ConvertUnlimited

Proof of local processing.

This page documents how to verify the privacy build without relying on marketing claims.

Source code

The site and the privacy build are open source. Everything described on this page can be read and re-run from the public repository: github.com/dunkin-novice/convertunlimited.com.

Reviewed artifact

The privacy-reviewed artifact is dist/privacy-build/, generated by npm run build:privacy. It is designed to be served from a separate origin such as privacy.convertunlimited.com.

Expected network behavior

After the static page assets are loaded from the same origin, file processing should not create network requests. The generated headers set connect-src 'none' where supported.

Local verification

git clone https://github.com/dunkin-novice/convertunlimited.com
cd convertunlimited.com
npm install
npm run verify:privacy

The verification command builds the privacy artifact, scans it for known third-party runtime references, opens it in a headless browser, blocks common network APIs, processes a sample image, and fails if network requests occur during processing. The test source is tests/no-network-processing.js. If you do not run code locally, the DevTools Network-panel method on the verification page checks the same property with no tooling.

Architecture summary

User-selected file
  -> Browser File/Blob APIs
  -> Local JavaScript tool logic
  -> Canvas/PDF/browser encoder
  -> Blob/Object URL
  -> Browser download

Important limits

The privacy build does not defend against a compromised browser, malicious extensions, host-level script injection, or operating-system telemetry. It is a static local-processing web app, not a sandbox for a compromised device.

What this page does

Technical verification notes for ConvertUnlimited's privacy build.

Supported workflow

Use the controls on this page, review the output in your browser, then download the result from this tab.