Privacy & Cookies Policy

Last Updated: September 30, 2025

Overview

heif20.com enables fast, secure conversion of a wide variety of file types. Our goal is to help computer and smartphone users effortlessly convert files into compatible formats across devices—while respecting privacy by design.

We treat your data confidentially and with care. Wherever possible, we minimize data collection, avoid unnecessary identifiers, and use privacy-friendly defaults. We do not engage in behavioral tracking. Cookies and similar technologies are avoided unless they are strictly necessary to provide a feature you explicitly request (e.g., remembering a conversion setting during your current session). When third-party components are used, we select privacy-conscious integrations, transmit only what is necessary, and retain data for the shortest feasible time.

This Policy explains what information we process, why we process it, the legal bases we rely on, and the choices and rights available to you. It applies to the websites, apps, and services operated by heif20.com (collectively, the “Website”).

Scope & Controller

This Policy applies to personal data processed by heif20.com as the “controller” under applicable law, including the EU General Data Protection Regulation (“GDPR”) and comparable laws. Where we rely on third-party providers to perform processing on our behalf (e.g., infrastructure hosting), such parties act as “processors” under our instructions and subject to contractual safeguards.

Key Definitions

  • Personal data: Any information relating to an identified or identifiable person (e.g., name, email, IP address, or file identifiers where they relate to a person).
  • Processing: Any operation performed on personal data (e.g., collection, storage, use, disclosure, deletion).
  • Controller: The entity that determines the purposes and means of processing personal data.
  • Processor: A party that processes personal data on behalf of the controller.
  • Consent: A clear, informed, and unambiguous indication of the data subject’s wishes to agree to processing.
  • Pseudonymization: Processing data so that it cannot be attributed to a specific person without additional separate information and safeguards.
  • Profiling: Automated processing of personal data to evaluate personal aspects; heif20.com does not use profiling for behavioral advertising.

What We Collect

We design our systems to collect the minimum data necessary to provide the service. Depending on how you use the Website, we may process:

  • Service & log information: Browser type and version, device/OS information, timestamps, basic request metadata, limited IP address information (which may be truncated or hashed where feasible), referrer, and error diagnostics. We use this to deliver content, secure the service, prevent fraud/abuse, and meet legal obligations.
  • Files you upload for conversion: The file content and metadata you submit, processed transiently to perform the requested conversion. We do not claim ownership over your files.
  • Account & support data (if applicable): Email and communication content when you contact us or create an account (where offered).
  • Payment data (if applicable): Limited billing metadata processed by our payment provider; heif20.com does not store full payment card numbers.

How and Why We Use Data

  • To provide the service: Receive files, detect formats, convert and deliver outputs, maintain availability, and ensure quality.
  • To secure and improve: Detect misuse, prevent attacks, debug performance, and enhance features.
  • To communicate: Respond to requests, provide notices, and share important service updates.
  • To comply with law: Meet legal obligations, enforce terms, and respond to lawful requests.

Legal Bases (GDPR)

  • Performance of a contract (Art. 6(1)(b)): Processing files and providing requested features.
  • Legitimate interests (Art. 6(1)(f)): Securing the Website, preventing abuse, understanding service performance, and improving features—balanced against your rights and expectations.
  • Consent (Art. 6(1)(a)): Optional features or technologies (e.g., certain non-essential cookies or marketing, where applicable) only after your explicit consent.
  • Legal obligation (Art. 6(1)(c)): Retention or disclosure where required by applicable law.

Cookies & Similar Technologies

heif20.com strives to minimize cookies. When used, they fall into the following categories:

  • Strictly necessary: Essential to deliver a feature you request (e.g., remembering a file selection within the same session). These may not require consent under laws such as the German TTDSG §25(2).
  • Functional/Preference (optional): Improve convenience (e.g., remembering language or quality settings across visits). We ask for your consent where required.
  • Analytics or advertising (optional): Used only if enabled and consented; we prefer privacy-centric analytics (if any) and do not use behavioral profiling for ads.

You can manage your choices via the cookie banner or settings (where available) and through your browser controls. Blocking non-essential cookies will not affect core conversion features, but certain conveniences may not function.

File Processing, Retention & Deletion

  • Transient processing: Files are processed to perform the requested conversion and stored only as long as needed to complete delivery and ensure reliability.
  • Short retention windows: Temporary files and outputs are purged after a commercially reasonable period or sooner when you delete them (if a user control is available), subject to legal obligations and backup cycles.
  • Backups: Residual encrypted backup copies may persist for a limited time and are automatically purged on rotation.
  • No archival service: heif20.com is not a long-term storage provider. Please keep your own copies.

