Proof of local processing.

This page documents how to verify the privacy build without relying on marketing claims.

Reviewed artifact

The privacy-reviewed artifact is dist/privacy-build/, generated by npm run build:privacy. It is designed to be served from a separate origin such as privacy.convertunlimited.com.

Expected network behavior

After the static page assets are loaded from the same origin, file processing should not create network requests. The generated headers set connect-src 'none' where supported.

Local verification

npm run verify:privacy

The verification command builds the privacy artifact, scans it for known third-party runtime references, opens it in a headless browser, blocks common network APIs, processes a sample image, and fails if network requests occur during processing.

Architecture summary

User-selected file
  -> Browser File/Blob APIs
  -> Local JavaScript tool logic
  -> Canvas/PDF/browser encoder
  -> Blob/Object URL
  -> Browser download

Important limits

The privacy build does not defend against a compromised browser, malicious extensions, host-level script injection, or operating-system telemetry. It is a static local-processing web app, not a sandbox for a compromised device.

What this page does

Technical verification notes for ConvertUnlimited's privacy build.

Privacy behavior

Selected file contents are processed locally in your browser for supported workflows. This privacy build does not intentionally load ads, analytics, remote fonts, or third-party runtime scripts.

Supported workflow

Use the controls on this page, review the output in your browser, then download the result from this tab.