is included in database backups).
Your Rights
Under the GDPR and other applicable laws, you have the right to:
- Request deletion: Delete your account and all associated data from the dashboard, or email [email protected].
- Request data export: Download all your personal data in a machine-readable format from the dashboard settings.
- Request information: Ask us what data we hold about you and how it is processed.
Contact
For questions about data retention or deletion requests, contact us at [email protected]