Privacy Policy

01 Introduction

Thank you for using YouConvert. We take your privacy seriously and want you to understand what personal data we collect, how we use it, and the choices available to you.

YouConvert ("we", "us", or "our") operates the audio conversion website at youconvert.com and related tools (together, the "Service"). This Privacy Policy explains how we handle personal data when you visit, convert files, create an account, subscribe, or contact us.

We collect only the personal information we need to operate the Service. We process personal data in accordance with the UK General Data Protection Regulation ("UK GDPR"), the EU General Data Protection Regulation ("GDPR") where it applies, and the Data Protection Act 2018. We use your data only as described in this Privacy Policy.

We do not sell your personal data. We do not use third-party advertising networks or serve targeted advertising on the Service.

This Privacy Policy should be read alongside our Terms of Service, which govern your use of the Service.

02 Applicability

This Privacy Policy applies to:

• visitors to youconvert.com and related pages;
• users of our audio conversion tools, whether using local (browser) or server conversion;
• registered account holders and subscribers, including users of the My Files library; and
• anyone who contacts us for support or other enquiries.

This Privacy Policy does not apply to third-party services we do not control — including Stripe (payments), Railway (hosting), PostHog (analytics), and third-party conversion providers — except where we describe how we share data with them. Each provider's own privacy policy governs its processing of your data.

Where you process personal data contained within audio files you upload or convert, you may be the data controller of that content and we may act as a processor on your instructions when handling uploaded files for server conversion or optional storage in My Files.

03 Information we collect

The information we collect depends on how you use the Service. We group it as follows.

Website visitors

When you browse the Service, we and our hosting and analytics providers may automatically collect technical information such as:

• Internet Protocol (IP) address and approximate location derived from it;
• browser type and version, device type, operating system and language settings;
• referring URL, pages viewed, links clicked and timestamps;
• diagnostic and performance data needed to operate, secure and improve the Service.

We collect this information to deliver the website, understand usage, maintain security, prevent abuse and troubleshoot errors.

Local (browser) conversion

Local conversion may still involve limited technical data — such as page views, conversion events and error logs — collected through cookies, analytics and standard web server logs as described elsewhere in this policy. That data does not include the audio content of your files.

The Service may use IndexedDB in your browser to stage files temporarily between pages (for example, when moving from upload to preview). IndexedDB data remains on your device under your browser's control and is not transmitted to our servers as part of local conversion.

Server conversion

When you choose server conversion, you upload audio files to our infrastructure so we can convert them. In this mode we may collect:

• the uploaded file and its converted output, for as long as needed to complete your request;
• file metadata such as filename, format, size and duration;
• technical data associated with the upload and conversion request.

Server conversions are performed using third-party conversion services. Uploaded files and outputs are kept only temporarily and deleted after processing, as described in section 9.

Accounts and subscriptions

If you create an account or subscribe, we collect:

• Email address — used to identify your account, authenticate you and send service-related communications;
• Password — stored only as a bcrypt hash; we never store or have access to your plain-text password;
• Stripe customer ID — a reference linking your account to your payment profile at Stripe.

We do not collect or store your full payment card details. Payment card information is entered and processed directly by Stripe, Inc. in accordance with Stripe's Privacy Policy.

My Files

Subscribers may optionally save converted outputs to the My Files library associated with their account. If you use this feature, we store the files you choose to save, together with related metadata (such as filename, format and save date), until you delete them or your account is closed.

Support and correspondence

If you contact us at support@youconvert.com, we collect the information you provide — such as your name, email, account details and message content — to respond and keep a record of our correspondence where appropriate.

Information we do not intentionally collect

We do not ask you to provide special categories of personal data (such as health, biometric or religious information). However, audio files you upload may incidentally contain personal data or sensitive content. You are responsible for ensuring you have a lawful basis to upload and process such content, and for deciding whether local or server conversion is appropriate for your needs.

