Trust & Safety
Security
Your files are encrypted in transit, processed in isolation, and permanently deleted within 2 hours. Here's exactly how we protect your data.
Encryption
HTTPS everywhere
All data is encrypted using TLS 1.2+. File uploads and downloads never travel over an unencrypted connection.
Retention
Deleted in 2 hours
Both the original upload and the converted output are automatically and permanently deleted within 2 hours. No manual review, no backup retention.
Access
No accounts required
ConvertFlow requires no login, email, or personal information. Nothing links a file to an identity.
File isolation
Each conversion is assigned a unique UUID. Files are stored at randomised paths that are not guessable or enumerable. Only you — via the unique download link — can access your converted file during the 2-hour window.
Server-side processing
Conversions are performed server-side using FFmpeg, an industry-standard open-source tool. Files are processed in an isolated queue worker. No conversion output is stored in a database — only metadata such as status and expiry time.
No third-party file access
Your files are never shared with or processed by third-party services. No CDN or cloud storage provider has access to your uploaded content.
Responsible disclosure
If you discover a security vulnerability in ConvertFlow, please report it responsibly to hello@convertflow.video . We will acknowledge your report within 48 hours and work with you to resolve verified issues. Please do not publicly disclose vulnerabilities until we have had reasonable time to address them.