Is Your Data Private on heic.now? Privacy and Security

Privacy and security are built into heic.now's architecture, not bolted on as an afterthought. Your uploaded files are accessible only via a secret URL- Not through any browsable listing- And are never shared with third-party services. For information on how long files are retained and when they are deleted, see the file storage article.

Encryption in Transit

All traffic between your browser and heic.now is encrypted with TLS (HTTPS). Uploading over an open Wi-Fi network does not expose your file contents to eavesdroppers on the same network.

Unguessable File URLs

Each uploaded file receives a cryptographically random identifier as part of its URL. This identifier has sufficient entropy that it cannot be guessed by brute force. There is no directory listing or index page that enumerates uploaded files- Only someone you share the link with can access it.

No Third-Party Data Sharing

File contents are processed entirely on heic.now's own servers. Your images are not sent to external APIs, third-party conversion services, or advertising networks. Anonymised usage statistics (conversion counts, format popularity) may be collected but never include file contents.

CSRF Protection and MIME Validation

CSRF tokens on all form submissions prevent cross-site request forgery attacks. Every uploaded file undergoes MIME-type validation- The server checks the actual file signature (magic bytes), not just the filename extension, to ensure only legitimate image files are accepted.

Ready to convert?
Free, no signup required. Files deleted in 24 h.
Start converting
Back to all FAQ