Children’s Privacy

The Website is not directed to children under the age required by applicable law (e.g., 13 in the U.S., 16 under the GDPR unless a lower age is set by a Member State). We do not knowingly process personal data from children without appropriate consent where required.

Sharing & International Transfers

We do not sell your personal data. We share data only as necessary to operate the Website, comply with law, or with your consent:

  • Service providers (processors): Hosting, content delivery, security, support, email, customer service, and (if applicable) payments—bound by contracts and confidentiality.
  • Legal & safety: To comply with lawful requests, protect rights, safety, and the integrity of the service, or prevent fraud/abuse.
  • Business transfers: In connection with a reorganization or transfer, subject to safeguards and notice where required.

Where data is transferred internationally (including outside the EEA/UK), we use appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, and supplementary measures where required.

Third-Party Components

Some optional components may be offered for convenience and are off by default unless you consent. Examples include privacy-centric analytics, monetization, or account integrations. If we embed a third-party viewer or processor for specific file types, we will disclose that usage contextually (e.g., near the feature) and in this Policy. Using such a feature may involve sending your file to that provider solely for rendering or processing.

Advertising & Analytics: If heif20.com enables advertising or analytics in the future, we will use the most privacy-friendly configuration available and seek consent where required. You can change your preferences at any time through the consent tools provided.

Note: If we state on the Website that a specific third-party (e.g., a CAD viewer, privacy-friendly analytics, or an ad network) is used for a given feature, please review the linked provider policy before enabling or using that feature.

Security

We implement administrative, technical, and organizational measures designed to protect files and personal data during processing and transmission. No system is 100% secure, but we continuously improve our controls, limit access on a need-to-know basis, and monitor for abuse.

Your Rights (GDPR & Similar Laws)

Depending on your location, you may have the following rights, subject to legal limits:

  • Access: Request a copy of your personal data we process.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of personal data (e.g., when no longer necessary or withdrawn consent).
  • Restriction: Request restricted processing in certain circumstances.
  • Portability: Receive data you provided in a structured, commonly used, machine-readable format and transmit it to another controller where feasible.
  • Object: Object to processing based on legitimate interests or for direct marketing (we do not engage in behavioral direct marketing).
  • Consent withdrawal: Withdraw consent at any time for processing that relies on consent.
  • Complaint: Lodge a complaint with a supervisory authority.

To exercise a right, please use the contact details on the Website and include sufficient information for us to verify your identity and request.

Legal Bases Recap

  • Art. 6(1)(b) GDPR: Contractual necessity (e.g., converting your files).
  • Art. 6(1)(f) GDPR: Legitimate interests (security, fraud prevention, service improvement).
  • Art. 6(1)(a) GDPR: Consent (non-essential cookies/optional features).
  • Art. 6(1)(c) GDPR: Legal obligations (e.g., tax, accounting, compliance).

Retention

We keep personal data only as long as necessary to fulfill the purposes described in this Policy or as required by law. Criteria include the nature of the data, the purpose of processing, applicable limitation periods, and legal requirements. Transient files for conversion are subject to short retention windows as described above.

Do Not Track & Automated Decision-Making

Browsers may offer “Do Not Track” (DNT) signals; because there is no industry consensus, we do not respond to DNT at this time. heif20.com does not engage in automated decision-making producing legal or similarly significant effects about you.

Telecommunications Telemedia Data Protection Act (TTDSG)

Under §25 TTDSG, storing or accessing information on your device generally requires consent unless it is strictly necessary to provide a service you expressly request. Our consent banner (where applicable) indicates which operations are essential and which are optional. The downstream processing of personal data follows the GDPR legal bases outlined above.

California & Other Regional Notices

Where regional laws (e.g., CCPA/CPRA, UK GDPR, ePrivacy rules) apply, we honor additional rights and disclosures required by those laws. If you are a resident of such a jurisdiction and wish to exercise specific rights, please contact us using the details on the Website.

How to Contact Us

If you have questions about this Policy, want to exercise your rights, or need help with a privacy request, please use the contact information provided on the Website. For security, we may ask you to verify your identity before acting on a request.

Changes to This Policy

We may update this Policy from time to time. Changes will be posted on the Website with an updated “Last Updated” date. Material changes will be highlighted in advance where required by law. Your continued use of the Website after the effective date constitutes acceptance of the revised Policy.