This Privacy Policy explains how Convert.Online collects, uses, shares, and protects the information we receive from users through our website related services.
ConvertOnline, operated by Kefalica d.o.o., is responsible for the processing of personal data within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Kefalica doo
Company Registration Number: 21082082
Novi Sad, Serbia
Email: admin@convert.online
As the data controller, Kefalica d.o.o. determines the purposes and means of processing your personal data, such as for account management, analytics, and customer service.
In compliance with GDPR requirements, we have appointed a dedicated Data Protection Officer (DPO) who oversees all aspects of our privacy policy and datahandling practices convert.online.
DPO Contact:
Name: Minic Mihajlo
Email: admin@convert.online
For other support or general inquiries, reach out via:
Email: support@convert.online
Office Hours: Monday – Friday, 9 AM – 5 PM (CET)
We collect only the minimum amount of personal data necessary to provide our services. Your data is used solely for the purpose of file conversion and platform functionality.
ConvertOnline is a web-based service for file conversion. Users can upload files and convert them to other formats. Our platform operates exclusively via the website (no public API) and can be used with or without user registration.
IP address
HTTP referrer
Browser user agent
Date and time of access
Your email address
A password (securely hashed)
Uploaded files are transferred via a secure connection and temporarily stored on our servers and deleted immediately after conversion. Converted files are temporarily stored on pur servers for a maximum of 24 hours, after which they are automatically and irreversibly deleted
If you contact us via email or contact form, we will collect your name and email address solely for support and communication purposes.
Full name
Billing address
Company name (if applicable)
VAT ID (if applicable)
This data is used to generate invoices and for fraud prevention. All data transmissions occur via SSL-encrypted channels.
We process your data strictly to deliver the services you request — primarily converting your files to other formats. All processing is automated. We do not access, view, or analyze your files manually.
Total number of conversions
Billing address
Number of errors
Aggregate file sizes processed
Send account-related notifications
Provide service updates or promotional content.
IP addresses are logged to detect abuse (e.g. DoS attacks, bot misuse) and for general location-based analytics (not tied to your personal identity).
When a purchase is made, your billing details are processed exclusively by Paddle, and used for invoicing, tax purposes, and fraud protection.
The processing of personal data is based on the necessity to fulfill a contract or to take steps at your request prior to entering into a contract, in accordance with Art. 6(1)(b) GDPR.
Uploaded files are automatically deleted immediately after conversion.
Converted files are automatically deleted after 24 hours.
Personal data associated with user accounts and their usage activity will be permanently deleted 30 days after the activation of a package, unless legal retention obligations require otherwise.
Log data (IP address, referrer, user agent) is deleted after 30 days.
Billing data is retained as required under applicable tax and accounting laws (Art. 6(1)(c) GDPR).
You can manage your personal data directly through your user dashboard. You may delete your account at any time, which will also delete your files and any personal data associated with payment (as handled by Paddle).
Alternatively, you can request data deletion by contacting us at support@convert.online.
You have the right to access, correct, or delete your personal data at any time. As a data subject under the General Data Protection Regulation (GDPR), you are entitled to the following rights in relation to the processing of your personal data:
Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and information about the processing.
Right to rectification (Art. 16 GDPR): If your personal data is incorrect or incomplete, you have the right to request its correction.
Right to erasure (Art. 17 GDPR): You may request the deletion of your personal data if certain conditions are met, for example if the data is no longer necessary for the purposes for which it was collected or if you withdraw your consent.
Right to restriction of processing (Art. 18 GDPR): You have the right to request restriction of processing in specific circumstances, such as during the verification of data accuracy.
Right to data portability (Art. 20 GDPR): If the processing is based on your consent or a contract and carried out by automated means, you may request to receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller.
Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data for reasons related to your particular situation. This includes the right to object to direct marketing and any related profiling.
Right to lodge a complaint (Art. 77 GDPR): You have the right to file a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.
