1. Introduction
HEICPDF.TO (“we,” “us,” or “our”) operates the website at heicpdf.to (the “Service”). This page explains how the Service handles information when you use it.
We take your privacy seriously. This tool is designed around a core principle: your files never leave your device. All HEIC-to-PDF conversion is performed entirely in your browser using WebAssembly — no images are uploaded to any server, and we have no ability to access, store, or share your files.
The Service does not use advertising, analytics, tracking scripts, or tracking cookies. Some browser storage is used only for features you choose, such as saving your theme preference or connecting to cloud storage.
2. Information We Collect
We collect as little information as possible. The table below describes the categories of data the Service may handle:
| Category | What we handle | Purpose |
|---|---|---|
| File data | None collected. Your HEIC photos are processed locally in your browser. We never receive, transmit, or store your image files. | Your files remain on your device at all times |
| Theme preference | Your dark/light mode preference, stored in your browser’s localStorage. | Functionality — keeps your preferred theme across visits |
| Cloud storage authorization data | If you choose to connect Dropbox or Google Drive, OAuth state, code verifier, access token, refresh token, and expiration time may be stored in your browser’s localStorage. Google Picker may also use sessionStorage to remember an in-progress authorization flow. | Functionality — lets you import from or save to the cloud service you selected |
We do not collect: your name, email address, phone number, postal address, payment information, usage analytics, advertising identifiers, or tracking identifiers. We do not use fingerprinting techniques, track you across third-party sites, or sell your data.
3. Local Processing — Your Files Stay Private
This is the most important part of this policy. Every HEIC-to-PDF conversion performed on our website happens entirely within your browser. Your photos:
- Are never uploaded to any server — not ours, not a third-party’s.
- Are never stored in our databases, logs, or caches.
- Are never transmitted over the network. The conversion engine (HEIC decoding + PDF generation) runs as a WebAssembly binary inside your browser tab.
- Remain on your device until you choose to download the result or close the tab.
Once you close the browser tab, all processed data is gone. We have no mechanism to retrieve, recover, or access any file you convert. This architecture is deliberate: it eliminates the most common privacy risk in file-conversion services.
4. Analytics & Usage Tracking
We do not use analytics services, tracking scripts, cookies, or any form of usage monitoring on our website. We do not use Google Analytics, Facebook Pixel, Plausible, or any other analytics provider.
We have designed the Service to operate without collecting information about how you use it. The only data processed is the HEIC-to-PDF conversion itself, which happens entirely in your browser using WebAssembly — no data is transmitted to any server.
5. Cookies and Local Storage
We do not set or read cookies for analytics, advertising, tracking, or theme preferences.
The Service uses limited browser storage for functionality:
| Storage | Purpose | Duration |
|---|---|---|
localStorage: theme | Stores your dark/light mode preference so it persists across visits | Until you change the theme or clear browser data |
localStorage: cloud OAuth values | Stores authorization data only when you choose to connect Dropbox or Google Drive | Until you disconnect, the token expires, or you clear browser data |
sessionStorage: google_picker_pending | Remembers an in-progress Google Picker authorization flow | Current browser session |
You can clear this browser storage in your browser settings. The converter will still work, though theme persistence and connected cloud storage features may need to be set up again.
We do not use tracking cookies, advertising cookies, analytics cookies, or third-party cookies.
6. Third-Party Services
The Service does not integrate any third-party analytics, advertising, or data collection services. All HEIC-to-PDF conversion is processed entirely within your browser using open-source WebAssembly libraries (libheif) and client-side JavaScript (pdf-lib, JSZip).
When you choose to import from or save files to cloud storage (Dropbox, Google Drive), those services are accessed directly from your browser using their official SDKs or APIs, subject to their respective privacy policies. These third-party resources are loaded only when you choose to use the related cloud storage feature. We do not receive, store, or process your cloud storage credentials or files on our servers.
7. Data Retention
Because the Service does not upload or store your files, there is nothing to retain on our end for file conversion. Browser storage described in Section 5 remains on your device until you remove it, change the related setting, disconnect the related cloud service, or clear browser data.
We do not retain analytics profiles, advertising identifiers, or tracking identifiers because we do not collect them.
8. Your Rights (GDPR & CCPA)
If you are a resident of the European Economic Area (EEA), the United Kingdom, California, or another jurisdiction with privacy rights, you may have rights under applicable data protection law.
Right to Access
You may request a copy of any personal data we hold about you. Because files are processed locally and the Service does not create user accounts, analytics profiles, or tracking profiles, we generally do not hold personal data that identifies you.
Right to Rectification
You have the right to have inaccurate personal data corrected. Because we do not maintain user accounts or profiles, there is little personal data to correct — but if you believe any data we hold is inaccurate, we will investigate and correct it promptly.
Right to Erasure (“Right to be Forgotten”)
You may request deletion of your personal data. Browser storage described in Section 5 is stored on your device and can be cleared from your browser settings. If you contact us about data held by us, we will review and respond within the timeframe required by applicable law.
Right to Restrict Processing
You may request that we restrict the processing of your personal data. The Service does not engage in profiling, behavioral advertising, or automated decision-making.
Right to Data Portability
You have the right to receive personal data you provided in a structured, commonly used format where applicable. Contact us to exercise this right.
CCPA — California Residents
Under the California Consumer Privacy Act (CCPA), California residents may have additional rights to:
- Know what personal information is collected, used, shared, or sold.
- Opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.
- Non-discrimination — we will not discriminate against you for exercising your privacy rights.
To exercise any of these rights, please contact us. We will respond within the timeframe required by applicable law.
9. Data Security
Because your files never leave your device, the primary security risk — data interception during upload or server-side file breach — is eliminated by design. For the Service:
- All site traffic is served over HTTPS.
- File conversion happens inside your browser, not on our servers.
- Cloud storage authorization happens through Dropbox or Google Drive OAuth flows when you choose those features.
- We regularly audit our dependencies for known vulnerabilities.
No security system is impenetrable. However, our architecture means that even in the event of a server compromise, an attacker would gain access to no converted user files and no user accounts.
10. Children’s Privacy
Our Service is not directed to persons under the age of 13 (or the equivalent age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us — we will take steps to delete that information as soon as possible.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Material changes will be communicated via a notice on our website.
We encourage you to review this Privacy Policy periodically for any changes. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at [email protected].
We aim to respond to all privacy inquiries within 48 hours and to resolve any issues within 30 days.