โ The short version: HEICtoJPG Pro is a 100% client-side browser tool. All image conversion (HEIC โ JPG, HEIC โ PNG, HEIC โ WEBP, WEBP โ JPG) is performed entirely inside your own browser using local WebAssembly and JavaScript. We do not upload, store, transmit, or process your image files on any server โ ever. We collect virtually no personal information.
This Privacy Policy explains what information HEICtoJPG Pro ("we," "us," "our") collects when you visit heictojpgconverter.pro (the "Service"), how that information is used, and the rights you have over it. By accessing our website, you agree to the practices described in this policy. If you do not agree, please discontinue use of the Service.
This policy applies to all pages of the Service, including our converter tools and all associated sub-pages such as this Privacy Policy, our Terms of Service, and our Disclaimer.
Information We Collect
We designed HEICtoJPG Pro from the ground up with a privacy-first architecture. As a result, our data collection footprint is extremely minimal. Below is a complete and transparent breakdown of what we do โ and do not โ collect.
Information We Do NOT Collect
We want to be crystal clear about what we will never collect:
- Your image files โ Your HEIC, HEIF, WEBP, or any other image files are never transmitted to our servers. They exist only within your local browser memory.
- Your name, email address, or any personally identifying information โ We have no registration, login, or account system. You are completely anonymous to us.
- Your IP address โ We do not log or store visitor IP addresses.
- Your device fingerprint โ We do not fingerprint your browser, operating system, or device for tracking purposes.
- Payment information โ HEICtoJPG Pro is 100% free. No payment processor, credit card data, or subscription billing is involved.
- Location data โ We do not access or request your GPS coordinates or location services.
Information We May Passively Receive
When you visit any website, some technical data is passively exchanged as part of how the internet works. The following data may be received by our web hosting infrastructure:
| Data Type | What We Receive | Retained? |
|---|---|---|
| HTTP Request Logs | Page URLs accessed, HTTP status codes, referrer URL, browser user-agent string | โ Briefly (server logs, auto-purged) |
| IP Address | Your public IP may appear in server access logs | โ Purged automatically |
| Browser & OS Type | User-agent string (e.g., "Chrome 124 / Windows 11") | โ Not stored long-term |
| Image Files | Never received โ processing is local only | โ Never transmitted |
Note: Standard web server access logs are a technical necessity for infrastructure operation (e.g., detecting abuse or server errors). These logs are not used for user profiling, marketing, or selling to third parties. They are routinely purged according to our hosting provider's standard log rotation policies.
How Your Files Are Processed
โ Absolute guarantee: Your image files are processed 100% locally inside your web browser using WebAssembly (WASM) and JavaScript. At no point during conversion does your device transmit image data to any remote server โ including ours.
Client-Side-Only Architecture
When you drag and drop a HEIC file (or any supported format) onto our converter, the following happens entirely within your browser's sandboxed JavaScript execution environment:
- File selection: Your file(s) are read by the browser's native
FileReaderandFileAPIs, which give the JavaScript engine access to the file data in memory without network transfer. - Decoding: The
heic2anylibrary โ loaded once from a CDN and then executed locally โ decodes the HEIC/HEIF container format using WebAssembly inside your browser. - Re-encoding: The decoded image data is re-encoded to your chosen output
format (JPEG, PNG, or WEBP) using the browser's built-in Canvas API
(
canvas.toBlob()), again with zero network involvement. - Download: The resulting file blob is converted to a temporary
object://URL and offered to you as a download. This URL exists only in your browser's memory and is automatically revoked after use. - Memory cleanup: Once your browser tab is closed or refreshed, all in-memory image data is released by the browser's garbage collector. No residual data remains.
No Server Contact During Conversion
To independently verify this claim, you can open your browser's Developer Tools (F12), navigate to the Network tab, and watch the requests during conversion. You will observe that after the initial page load, no outbound requests carrying image data are made when you click "Convert All Files."
EXIF Metadata Handling
HEIC files captured by Apple devices may embed EXIF metadata, including camera settings (ISO, aperture, shutter speed), timestamps, and in some cases GPS coordinates (if location services were enabled at the time of capture). Our conversion library processes this metadata client-side and may carry some EXIF data over to the converted output file, depending on the output format. We never access, read, or transmit your EXIF data. If you are concerned about EXIF data in your output files, we recommend using a separate EXIF stripping tool after conversion.
