Privacy Overview for Browser-Based Conversion

Last updated October 15, 2025

Local-first design

  • Dropped or selected AVIF files are passed straight to an in-browser worker.
  • The worker first attempts to decode using native browser graphics routines (createImageBitmap + OffscreenCanvas).
  • If the browser cannot decode the file, the worker loads the bundled @jsquash/avif WebAssembly module and performs the conversion locally.
  • The converted JPEG blob is returned to the page through the worker message channel; no network upload occurs at any stage.
  • Closing the tab or refreshing the page releases the file data from memory.

Information we do not collect

  • No accounts, logins, or user profiles are required or created.
  • Source images, converted images, and embedded metadata never leave your device.
  • We do not run third-party analytics scripts, advertising pixels, or fingerprinting libraries.
  • We do not build behavioural profiles or sell personal information.

Information that briefly exists in your browser

  • Temporary object URLs and worker messages are used to show download buttons and status updates. These items live only within your session and disappear when you clear the results or leave the page.
  • To size the worker pool, the script reads hardware concurrency, device memory hints, and user agent flags via standard browser APIs. The values stay on your device and are not transmitted to a server.
  • Errors are logged to the developer console solely for troubleshooting on your side.

Security posture

  • The site loads over HTTPS and uses the browser sandbox, so workers do not gain elevated access to your files.
  • The WebAssembly decoder is bundled with the app; no code is fetched from unknown hosts during conversion.
  • Workers are cleaned up after periods of inactivity to reduce the window in which data sits in memory.
  • You can enhance privacy by using a private/incognito window or clearing the tab history after converting.

Your choices and controls

  • Simply stop using the tool to end processing—there is nothing stored for us to delete.
  • Remove generated object URLs by selecting “Clear results” in the interface or closing the page.
  • If you do not want hardware capability checks, block JavaScript execution; note that conversion will not function without it.

Compliance notes

  • Because we do not receive or retain personal data, most data subject rights (access, deletion, portability) are inherently satisfied—the relevant data is already in your possession.
  • If you contact us with a privacy request, we will respond using the details you provide and explain what limited technical data (if any) we touched while handling the request.

Contact

You can reach the team using the contact links on the site for privacy questions or to report a suspected issue. We will acknowledge messages within a reasonable timeframe.