Encryption in Transit
All traffic between your browser and heic.now is encrypted with TLS (HTTPS). Uploading over an open Wi-Fi network does not expose your file contents to eavesdroppers on the same network.
Unguessable File URLs
Each uploaded file receives a cryptographically random identifier as part of its URL. This identifier has sufficient entropy that it cannot be guessed by brute force. There is no directory listing or index page that enumerates uploaded files- Only someone you share the link with can access it.
No Third-Party Data Sharing
File contents are processed entirely on heic.now's own servers. Your images are not sent to external APIs, third-party conversion services, or advertising networks. Anonymised usage statistics (conversion counts, format popularity) may be collected but never include file contents.
CSRF Protection and MIME Validation
CSRF tokens on all form submissions prevent cross-site request forgery attacks. Every uploaded file undergoes MIME-type validation- The server checks the actual file signature (magic bytes), not just the filename extension, to ensure only legitimate image files are accepted.