Cookies & Local Storage
Session Cookies
HEICtoJPG Pro does not use tracking cookies, advertising cookies, cross-site cookies, or any cookies that identify you as an individual user. We do not set any first-party cookies for user tracking.
Local Storage โ Theme Preference Only
Our website uses the browser's built-in localStorage API for exactly one purpose:
to remember your light/dark mode preference. If you toggle the theme switch in
the header, we store the value "theme": "dark" or "theme": "light"
in your browser's local storage so your preference persists across page visits.
This data is:
- Stored entirely on your device, not our servers
- Contains no personally identifiable information
- Is never transmitted to us or any third party
- Can be cleared at any time through your browser settings (Settings โ Privacy โ Clear Site Data)
CDN and Third-Party Cookies
Some third-party CDN providers (Google Fonts, jsDelivr, cdnjs) may set their own cookies or use browser caching as part of delivering their static assets. Please refer to their respective privacy policies for details. We do not have access to or control over cookies set by these providers.
How to manage cookies: You can control, block, or delete cookies and local storage data at any time through your browser's built-in privacy settings. Clearing local storage will reset your theme preference to the default (light mode) the next time you visit.
Third-Party CDN Services
To deliver a fast, reliable experience without requiring users to install anything, HEICtoJPG Pro loads certain static resources from trusted Content Delivery Networks (CDNs). These are industry-standard, widely-used providers. When your browser requests these resources, it makes a direct connection to those CDN servers, which means those providers may receive your IP address and browser user-agent as part of a standard HTTP request.
Below is a full list of external resources loaded by this website:
| Provider | Resource Loaded | Purpose | Privacy Policy |
|---|---|---|---|
| Google Fonts | Inter & Outfit typefaces (CSS + WOFF2) | Typography rendering | Google Privacy Policy |
| jsDelivr CDN | heic2any v0.0.4 (JavaScript library) | HEIC/HEIF decoding engine | jsDelivr Privacy Policy |
| cdnjs (Cloudflare) | JSZip v3.10.1 (JavaScript library) | ZIP archive creation for batch downloads | Cloudflare Privacy Policy |
What These CDNs May Collect
When your browser fetches resources from Google Fonts, jsDelivr, or cdnjs/Cloudflare, those providers may log:
- Your IP address (for request routing and rate limiting)
- Browser user-agent string
- Request timestamps
- Referring URL (the heictojpgconverter.pro page that initiated the request)
This data is collected by those third parties under their own privacy policies and terms of service. We have no access to or control over what those providers collect from CDN request logs. We do not share any user data with these CDN providers beyond what is inherent in a standard browser HTTP request.
Browser caching: After your first visit, these CDN libraries are typically cached by your browser, meaning subsequent visits may not make any outbound CDN requests at all, further reducing any third-party data exposure.
Analytics
โ No invasive analytics: HEICtoJPG Pro does not use Google Analytics, Facebook Pixel, Hotjar, FullStory, or any other user-level behavioral tracking or session recording tools. We do not sell, rent, or broker your data to advertising networks.
Aggregate Traffic Statistics
To understand general website traffic patterns (e.g., how many visitors our site receives, which pages are most popular, and what geographic regions visit), we may use privacy-respecting, server-side aggregate statistics derived from web server access logs. These statistics are:
- Anonymized โ individual users are never identified or singled out
- Aggregated โ presented as totals (e.g., "10,000 page views this month"), not per-user records
- Non-cross-site โ we do not track you across other websites
- Not shared โ we do not sell or share these aggregate statistics with advertising platforms
No Behavioral Profiling
We do not build behavioral profiles of visitors. We do not use retargeting pixels, advertising SDKs, or any technology that follows you around the web after visiting HEICtoJPG Pro. There are no hidden tracking beacons, invisible iframes, or fingerprinting scripts on this website.
Data Security
HTTPS / TLS Encryption
All traffic between your browser and heictojpgconverter.pro is encrypted using TLS (Transport Layer Security), the industry standard for secure web communications. Our website enforces HTTPS exclusively; any HTTP requests are automatically redirected to HTTPS. This ensures the integrity and confidentiality of the JavaScript libraries and HTML files delivered to your browser.
