Privacy Policy

1. Information We Collect

When you create an account, we collect your email address and a hashed version of your password. We never store passwords in plain text.

When you use the conversion service, we temporarily process the data you submit. Conversion inputs and outputs may be stored for up to 7 days to support your conversion history and are then automatically deleted.

We collect basic analytics (page views, feature usage) via Umami, a privacy-focused analytics tool that does not use cookies or track personal data.

2. How We Use Your Information

We use your information to:

• Provide and maintain the conversion service
• Authenticate your account and manage API keys
• Track usage against your plan limits
• Send password reset emails when requested
• Improve the service based on aggregate usage patterns

3. Data Storage and Security

Your data is stored on secure servers provided by Railway (compute) and managed PostgreSQL (database). All connections use TLS encryption in transit.

API keys are stored as SHA-256 hashes. We cannot recover your API key after creation — only you have access to the raw key.

4. Data Sharing

We do not sell, rent, or share your personal information with third parties. We may share data only when required by law or to protect our legal rights.

5. Your Rights

You can delete your account and all associated data at any time by contacting us. You can revoke API keys from your dashboard immediately.

6. Cookies

We use a single session cookie for authentication. We do not use tracking cookies. Our analytics provider (Umami) is cookieless.

7. Changes to This Policy

We may update this policy from time to time. We will notify registered users of significant changes via email.

8. Contact

If you have questions about this policy, please reach out at privacy@convertforanything.com.