Skip to main content

Privacy Policy

Last updated: February 21, 2026

Overview

At ConvertIntoMP4 ("we", "us", "our"), we take your privacy seriously. This Privacy Policy explains what data we collect, how we use it, how we store it, and how we protect it when you use our file conversion service at convertintomp4.com ("the Service").

Data Collection

We collect the minimum data necessary to provide, maintain, and improve the Service:

Data you provide directly

  • Files you upload: The files you submit for conversion, including file name, file size, and file type.
  • Account information (optional): If you create an account — email address, name, and password (hashed). If you sign in via Google or GitHub OAuth, we receive your name, email, and profile picture URL from the provider.
  • Payment information: If you subscribe to a paid plan, DodoPayments (our payment processor) collects billing details. We do not store credit card numbers.

Data collected automatically

  • Usage analytics: Anonymous, aggregated statistics about conversion types and feature usage via Google Analytics.
  • Error and performance logs: Technical information (browser type, error messages, response times) sent to Sentry to help us diagnose issues.
  • IP addresses: Temporarily stored for rate limiting, abuse prevention, and security. Not linked to your identity.
  • Cookies: Essential session cookies and analytics cookies. See the Cookies section below.

Data Usage

We use collected data exclusively to:

  • Provide the conversion service: Your uploaded files are processed server-side to produce the converted output. Files are used only for this purpose.
  • Authenticate your account: Email and OAuth tokens are used to identify you and manage your session.
  • Process payments: Subscription and billing data is shared with DodoPayments solely to process transactions.
  • Improve the Service: Aggregated analytics help us understand which features are most used and where errors occur.
  • Communicate with you: Transactional emails (password reset, conversion notifications, weekly summaries) are sent via Resend. You can unsubscribe from non-essential emails at any time.
  • Ensure security: IP addresses and login events are monitored to detect abuse and protect your account.

We do not sell, rent, or share your personal data or files with any third party for advertising, profiling, or any purpose unrelated to providing the Service. We do not use your data to train machine learning or AI models.

Data Storage & Retention

  • Uploaded and converted files: Stored temporarily on our secure servers (Hetzner Cloud, Helsinki, Finland) and on Cloudflare R2 object storage. All files are automatically and permanently deleted within 2 hours of upload. No backups of user files are retained.
  • Account data: Stored in a PostgreSQL database on our server for the lifetime of your account. You can delete your account and all associated data at any time from the dashboard.
  • Conversion metadata: Job records (file names, formats, status) are stored in Redis with a 24-hour TTL and then automatically purged.
  • IP addresses: Retained for a maximum of 24 hours in Redis for rate-limiting purposes.
  • Analytics data: Processed by Google Analytics under their data retention settings (default 14 months, anonymized).

File Handling & Security

  • All file transfers use encrypted HTTPS connections (256-bit TLS/SSL)
  • Files are processed in isolated containers and are never accessed, viewed, or analyzed by our team
  • All files are permanently deleted within 2 hours — no exceptions
  • We do not share your files with any third party
  • Passwords are hashed with bcrypt; API keys are hashed before storage
  • Two-factor authentication (2FA) is available for added account security

Google API Services — User Data Policy

ConvertIntoMP4 uses Google OAuth 2.0 to let you sign in with your Google account and to import files from Google Drive for conversion. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What Google data we access

  • Google Sign-In (OAuth): We request your name, email address, and profile picture to create and authenticate your ConvertIntoMP4 account. We access the openid, email, and profile scopes.
  • Google Drive file import: When you choose to import a file from Google Drive, we request read-only access to the specific file you select via the Google Picker API. We access the drive.readonly scope. We download only the file(s) you explicitly select — we do not browse, index, or access any other files in your Drive.

How we use Google user data

  • Authentication: Your Google name, email, and profile picture are used solely to create your account, display your profile, and manage your session.
  • File conversion: Files imported from Google Drive are downloaded to our server, converted to your chosen format, and made available for download. The original and converted files are automatically deleted within 2 hours.

How we store Google user data

  • OAuth access tokens are stored in an encrypted, server-side session and are never exposed to the client.
  • Your Google profile information (name, email, avatar URL) is stored in our database alongside your account record.
  • Files imported from Google Drive are stored temporarily (maximum 2 hours) on encrypted server storage and are then permanently deleted.
  • We do not store Google Drive file metadata, folder structures, or any data beyond the specific file you selected for conversion.

Sharing & disclosure

We do not share, sell, or transfer Google user data to any third party, except as necessary to provide the Service (e.g., the converted file is stored on Cloudflare R2 for you to download). We do not use Google user data for advertising, analytics profiling, or AI/ML model training.

Revoking access

You can revoke ConvertIntoMP4's access to your Google account at any time by visiting your Google Account permissions page. You can also disconnect your Google account from your ConvertIntoMP4 profile in the dashboard settings.

Cookies & Analytics

We use cookies and similar technologies to improve your experience on ConvertIntoMP4.

  • Essential cookies: Session authentication (better-auth), CSRF protection, and user preferences. Required for the Service to function.
  • Analytics: We use Google Analytics (via Google Tag Manager), PostHog, and OpenPanel to understand how visitors use our site, such as page views, feature usage, and conversion flows. These tools may set cookies on your device.
  • Error monitoring: Sentry collects technical error and performance data to help us diagnose issues. No personal data or uploaded files are included.

We do not use advertising cookies. You can control or disable cookies through your browser settings, though this may affect functionality. By using ConvertIntoMP4, you agree to the use of these technologies as described here.

Third-Party Services

We use the following third-party services:

  • Cloudflare: CDN, DDoS protection, and R2 object storage
  • Google Analytics: Website usage analytics (anonymized IP)
  • Google OAuth: Sign in with Google and Google Drive file import
  • DodoPayments: Payment processing for paid subscriptions
  • Resend: Transactional email delivery
  • Sentry: Error monitoring and performance tracking
  • Hetzner Cloud: Server infrastructure (Helsinki, Finland — EU)

Each third-party service processes data under their own privacy policies. We only share the minimum data necessary for each service to function.

Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Update or correct your personal information
  • Deletion: Delete your account and all associated data from the dashboard, or request deletion by emailing us
  • Data portability: Request your data in a machine-readable format
  • Withdraw consent: Unsubscribe from emails or revoke OAuth access at any time

Since we automatically delete uploaded files within 2 hours and do not require registration, there is typically minimal personal data to manage. For registered users, account deletion is available directly in the dashboard settings.

Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. The "Last updated" date at the top reflects the most recent revision.

Contact

For privacy-related questions or data requests, contact us at [email protected]