Zero Server-Side File Processing
The most important security feature of HEICtoJPG Pro is architectural: because image conversion happens entirely in your browser, there is no server-side file upload pathway to secure. There is no upload endpoint that could be exploited, no cloud storage bucket that could be breached, and no database containing your images that could be leaked.
Browser Sandbox Isolation
Modern web browsers execute JavaScript inside a strict security sandbox that isolates web page scripts from your operating system and other running applications. Your HEIC files are processed within this sandbox, meaning neither HEICtoJPG Pro nor any third-party script on the page can access files outside of what you explicitly select through the file picker or drag-and-drop interface.
Content Security Practices
We are committed to responsible security practices for the web assets we serve:
- Our JavaScript and CSS are served from trusted sources only
- External CDN resources use versioned, pinned URLs to prevent unexpected updates
- We do not use dynamic
eval()orinnerHTMLinjection on untrusted content - We do not expose any API endpoints that accept file data
Your responsibility: While we take strong measures to protect the integrity of our web application, no internet-connected software can guarantee absolute security. Please ensure your browser is kept up-to-date and that you are visiting the correct URL (heictojpgconverter.pro). If you discover a security vulnerability, please contact us promptly.
Children's Privacy (COPPA)
HEICtoJPG Pro complies with the United States Children's Online Privacy Protection Act (COPPA) and equivalent international regulations protecting the privacy of minors.
Our Service is a general-purpose image conversion utility intended for use by people of all ages; however, it is not specifically directed at children under the age of 13 (or the applicable minimum age in your jurisdiction).
Because we collect no personal information whatsoever from our visitors โ including children โ there is inherently no risk of collecting, storing, or sharing personal data from minors. We have no registration system, no account creation flow, and no mechanisms for voluntarily submitting personal information.
If you are a parent or guardian and believe your child has submitted personal information through our website in any way, please contact us at the address provided in the Contact section below, and we will investigate and take appropriate remedial action promptly.
GDPR & CCPA Rights
For EU / EEA Residents (GDPR)
HEICtoJPG Pro is designed to be fully compliant with the General Data Protection Regulation (GDPR). Our legal basis for any incidental data processing (such as server access logs) is Legitimate Interests โ specifically, the operational necessity of running a secure web server. Because we do not process personal data for marketing, profiling, or advertising purposes, no consent banner is technically required for our primary data operations.
As an EU resident, you have the following rights with respect to any personal data we might hold:
- Right of Access โ You may request a copy of any personal data we hold about you.
- Right to Erasure ("Right to be Forgotten") โ You may request deletion of your personal data.
- Right to Rectification โ You may request correction of inaccurate personal data.
- Right to Data Portability โ You may request a machine-readable copy of your data.
- Right to Object โ You may object to processing based on legitimate interests.
- Right to Restrict Processing โ You may request that we limit processing of your data.
Because we collect virtually no personal data, exercising these rights in practice will typically result in us confirming that we hold no personal records associated with you. To exercise any GDPR right, please contact us using the information in the Contact section.
For California Residents (CCPA / CPRA)
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have specific rights regarding their personal information. HEICtoJPG Pro:
- Does not sell personal information โ We do not sell, share, or broker personal data to any third party for commercial purposes.
- Does not use data for cross-context behavioral advertising
- Does not use sensitive personal information for any secondary purpose
California residents may submit a verifiable consumer request to access or delete any personal information we hold by contacting us directly. We will respond within 45 days as required by law.
Changes to This Policy
We reserve the right to update or amend this Privacy Policy at any time to reflect changes in our practices, applicable laws, or the features we offer. When we make changes, we will update the "Last updated" date at the top of this page.
For material changes โ those that significantly affect how we handle user data โ we will make reasonable efforts to notify visitors by displaying a prominent notice on our homepage for a period of at least 30 days following the update.
Your continued use of HEICtoJPG Pro after any changes to this Privacy Policy constitutes your acceptance of those changes. We encourage you to review this page periodically to stay informed about how we protect your privacy.
All previous versions of this Privacy Policy are retained and can be made available upon request.
Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out. We are committed to responding promptly and transparently.
For questions about our Terms of Service or Disclaimer, please use the same contact email address above.
Ready to convert your HEIC photos securely? Go to HEICtoJPG Converter โ