As Kefalica d.o.o. is based in Serbia, the relevant supervisory authority is:
Commissioner for Information of Public Importance and Personal Data Protection
Bulevar kralja Aleksandra 15, 11000 Belgrade, Serbia
Phone: +381 (0)11 3408 900
Email: office@poverenik.rs
Website: www.poverenik.rs
When you access ConvertOnline, we collect and store certain technical information in log files. These log files are retained for a maximum period of 30 days.
Every time our platform is accessed, our system automatically collects data and information from the device and browser used to access the service.
The following data is collected:
Browser type, version, and operating system
Referrer URL (previous page visited)
IP address and approximate geolocation
Date and time of access
This data is stored in server log files. It is not combined with other personal data, nor is it used to personally identify you.
Temporary storage of your IP address is necessary to deliver the website content to your device. Log files are maintained in order to:
Ensure the stability and proper functioning of the platform
Detect and prevent abuse (e.g., DoS attacks, bot activity)
Optimize platform performance
Maintain security of our IT infrastructure
We do not use log file data for marketing, profiling, or user tracking purposes.
These purposes constitute our legitimate interest in accordance with Art. 6(1)(f) GDPR.
The legal basis for the temporary storage of log data is Art. 6(1)(f) GDPR (legitimate interests of the controller).
Data required for session functionality is deleted once the session ends.
Log files are retained for up to 30 days, after which they are deleted or anonymized to prevent identification of the user.
Extended storage is only possible in cases where anonymization is applied (e.g., by masking parts of the IP address).
Collection and storage of log file data is technically necessary for the operation of the platform and cannot be disabled by the user. As such, no opt-out mechanism is available.
We use cookies only when necessary to provide our services. ConvertOnline uses only technically necessary cookies.
Our platform uses cookies—small text files stored by your web browser on your device. When you access ConvertOnline, a session cookie may be stored on your system. This cookie contains a unique identifier that enables your device to be recognized during your session and upon return to the platform.
We use cookies exclusively to enable key platform functionality. Some parts of the platform require the identification of your device even after you navigate to a new page.
The cookie we use stores the following information:
Session and login information
User identification for accessing previously converted files (if applicable)
We do not use cookies for tracking, analytics, or advertising purposes. No user profiling is performed.
The purpose of this technically necessary cookie is to enable:
Login functionality
Seamless access to user-specific actions (e.g., previously converted files, session continuity)
Without this cookie, certain essential functions of the platform may not work as expected.
The legal basis for the use of technically necessary cookies is Art. 6(1)(f) GDPR (legitimate interest in providing the service). As no non-essential cookies are used, user consent is not required.
Cookies are stored locally on your device. You, as the user, have full control over their use. You can configure your browser settings to delete cookies or prevent them from being stored. Already saved cookies can be deleted at any time, either manually or automatically.
Please note: Disabling cookies for our platform may result in limited or impaired functionality, especially for registered users.
When you contact us via email, we use your personal data solely to process and respond to your inquiry.
You can reach us at our official support email: support@convert.online. When you send us an email, the personal data you provide (such as your name, email address, and any other information included in your message) will be processed and stored.
The following data may be collected and processed in this context:
Your email address
Your name or pseudonym (if provided)
IP address of the device used to send the email
Date and time of contact
Your data is processed only to handle your inquiry and provide support.
The legal basis for processing your data in this context is Art. 6(1)(f) GDPR (legitimate interests of the data controller).
If your email contact concerns entering into a contract, Art. 6(1)(b) GDPR also applies.
Personal data collected through email contact is stored only as long as necessary to resolve the matter you have contacted us about. Once the conversation is conclusively closed, your data will be deleted. Additional personal data generated during email processing will be deleted no later than at the end of the contractual or general platform usage period.
You have the right to modify or delete your personal data via your user dashboard or by contacting us at support@convert.online. You may also revoke your consent to data processing at any time. Deleting your account will also remove all associated data, including data stored in our ticket system.
