File Security & Auto-Delete Policy

Last updated: June 2026

At ConvertDox, your privacy and security are our top priorities. This page explains exactly how we handle your files and data.

All uploaded and converted files are automatically deleted after processing and are NEVER permanently stored on our servers or any third-party storage service.

1. File Upload Security

  • All file uploads are transmitted over HTTPS with TLS encryption
  • Files are validated for type and size before processing begins
  • File size limits are enforced to prevent resource abuse
  • Rate limiting is applied to prevent automated abuse

2. Temporary Storage

  • Uploaded files are stored in isolated, temporary environments only
  • Files are processed in memory where possible
  • Files are segregated so that one user's files cannot be accessed by another user
  • No file content is indexed, searchable, or made accessible to staff

3. Auto-Deletion Policy

Auto-deletion is automatic and cannot be disabled.

  • Immediately: Files are deleted as soon as the conversion/processing is complete and the result is delivered (typically within seconds)
  • Maximum 1 hour: Any temporary files not immediately deleted are purged within one hour by automated cleanup jobs
  • No exceptions: Files are never retained for training, analysis, marketing, or any other purpose
  • Permanent: Deletion is permanent — files cannot be recovered once deleted

4. No Staff Access to File Content

No ConvertDox operator reviews, accesses, or examines the content of uploaded files unless:

  • Required by a valid legal order (subpoena, court order)
  • Necessary to investigate reported abuse or illegal activity
  • Required to resolve a serious technical issue causing data loss

5. Abuse Monitoring

We monitor usage patterns — not file content — to detect and prevent abuse:

  • Upload frequency and volume monitoring
  • IP-based rate limiting and blocking
  • Automated detection of suspicious usage patterns
  • File type and size validation to prevent abuse

6. Infrastructure Security

  • Cloudflare: DDoS protection, web application firewall, and bot protection
  • Vercel: Edge hosting with global CDN and automatic HTTPS
  • Dependency monitoring: Third-party packages monitored for known security issues

7. Data Breach Response

In the unlikely event of a data breach affecting personal information, we will notify affected users within 72 hours of discovery, in compliance with GDPR and applicable data protection laws.

8. Reporting Security Issues

If you discover a security vulnerability, please report it responsibly to info@convertdox.com. We appreciate responsible disclosure and will acknowledge security reports within 48 hours.

Questions? Contact us at convertdox.com/contact or email support@convertdox.com