DropFormat

Privacy

DropFormat is designed so that there is almost nothing for us to know about you. Conversion happens in your browser. Files are never uploaded to our server. This page describes what we collect, what we do not collect, and what we do with the small amount of data we keep.

What we do not collect

We do not upload the files you convert. We do not read their contents. We do not store, log, transmit, sell, share, or otherwise process the contents of any file you drop on this site. This is not a policy promise that runs in opposition to the code. It is a property of the code: conversion is implemented entirely in your browser using WebAssembly, and the network does not move file bytes off your machine.

We do not run third-party advertising trackers, fingerprinters, or analytics scripts that collect personally identifying information. We do not set cookies that are not strictly necessary for the site to function. We do not maintain user profiles. We do not buy or merge data about you from data brokers.

What we do collect

When the converter encounters a bug, your browser sends a small error report to our server so we can fix it. A report contains:

  • The error message and the JavaScript stack trace at the moment of the failure.
  • The metadata of the file that triggered the failure: redacted filename, size in bytes, and MIME type.
  • The URL of the converter page you were on.
  • Your browser’s user-agent string and the viewport dimensions of the converter tab.
  • A short random identifier that lives only for the lifetime of the browser tab, used to group multiple errors from the same session.
  • The DropFormat bundle version that produced the error, used to look up the source mapping server-side.
  • The time the error happened, as a client timestamp used for ordering reports.

The IP address that delivers the error report is hashed with a server-side secret before we store anything. The raw IP is never written to disk by us. The hash exists only so we can rate-limit a runaway client without identifying the client.

Error reports do not include the files you convert. File contents are never included, full filesystem paths are never included, cookies and localStorage are never included, and user-typed text is never included.

Our web server, like any web server, also produces standard access logs (timestamp, request path, HTTP status, response size, hashed IP) when you load a page. These logs are kept for operational purposes only and are not joined with any other data.

Aggregate analytics

We run Umami, a self-hosted analytics tool, on our own server. It records page views and successful or failed conversions as anonymous counters: format pair (for example, HEIC to JPG), file size range, conversion duration range, country derived from your IP, and a short browser label such as “Chrome on iOS.” It does not set cookies, does not assign you a long-lived identifier, and uses a daily-rotating internal hash that cannot be linked to you across days. The file you converted is not in the analytics record. Neither its name nor its contents are sent.

What we do with what we collect

Error reports are used exclusively to diagnose and fix bugs in the converter. They are visible only to the maintainers of DropFormat. They are never sold, never given to advertisers, and never shared with third parties except where compelled by law.

Retention

Error reports are retained for ninety (90) days, after which they are removed by a daily background job. There is no soft-delete and no archival copy. The hashed IP entry expires with the report it is attached to. Server access logs are rotated and discarded on a similar cadence.

Cookies and local storage

The converter does not set tracking cookies. We store one preference in your browser’s localStorage so that your selected light or dark theme persists between visits. That value never leaves your browser. If you are logged into the site as an administrator (which is reserved for site operators, not visitors), WordPress will set its standard session cookies; those are not used for tracking.

Third parties

The site is hosted on a single virtual server we operate ourselves. The analytics tool referenced above runs on the same physical server, under a sibling domain that we also operate. We do not use third-party content delivery networks for the converter bundle or the WebAssembly decoders; both are served from the same origin you are reading this page from. We do not embed third-party widgets, social media share buttons, or commenting systems that would otherwise leak data about your visit.

Children

DropFormat is a general-purpose utility and is not directed at children. We do not knowingly collect any personal information from anyone, including children. If you believe a child has interacted with us in a way that creates personal data we should remove, please contact us using the link below and we will investigate.

Your rights

Because we do not maintain user accounts or persistent identifiers tied to you, there is generally nothing personally identifying for us to disclose, correct, or delete on request. If you have reason to believe a specific error report on our server contains information about you that you would like removed, contact us with enough detail (approximate date, the file name involved) for us to locate the row, and we will remove it.

Changes to this policy

If we materially change how we collect or use data, we will update this page. The “last updated” line at the bottom of this page reflects the most recent change. Continuing to use the converter after a change indicates acceptance of the updated terms.

Contact

Privacy questions can be sent to us via the parent site at forethought-studio.com.

Last updated 2026-05-18.