If you object to the storage of your personal data related to email contact, please notify us. However, please note that without processing your data, we may be unable to continue correspondence.
We maintain social media profiles on platforms based outside the European Union.
Our company uses social media platforms such as Facebook, Instagram, and YouTube to promote ConvertOnline and engage with users. When you interact with our profiles on these platforms, your personal data may be transferred to servers located outside the EU.
To ensure adequate protection of your personal data during these transfers, we rely on appropriate safeguards such as the EU Standard Contractual Clauses pursuant to Art. 46 (2) (c) GDPR.
These platforms are operated by:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Facebook and Instagram)
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (YouTube)
When you interact with our company profiles on these networks (e.g., liking, commenting, subscribing), you may expose personal information visible on your profiles, such as your name or photo. Since we do not control how these platforms process your personal data, we cannot be held responsible for their data handling practices.
We use these social media profiles to:
Share information about our products and services
Communicate and engage with current and potential customers
Provide customer support and updates
The legal basis for processing personal data through your interaction with our social media profiles is your consent under Art. 6 (1) (a) GDPR.
We do not store data generated by your activities on these social media platforms on our own servers.
You can object to the processing of your personal data related to your interactions on our social media profiles at any time by contacting us at support@convert.online.
For information on how these platforms process your personal data and how you can manage your privacy preferences, please visit their respective privacy policies:
Facebook & Instagram: https://www.facebook.com/about/privacy/
YouTube: https://policies.google.com/privacy
Our platform is hosted on cloud servers provided by Google Cloud Platform. The physical location of the servers varies dynamically depending on the geographic location of the user accessing the service, ensuring optimal performance and compliance with data residency requirements.
When you access ConvertOnline, your connection is routed to the nearest available Google Cloud data center, which can be located in different regions worldwide, including Europe, North America, or other locations.
The hosting servers automatically collect and store information in server log files each time you visit the platform. This data includes:
Browser type, browser version, and operating system
Referrer URL (the website you visited before ours)
IP address and approximate location based on the IP address
Date and time of access
This data is used solely for maintaining the platform’s security and performance and is not merged with other personal data.
The collection of this information is based on Art. 6 (1) (f) GDPR, as the website operator has a legitimate interest in ensuring the technical functionality and optimization of the website. Server logs help detect and resolve technical issues.
We use geotargeting to optimize the services provided based on your location.
We process your IP address and, if provided during registration or ordering, additional location data such as postal code for regional targeting (commonly referred to as "geotargeting").
Geotargeting allows us to, for example, automatically select the server geographically closest to you, ensuring better performance and faster data transfer speeds.
The legal basis for processing your IP address and any additional location information you provide (such as postal code) is Art. 6 (1) (f) GDPR, as it serves our legitimate interest in providing an optimal user experience.
Only parts of your IP address and any additional location data are read during this process; these data are not stored separately.
You can prevent geotargeting by using a VPN or proxy server to mask your precise location. Additionally, you may disable location services in your browser settings if supported.
Selecting the geographically nearest server location for faster service
Enabling platform features such as targeted customer interactions
On our platform, users can register by providing personal data through a registration form. This data is transmitted to us and securely stored.
Registration enables users to access extended platform features, including managing previously converted files.
The data collected during registration is not shared with third parties. The following data is collected as part of the registration process:
Email address
Username (pseudonym)
Profile picture (if provided)
IP address of the device used for registration
Date and time of registration
Users may also register or create an account via third-party providers such as Google, Facebook, or Microsoft. In this case, the required data (username, email address, profile picture) is obtained from the respective provider in accordance with their privacy policies. The use of this data is limited to account creation and platform use.
By registering, users provide their consent to the processing of their personal data as described.
User registration is necessary for fulfilling a contract or pre-contractual obligations and to provide personalized services, such as distinguishing users and allocating resources properly.
The legal basis for processing personal data during registration is Art. 6 (1) (b) GDPR, related to contract fulfillment or pre-contractual measures.
