Privacy Policy

web-page.app ('we', 'us', or 'our') is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose personal information when you use web-page.app and its associated subdomains and tools (collectively, the 'Service').

This policy applies to all visitors and users of the Service, regardless of where you are located. By using the Service, you agree to the collection and use of your information in accordance with this Privacy Policy.

We collect the following categories of personal information:

• Account information: When you sign in via Google OAuth 2.0, we receive your Google account name, email address, and profile picture URL. We store this information to identify your account and display it in the dashboard.
• IP address: We record your IP address when you perform authenticated actions (sign-in, tool usage). This is used to detect and alert you to new sign-in locations for security purposes.
• Device information: We record basic device metadata — operating system, browser name, and browser version — derived from your User-Agent string. This is used to identify unrecognized devices and alert you to potential security events.
• Activity logs: We log timestamped records of your activity on the Service, including which tool or platform you accessed, the IP address used, and the approximate geographic location derived from the IP address.
• Language preference: We store your preferred interface language (English or Spanish) in your browser's localStorage. This data does not leave your device.

We do not collect sensitive personal data such as financial information, government-issued ID numbers, biometric data, health data, or precise real-time location data.

We use the personal data we collect for the following purposes:

• To provide and operate the Service: Your account information is used to authenticate you, display your profile, and give you access to the features available to registered users.
• To maintain security: IP addresses, device information, and activity logs are used to detect unusual sign-in patterns, alert you to potential account compromise, and identify security incidents.
• To improve the Service: Aggregate, anonymized usage data may be used to understand how the Service is used and to guide future development decisions.
• To communicate with you: If you contact us, we will use your email to respond to your inquiry.
• To comply with legal obligations: We may retain and disclose personal data if required to do so by law or in response to a valid legal process.

We do not sell, rent, or trade your personal information to third parties. We do not use your personal data for advertising purposes.

One of the core features of the Service is a security dashboard that shows you a history of your own activity. To power this feature, we maintain a log of events associated with your account.

Each log entry contains:

• A timestamp of when the event occurred.
• The name of the tool or platform accessed (not all pages log this information, only those that allow sign-in).
• Your IP address at the time of the event.
• The approximate city, region, and country derived from your IP address using a third-party geolocation API (ip-api.com).
• A parsed summary of your browser User-Agent string (operating system, browser name, version).
• An alert type, if applicable — for example, if the event was triggered from a new IP address or a previously unrecognized device.

This data is visible only to you through your dashboard. It is not shared with other users or used for purposes beyond the security and operational functions described in this policy.

Several tools on the Service — most notably Multi Convert Client — process files provided by you. Our architecture is designed to minimize the exposure of your file data:

• Client-side processing: For tools that perform conversions or manipulations entirely in the browser, your files never leave your device. They are not uploaded to our servers at any point.
• Server-side processing: For operations that technically require server-side computation, files are transmitted over an encrypted HTTPS connection, processed in memory, and the output is returned to you. Files are not persisted to disk or stored after processing completes.
• No content inspection: We do not read, scan, index, or analyze the content of your files beyond what is technically necessary to perform the requested operation.

We strongly recommend that you do not upload files containing highly sensitive personal data (such as personal financial documents or medical records) unless you are comfortable with the processing model described above.

Your personal data is stored on secure servers. We implement the following technical and organizational security measures:

• All data is transmitted using TLS (Transport Layer Security) encryption.
• Database access is restricted and authenticated.
• We use Cloudflare for network-layer protection against DDoS attacks and other threats.
• Access to production systems is limited to authorized personnel only.

Despite these measures, no system is completely secure. We cannot guarantee absolute security, and we encourage you to use strong passwords for your Google account and to review your dashboard periodically for any suspicious activity.

In the event of a data breach that affects your personal data, we will take prompt steps to investigate and remediate the issue, and will notify affected users as required by applicable law.

We use the following third-party services in operating the Service. Each of these services has access to limited personal data as described below:

• Google OAuth 2.0 (Google LLC): Used for authentication. When you sign in, Google shares your name, email address, and profile picture with us as part of the OAuth flow. Google's Privacy Policy governs how Google handles your data on their end.
• ip-api.com: Used for IP geolocation. When you perform authenticated actions, your IP address is sent to ip-api.com to obtain an approximate geographic location (city, region, country). This service does not receive your account information. Geolocation results are cached to minimize external API calls.
• Cloudflare, Inc.: Used for CDN, hosting, and DDoS protection. Cloudflare may process your IP address and connection metadata as part of its security and routing services. Cloudflare's Privacy Policy governs this processing.

We do not use Google Analytics, Facebook Pixel, or any other behavioral analytics or advertising technology. Our commitment is to use only the services that are strictly necessary for the operation and security of the Service.

Depending on where you are located, you may have certain rights regarding your personal data. We respect these rights and will respond to valid requests:

• Right of access: You may request a copy of the personal data we hold about you. Much of this data (activity logs, security alerts, device history) is already visible in your dashboard.
• Right to rectification: If any information we hold about you is inaccurate or incomplete, you may request that it be corrected.
• Right to erasure ('right to be forgotten'): You may request the deletion of your personal data. You can initiate account deletion directly from the Security section of your dashboard, which will permanently remove your account and associated data.
• Right to restriction of processing: In certain circumstances, you may request that we limit the ways in which we process your data.
• Right to data portability: You may request that we provide your personal data in a structured, commonly used, machine-readable format.
• Right to object: You may object to certain types of processing, including processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw consent at any time.

To exercise any of these rights, please contact us through the web-page.app website. We will respond to your request within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before processing your request.

We retain personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.

• Account information (name, email, profile picture): Retained as long as your account remains active. Deleted upon account deletion.
• Activity logs and security alerts: Retained for a rolling period to provide a meaningful activity history in your dashboard. Older entries are automatically purged. Deleted immediately upon account deletion.
• IP geolocation cache: IP address and derived location data is cached temporarily to reduce API calls. Cached entries expire automatically after a configurable TTL (time-to-live) period.
• Known devices and IPs: Records of IP addresses and devices that have been associated with your account are retained for security deduplication purposes and deleted when you delete your account.

After deletion, your personal data is permanently removed from our systems. We do not retain backups of deleted account data beyond our standard backup rotation period.

The Service is not directed at children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children under this age.

If you are a parent or guardian and you believe your child has provided us with personal information, please contact us immediately. We will take steps to delete any such information from our systems as promptly as possible.

If we become aware that we have inadvertently collected personal information from a child under the applicable minimum age, we will take reasonable steps to delete that information from our records without delay.

web-page.app is operated from systems that may be located in different countries. If you access the Service from outside the country where our servers are located, your information may be transferred to, stored, and processed in a country with different data protection laws than your own.

By using the Service, you consent to this transfer of information. We take reasonable measures to ensure that your personal data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

When third-party services (such as Google or ip-api.com) process your data, those transfers are governed by the respective third party's privacy policy and applicable data transfer mechanisms (such as Standard Contractual Clauses for EU data).

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the 'Last updated' date at the top of this page.

We encourage you to review this Privacy Policy periodically. For significant changes that affect how we use your personal data, we will make reasonable efforts to notify you (for example, by displaying a notice on the dashboard or through the email address associated with your account).

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests related to this Privacy Policy or the handling of your personal data, please contact us through the web-page.app website. We are committed to addressing privacy concerns in a timely and transparent manner.