04 Legal bases

Under the UK GDPR and GDPR, we must identify a lawful basis for each purpose of processing. Depending on your relationship with us and the activity involved, we rely on one or more of the following:

Performance of a contract

We process account data, subscription information and files you upload for server conversion (and optionally store in My Files) to provide the Service you request, in accordance with our Terms of Service. This includes creating and managing your account, performing conversions, enabling downloads and operating the My Files library.

Legitimate interests

We process certain data where necessary for our legitimate interests, provided those interests are not overridden by your rights. This includes:

• operating, maintaining and improving the Service;
• monitoring usage through analytics to understand how features are used;
• protecting the security and integrity of the Service and preventing fraud or abuse;
• responding to enquiries and providing customer support;
• enforcing our Terms and defending legal claims.

Where we rely on legitimate interests, we consider the impact on you and your rights. You may contact us for further information about how we have balanced these interests.

Legal obligation

We may process and retain information where required to comply with applicable law, regulation, court order or lawful request from a public authority — for example, tax, accounting or anti-fraud obligations.

Consent

Where required by law, we will obtain your consent before placing non-essential cookies or similar technologies. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. See sections 5 and 6 for more detail.

05 Cookies

Cookies are small text files stored on your browser or device when you visit a website. We use cookies and similar technologies to operate the Service, keep you signed in and understand how it is used.

Authentication cookie

When you sign in, we set an authentication cookie named wavtomp3_token. This cookie:

• is httpOnly, meaning it cannot be read by client-side JavaScript;
• is used to maintain your logged-in session and associate requests with your account;
• is removed or expires when you sign out or when the session ends.

Other cookies and similar technologies

We and our analytics provider may also use cookies, local storage or similar technologies for:

• Security — detecting suspicious activity and protecting accounts;
• Preferences — remembering settings that improve your experience;
• Analytics — measuring traffic and feature usage (see section 6).

You can control cookies through your browser settings. Blocking or deleting cookies may limit certain features — for example, you may not be able to remain signed in without the authentication cookie.

Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. Because there is no widely accepted standard for how websites should respond to DNT, we do not alter our practices in response to DNT signals. You can manage cookies and analytics as described in this policy and in section 6.

06 Analytics (PostHog)

We use PostHog, Inc. for product analytics to understand how visitors and signed-in users interact with the Service, diagnose problems and prioritise improvements.

PostHog is configured to send data to PostHog's EU hosting region at eu.i.posthog.com. Analytics data may include:

• pages visited, buttons clicked and conversion flows completed;
• browser, device and referrer information;
• approximate location derived from IP address;
• error and performance events.

Our PostHog configuration uses person_profiles: identified_only. This means PostHog creates a persistent user profile only when you are identified — for example, when you sign in to an account — rather than for every anonymous visitor.

When you are signed in, analytics events may be linked to your account identifier to help us understand subscriber usage. We use this information for internal product and operational purposes, not for advertising.

PostHog may set its own cookies or use similar technologies. For more information about PostHog's practices, see PostHog's privacy documentation. Where required by law, we will ask for your consent before enabling non-essential analytics cookies.

07 Sharing with third parties

We do not sell, rent or trade your personal data. We share information only in the circumstances below.

Service providers

We use trusted third parties to help us operate the Service. They process data on our instructions and only for the purposes we specify:

• Stripe — subscription payments. See stripe.com/privacy.
• Railway (railway.com) — hosts the Service and stores account data and files uploaded for server conversion or saved to My Files.
• PostHog — product analytics, as described in section 6.
• Third-party conversion providers — server-side audio conversion when you use server mode.

Legal and safety disclosures

We may disclose information if we reasonably believe disclosure is necessary to comply with law or a lawful request; to protect YouConvert, our users or the public; or to detect, prevent or address fraud, security or technical issues.

Business transfers

If we are involved in a merger, acquisition, reorganisation or sale of assets, personal data may be transferred as part of that transaction. We will take reasonable steps to ensure any recipient continues to protect your data in line with this Privacy Policy.

08 Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure or destruction. These measures include, where applicable:

• hashing passwords with bcrypt before storage;
• using httpOnly authentication cookies to reduce exposure to client-side scripts;
• encrypting data in transit using HTTPS/TLS;
• restricting access to personal data to personnel and contractors who need it;
• monitoring for abuse and applying rate limits and other safeguards.

