Privacy Policy

Last updated: 7 June 2025

reaConverter LLC (“we,” “our,” “us”) provides the batch‐file-conversion services available at reaconverter.com, its desktop software, online converter, browser plug-in and API (“Service”). We are the data controller for personal information collected through the Service.

What Data We Collect — and Why

  • Account data (name, e-mail, licence key) – to create and manage your account and send mandatory service messages (performance of a contract)
  • Transaction data (order ID, billing address processed by our payment provider) – to complete purchases, prevent fraud and meet tax obligations (legal obligation)
  • Usage data (IP address, device/browser details, time-stamped logs) – to secure and optimise the Service and compile anonymous statistics (legitimate interest)
  • File content (the files you upload for conversion) – strictly to execute the conversion you request and return the output (performance of a contract and single-purpose limitation)

We follow the principles of data minimisation and purpose limitation: we collect only what is necessary and never repurpose it.

How We Use Your Data

  • Perform the file conversions you initiate.
  • Operate, secure and troubleshoot the Service (load-balancing, anti-abuse, backups).
  • Provide customer support when you ask for it.

We do not:

  • Profile you, perform automated decision-making or evaluate creditworthiness.
  • Use or transfer your data for advertising, marketing or any purpose unrelated to file conversion.

No Sale or Unauthorised Transfer

Under the definitions in the California CCPA/CPRA, we do not sell or share personal information. We never transfer user data to third parties except the strictly limited processors listed below, and only for the specific tasks we describe.

Approved Processors

  • Cloud-hosting provider – hosts our servers in ISO 27001-certified data centres.
  • Payment gateway – processes licence purchases; we receive only limited transaction metadata.
  • Transactional e-mail service – delivers account and password-reset messages.

Each processor is bound by a written agreement that prohibits secondary use of data and requires appropriate security measures.

Data Retention & Deletion

  • Uploaded files are automatically deleted 30 minutes after the conversion finishes.
  • Account records are kept while your licence remains active, plus seven years for accounting and tax compliance.
  • Server logs are rotated and anonymised within 30 days.

Retention periods are reviewed annually to ensure compliance with GDPR storage-limitation requirements.

Security Measures

  • TLS 1.3 encrypts all traffic in transit.
  • Databases, backups and disks are encrypted at rest.
  • Access rights follow the principle of least privilege and are protected by MFA.
  • We monitor systems continuously and run regular penetration tests.
  • Our controls align with ISO 27001 and its privacy extension ISO 27701.

International Transfers

Where personal data leaves the European Economic Area, we rely on EU Standard Contractual Clauses together with technical and organisational safeguards, as required by GDPR Chapter V.

Your Rights

EU/EEA residents may request access, rectification, erasure, restriction, portability or objection under GDPR Articles 12-22.
California residents may exercise the rights to know, delete, correct, opt out of sale/share and limit sensitive personal information under the CCPA/CPRA.
Other U.S. state residents receive comparable rights under Virginia, Colorado and similar privacy laws.
To exercise any right, contact support or use the self-service tools in your account dashboard. We respond to verified requests within 30 days (extensions permitted where lawful).

Children

The Service is not directed to children under 16. We do not knowingly collect data from minors and will delete such data if we discover it.

Changes to This Policy

We may update this Privacy Policy to reflect legal, technical or business developments. Material changes will be announced on reaconverter.com at least 30 days before they take effect. The “Last updated” date at the top will change accordingly.

Contact

If you have any questions concerning this Privacy Policy or related documentation, you may contact our support staff.
If you are in the EEA, you may also lodge a complaint with your local data-protection supervisory authority.