Data collected during registration is stored only as long as necessary to fulfill contractual obligations or legal requirements.
Personal data associated with user accounts and their usage activity will be permanently deleted 30 days days after the activation of a package, unless legal retention obligations require otherwise.
Users can delete their account at any time.
Alternatively, users can contact us to amend or delete their personal data and/or account on their behalf.
Early deletion may be restricted if contractual or legal obligations require retention of certain data.
When you purchase a package or subscribe to our services, we collect additional personal data necessary for processing payments. Payment processing is handled by our authorized payment provider, Paddle.
Depending on the selected payment method, you will be redirected to Paddle’s secure platform to complete your payment. After successful payment, we receive relevant payment details from Paddle or our banking partner to process invoicing and accounting.
During payment processing, the following information may be transmitted and processed:
Purchase amount
Date and time of purchase
Full name
Billing address
Email address
Payment method details (e.g., credit card number, expiration date, CVC) – processed securely by Paddle
IP address
VAT ID (if provided)
Payments are processed exclusively through:
Paddle.com (Paddle.com Ltd.)
Further information about their data protection policies, as well as options for revocation and data removal, can be found at:
https://www.paddle.com/
The data is processed solely for payment execution, invoicing, and accounting purposes, including direct debit procedures where applicable.
The legal basis for processing your payment data is Art. 6 (1) (b) GDPR, as processing is necessary for the fulfillment of the purchase contract.
Payment data and related transaction information are stored only as long as necessary for payment processing, chargebacks, debt collection, and fraud prevention.
In accordance with statutory retention obligations, payment data may be retained for up to 10 years.
You can revoke your consent to the processing of payment data by deleting your account or contacting us or the payment provider directly.
Please note that Paddle may need to retain certain payment data as required to complete contractual obligations or comply with legal requirements.
Our platform uses a Content Delivery Network (CDN) to ensure faster response times and better performance. Specifically, we use Google Cloud CDN, a network of geographically distributed servers designed to deliver content efficiently, especially large media files.
To guarantee appropriate safeguards for transferring and processing personal data outside the EU, data transfer and processing by Google are based on the EU Standard Contractual Clauses (Art. 46 GDPR).
When you visit our website, your device establishes a connection to Google Cloud CDN servers to retrieve content. During this process, certain personal data may be stored and analyzed in server log files, such as:
Your IP address
Browser and device information
Details about your activity on the site (e.g., visited pages)
The use of Google Cloud CDN is to accelerate the delivery of our online content and improve the user experience by reducing loading times.
This data processing is based on Art. 6 (1) (f) GDPR, reflecting our legitimate interest in providing a technically error-free and optimized website experience.
Personal data processed in connection with the CDN is stored only as long as necessary to fulfill these purposes or as legally required.
All related log data (such as IP addresses, user agents, and referrer information) is deleted after 30 days.
For information on how to object to or manage your data with Google Cloud CDN, please visit:
https://cloud.google.com
We collect telemetry data on our platform to monitor performance and ensure service reliability. This is done through infrastructure services provided by:
Google Cloud Platform, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The following types of personal data may be processed in the course of telemetry data collection:
IP address and broad location (based on IP address)
User ID (if logged in)
Platform usage data (e.g., which tools were used, success/error of conversions)
Telemetry data is processed for the following purposes:
Monitoring of infrastructure and platform performance
Identifying and resolving technical issues
Resource optimization and load balancing
Improving the reliability and security of the service
Processing is based on Art. 6 (1) (f) GDPR, representing our legitimate interest in providing a stable, secure, and optimized platform.
Telemetry and related log data are stored for a maximum of 30 days. After this period, IP addresses are either deleted or anonymized so that no identification of the user is possible.
Personal data associated with user accounts and their usage activity will be permanently deleted 30 days after the activation of a package, unless legal retention obligations require otherwise.
Alternatively, you may contact us at support@convert.online to request manual deletion.