No method of transmission over the internet or electronic storage is completely secure. While we work hard to protect your information, we cannot guarantee absolute security. You are responsible for keeping your account password confidential and for maintaining backups of files you process with the Service.

If you believe your account or data has been compromised, please contact us promptly at support@youconvert.com.

09 Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Server uploads and temporary conversions. Files uploaded for server conversion, and their converted outputs, are deleted promptly after your conversion completes and you download the result (or after a short safety window if a download is interrupted). We do not use uploaded files for training, marketing or unrelated purposes.
• Local (browser) conversion. We do not retain file content from local conversions on our servers. Any IndexedDB staging data remains on your device until your browser clears it.
• My Files. Converted files you save to My Files are retained until you delete them, your subscription ends and any grace period expires, or your account is closed — whichever comes first, subject to any legal retention requirements.
• Account data. We retain your email address, password hash, Stripe customer ID and related account records while your account is active and for a reasonable period afterwards to resolve disputes, enforce our Terms, comply with law and maintain business records.
• Support correspondence. We retain messages and related records for as long as needed to address your enquiry and maintain an appropriate history of communications.
• Analytics data. Usage analytics are retained according to our analytics provider's configuration and our internal retention schedules, typically in aggregated or pseudonymised form.

When data is no longer needed, we delete it or anonymise it so it can no longer be associated with you.

10 International transfers

YouConvert may be accessed from many countries. Our providers — including Stripe, Railway, PostHog and third-party conversion services — may process personal data in the United Kingdom, the European Economic Area, the United States and other jurisdictions.

Where personal data is transferred from the UK or EEA to a country that has not been recognised as providing an adequate level of data protection, we implement appropriate safeguards as required by UK GDPR and GDPR. These may include:

• Standard Contractual Clauses approved by the UK Information Commissioner's Office or the European Commission;
• the UK International Data Transfer Agreement or Addendum, where applicable;
• other lawful transfer mechanisms recognised under applicable data-protection law.

You may contact us for more information about the safeguards we rely on for international transfers, or to request a copy where we are permitted to provide one.

11 Your rights

Depending on where you live, you may have the following rights under UK GDPR, GDPR or comparable law. We will respond to valid requests within the time limits required by applicable law (typically one month).

• Access — request a copy of the personal data we hold about you;
• Rectification — request correction of inaccurate or incomplete data;
• Erasure — request deletion of your personal data in certain circumstances;
• Restriction — request that we limit how we use your data in certain circumstances;
• Portability — receive personal data you provided to us in a structured, commonly used, machine-readable format, and transmit it to another controller where technically feasible;
• Objection — object to processing based on legitimate interests, and object to direct marketing (we do not send third-party advertising);
• Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at support@youconvert.com. We may need to verify your identity before fulfilling a request. We will not discriminate against you for exercising your privacy rights.

You also have the right to lodge a complaint with a supervisory authority. If you are in the United Kingdom, you may contact the Information Commissioner's Office (ICO) at ico.org.uk. If you are in the EEA, you may contact your local data protection authority.

12 Children

The Service is not directed at children and we do not knowingly collect personal data from anyone under the age of 16.

If you are under 16, you must not use the Service or provide personal data to us. If we learn that we have collected personal data from a child under 16 without appropriate parental consent, we will take steps to delete that information promptly.

If you believe a child under 16 has provided personal data to us, please contact us at support@youconvert.com.

13 Changes

We may update this Privacy Policy from time to time to reflect changes to the Service, our practices, or legal requirements. When we make material changes, we will take reasonable steps to notify you — for example, by posting a notice on the Service, updating the "Last updated" date at the top of this page, or sending an email to the address associated with your account.

Changes take effect when posted unless a later effective date is stated. We encourage you to review this page periodically. Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy, except where your consent is required by law.

14 Contact

Questions about this Privacy Policy, your data, or your rights? Contact us at support@youconvert.com. We aim to respond without undue delay and within applicable legal timeframes.