FormatShift FormatShift Back to Home

Privacy Policy

How FormatShift handles your data, sessions, and logs.

Effective date: April 15, 2026

Local-first processing

File conversions run entirely in your browser using WebAssembly and browser APIs. Your files are never uploaded to our servers. We cannot see, access, or store the content of any file you convert.

Data we collect

If you create an account, we store your email address, account plan, and a daily conversion count used for quota enforcement. Accounts exist solely to verify your Pro purchase and prevent abuse — we do not store any payment or billing information. All payment processing is handled by Stripe. We also collect a browser-generated fingerprint (a SHA-256 hash) to enforce free-tier limits for anonymous users. This fingerprint cannot identify you personally.

Analytics and tracking

We use Google Analytics to understand how visitors use FormatShift — which pages are visited, which conversions are popular, and general usage patterns. Google Analytics uses cookies to distinguish unique visitors. We may also use session-recording tools to observe how people interact with the interface so we can improve usability. These tools capture clicks, scrolls, and page navigation but do not capture file content or keystrokes in sensitive fields.

Cookies

FormatShift uses a session cookie for authentication if you sign in. Google Analytics sets its own cookies for visitor tracking. You can control or block cookies through your browser settings. We will add a cookie consent banner in a future update to give you explicit control over non-essential cookies.

Third-party services

We share the minimum data necessary with the following services: Amazon SES (your email address, for sign-in emails), Stripe (your email and payment details, for processing purchases), Google Analytics (anonymized usage data, for site analytics), and Google Fonts (no personal data, for typography). Each service is governed by its own privacy policy.

Data retention

Session tokens expire after 30 days. Magic-link tokens expire after 15 minutes. Daily usage counters reset every 24 hours. If you want your account data deleted, contact us and we will remove it.

Contact

For privacy-related questions, email privacy@formatshift.app.