ISO-aligned controls
Our internal controls are designed to reflect globally recognized information security and governance practices for risk reduction and service reliability.
Files Converter
Legal & Security
Security and data protection
Files Converter is built to protect your documents at every stage. We use strong security controls, encrypted transfers, and strict access policies to keep your data safe.
Data privacy and security
Understand how we collect, process, secure, and remove your files and account data.
General privacy policy
We only process the information necessary to run conversions and provide account features. Your uploaded files are handled securely and removed automatically after the retention window.
Data subject rights and transparency
We provide clear information on data handling and support requests related to access, correction, deletion, and processing controls according to applicable privacy laws.
Data ownership and user control
You remain the owner of your files. Files Converter does not claim ownership of uploaded content and provides mechanisms to delete or revoke access where supported.
Certifications and compliance
Security, privacy, and trust are central to our architecture and operational standards.
GDPR-ready privacy model
We align data handling with GDPR principles such as data minimization, purpose limitation, and accountability in processing activities.
eIDAS-aware signature workflows
For document signing scenarios, our process design supports traceability, integrity, and auditable event records in modern electronic workflows.
Product security
Core technical controls that protect your documents and account activity.
Cloud infrastructure safeguards
Workloads run with hardened service configurations, environment isolation, and monitored runtime controls.
Encrypted network communications
Traffic between clients and services uses encrypted channels to prevent interception and tampering.
Secure software lifecycle
We apply secure coding, dependency monitoring, and release controls to reduce software risk.
Password storage
Passwords are never stored in plain text. We use secure hashing and appropriate salting practices.
Data privacy and retention
Uploads are retained for a limited period to support download workflows, then removed automatically. Additional deletion controls are provided where applicable.
Backup policies
Backups are encrypted and managed with controlled access to support resilience and disaster recovery.
Availability and incident response
We monitor system health and apply incident handling procedures to maintain service continuity.
Internal security
Security operations, access discipline, and governance practices used by our team.
Controlled account management
Access is granted by role, reviewed periodically, and removed when no longer required.
Password management standards
Internal users follow strong authentication and credential hygiene requirements.
Two-factor authentication
Privileged and sensitive systems require extra authentication factors to reduce account compromise risk.
Physical access controls
Operational environments use controlled physical security practices and access restrictions.
Onboarding and offboarding checks
Access is provisioned and revoked through documented workflows to keep permissions accurate.
Principle of least privilege
Users and services receive only the minimum permissions needed to perform their responsibilities.