Skip to main content

GDPR Compliance

Last updated: February 2026

Our Commitment

ConvertIntoMP4 is fully committed to complying with the General Data Protection Regulation (GDPR). We process the minimum amount of personal data necessary to provide our file conversion service and ensure your rights are protected at every step.

Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract performance: Processing your files to provide the conversion service you requested
  • Legitimate interest: Analytics and service improvement, security monitoring, fraud prevention
  • Consent: Marketing communications (where applicable)

Data Processing & Retention

  • Uploaded files are processed on servers located in Helsinki, Finland (EU)
  • All files are automatically and permanently deleted within 2 hours of upload
  • We do not access, read, or analyze the content of your files
  • Account data (email, name) is retained until you delete your account
  • Conversion logs are anonymized after 30 days
  • Payment data is processed by DodoPayments (our payment processor) under their own GDPR-compliant data processing agreement

Your Rights Under GDPR

As an EU/EEA resident, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate personal data
  • Right to erasure:Request deletion of your personal data ("right to be forgotten")
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to restrict processing: Request limitation of how we use your data
  • Right to object: Object to processing based on legitimate interest
  • Right to withdraw consent: Withdraw previously given consent at any time

Registered users can exercise most of these rights directly from their account settings, including downloading their data and deleting their account.

Sub-Processors

We use the following sub-processors to provide our service:

  • Hetzner Cloud (Finland): Server infrastructure — data stays within the EU
  • Cloudflare (Global CDN): DNS, CDN, and DDoS protection
  • Cloudflare R2: Temporary file storage during conversion
  • DodoPayments: Payment processing
  • Resend: Transactional email delivery
  • Sentry: Error monitoring (no file data is transmitted)
  • Google Analytics: Anonymous usage analytics

Data Transfers

Our primary servers are located in Helsinki, Finland (EU). When data is transferred outside the EEA (e.g., to Cloudflare or Sentry), it is protected by Standard Contractual Clauses (SCCs) or the recipient's participation in an approved adequacy framework.

Data Protection Officer

For any GDPR-related requests or questions, contact our data protection team at [email protected]. We will respond to all legitimate requests within 30 days.

Supervisory Authority

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection authority. You can find your relevant authority at edpb.europa.eu.