Processing Overview: We process your files solely for conversion purposes, use secure protocols throughout the process, store files temporarily for maximum 24 hours, and automatically delete all data after processing completion.
1. File Processing Lifecycle
Complete File Journey
1
Upload & Reception
File encrypted during transfer via HTTPS • Initial virus scanning • Format validation
File encrypted during transfer via HTTPS • Initial virus scanning • Format validation
2
Secure Storage
Temporary storage in encrypted format • Access-controlled environment • No content indexing
Temporary storage in encrypted format • Access-controlled environment • No content indexing
3
Processing
Conversion via Zamzar API • Format transformation • Quality preservation attempts
Conversion via Zamzar API • Format transformation • Quality preservation attempts
4
Delivery
Converted file made available for download • Secure download links • Download tracking
Converted file made available for download • Secure download links • Download tracking
5
Automatic Deletion
All files deleted within 24 hours • Secure deletion process • No recovery possible
All files deleted within 24 hours • Secure deletion process • No recovery possible
2. Data Categories and Processing
2.1 File Content Data
| Data Type | Processing Purpose | Storage Duration | Security Status |
|---|---|---|---|
| Original Files | Source for conversion | 24 hours max | Encrypted |
| Converted Files | Download delivery | 24 hours max | Encrypted |
| File Metadata | Processing optimization | 7 days | Anonymized |
| Processing Logs | Error handling | 30 days | No Content |
2.2 User Account Data
For registered users, we process:
- Authentication Data: Email, hashed passwords, session tokens
- Conversion History: File names, formats, conversion dates (no content)
- Usage Statistics: Number of conversions, bandwidth usage
- Preferences: Quality settings, notification preferences
2.3 Technical Data
We automatically collect technical information for service operation:
- Connection Data: IP addresses, user agents, referrers
- Performance Data: Load times, error rates, success metrics
- Security Data: Failed login attempts, suspicious activities
3. Legal Basis for Processing
3.1 Contractual Necessity
We process your files based on our contract to provide conversion services:
- File format conversion
- Download delivery
- Account management
- Customer support
3.2 Legitimate Interests
We have legitimate interests in:
- Service improvement and optimization
- Security and fraud prevention
- Technical troubleshooting
- Performance monitoring
3.3 Consent
We obtain explicit consent for:
- Marketing communications
- Optional analytics
- Third-party integrations
- Account data exports
4. Security Measures
Comprehensive Security Framework
Encryption
- In Transit: TLS 1.3 encryption for all data transfers
- At Rest: AES-256 encryption for stored files
- Keys: Hardware security modules for key management
Access Controls
- Zero Trust: No default access to user data
- Role-Based: Strict permission hierarchies
- Multi-Factor: Required for all admin access
- Audit Logs: Complete access logging
Infrastructure Security
- Isolation: Containerized processing environments
- Monitoring: Real-time threat detection
- Updates: Automated security patching
- Backups: Secure configuration backups
5. Third-Party Processing
5.1 Zamzar Conversion Service
We use Zamzar API for file conversion with strict agreements:
- Data Minimization: Only files for conversion are sent
- Purpose Limitation: Used solely for format conversion
- Retention Limits: Files deleted from their systems promptly
- Security Standards: Enterprise-grade security compliance
- Webhook Integration: Status updates received at https://filekonvert.com/api/webhooks/zamzar
5.2 Cloud Infrastructure
Our hosting providers maintain:
- SOC 2 Type II compliance
- ISO 27001 certification
- GDPR compliance frameworks
- Regular security audits
5.3 Data Processing Agreements
All third-party processors sign agreements ensuring:
- Limited data access and usage
- Equivalent security measures
- Prompt data deletion
- Breach notification procedures
6. Data Retention and Deletion
6.1 Automatic Deletion Schedule
| Data Category | Retention Period | Deletion Method | Exceptions |
|---|---|---|---|
| Uploaded Files | 24 hours maximum | Secure overwrite | Processing failures |
| Converted Files | 24 hours maximum | Secure overwrite | Download completion |
| Conversion Metadata | 7 days | Database purge | Error investigation |
| User Sessions | 30 days inactive | Token invalidation | Security incidents |
| Error Logs | 30 days | Log rotation | Legal holds |
6.2 Deletion Verification
Our deletion process includes:
- Cryptographic verification of deletion completion
- Multiple overwrite passes for sensitive data
- Certificate of destruction for auditing
- Regular verification of deletion systems
7. User Rights and Controls
7.1 Access Rights
You have the right to:
- Know what personal data we hold about you
- Receive a copy of your data in a portable format
- Verify the accuracy of information we store
- Understand how we process your data
7.2 Control Rights
You can:
- Update or correct your account information
- Delete your account and associated data
- Withdraw consent for optional processing
- Object to certain types of processing
7.3 Exercising Your Rights
To exercise these rights:
- Contact us via email at privacy@filekonvert.com
- Verify your identity for security purposes
- Specify which rights you wish to exercise
- We will respond within 30 days
8. Compliance Framework
GDPR
Full compliance with European data protection regulations
CCPA
California Consumer Privacy Act compliance
SOC 2
Security, availability, and confidentiality standards
ISO 27001
Information security management system
9. Data Breach Response
9.1 Detection and Response
Our incident response includes:
- 24/7 Monitoring: Continuous security monitoring
- Rapid Response: Immediate containment procedures
- Impact Assessment: Evaluation of data exposure
- User Notification: Prompt communication to affected users
9.2 Notification Timeline
Breach Notification Promise:
- ✅ Regulatory authorities within 72 hours
- ✅ Affected users within 72 hours
- ✅ Public disclosure if high risk to users
- ✅ Detailed incident report within 30 days
10. International Data Transfers
10.1 Transfer Safeguards
When data crosses borders, we ensure protection through:
- Adequacy decisions by relevant authorities
- Standard contractual clauses
- Binding corporate rules
- Certification schemes
10.2 Data Localization
Where required by law, we maintain local data processing:
- EU data processed within EU borders
- Compliance with local storage requirements
- Cross-border transfer documentation
11. Audit and Monitoring
11.1 Regular Audits
We conduct regular assessments:
- Quarterly: Internal data processing audits
- Annually: Third-party security assessments
- Bi-annually: Compliance framework reviews
- Ongoing: Automated compliance monitoring
11.2 Continuous Improvement
We continuously enhance our data processing through:
- Industry best practice adoption
- Technology security updates
- Staff training and certification
- User feedback integration
Data Processing Questions?
For questions about our data processing practices:
- Website: filekonvert.com
- Data Protection Officer: dpo@filekonvert.com
- Privacy Team: privacy@filekonvert.com
- Security Issues: security@filekonvert.com
- Response Time: Within 48 hours
Last Updated: September 23, 2025
Effective Date: September 23, 2025
Next Review: March 23, 2026