HEICtoAll

Privacy Policy

Last updated: June 3, 2026

Summary

HEICtoAll is privacy-first by design. Your images never leave your browser. All conversion happens locally on your device. We collect the minimum data needed to provide accounts, payments and security.

1. Who is the data controller

The data controller for personal data processed through HEICtoAll is Domenico Solaro (VAT IT10884671214), Italy, contactable at support@heictoall.net.

2. What we collect

We collect only the following categories of personal data:

  • Account data: email, hashed password, account creation date, preferred language.
  • Subscription data: plan, status, billing period, payment provider customer ID.
  • Technical data: IP address, browser type, basic logs (security and abuse prevention).
  • Email communication: account verification, password reset, transactional notifications.

Images you convert are never sent to us. They are processed entirely within your browser using JavaScript/WebAssembly. We have no technical ability to access them.

3. Why we process it (legal basis)

  • Contract (Art. 6(1)(b) GDPR): providing accounts, processing payments, customer support.
  • Legitimate interests (Art. 6(1)(f)): security, fraud prevention, abuse logging.
  • Legal obligation (Art. 6(1)(c)): tax records, responding to lawful requests.
  • Consent (Art. 6(1)(a)): non-essential cookies (currently none in use).

4. Who we share it with

  • Paddle.com Market Limited — Merchant of Record for all payments. Paddle processes name, billing address, payment method, tax data, and purchase history. Paddle Privacy Notice.
  • Hosting and infrastructure: Cloudflare (CDN/edge) and Supabase (database/auth) under appropriate DPAs.
  • Email delivery provider: for transactional and account emails.
  • Authorities: only when required by law.

We do not sell personal data and we do not use it for advertising profiling.

5. International transfers

Some processors operate outside the EEA/UK. Where this occurs, transfers are protected by Standard Contractual Clauses or equivalent safeguards.

6. How long we keep it

  • Account data: until you delete your account.
  • Subscription/billing: 10 years (Italian tax law).
  • Technical/security logs: up to 90 days.

7. Your rights (GDPR)

You can: access, rectify or erase your personal data; restrict or object to processing; request data portability; withdraw consent; lodge a complaint with your local supervisory authority (in Italy: Garante per la protezione dei dati personali).

To exercise these rights, email support@heictoall.net. We respond within one month.

8. Security

TLS in transit, encryption at rest, access controls, hashed passwords, regular updates and Row-Level Security on the database.

9. Cookies

We use only essential cookies and local storage (authentication session, language preference, cookie consent flag). No analytics or marketing cookies.

10. Children

The Service is not directed to children under 16. We do not knowingly collect data from children.

11. Changes

We may update this Privacy Policy. Material changes will be notified via email or prominent in-app notice.

12. Contact

Domenico Solaro (VAT IT10884671214), Italy
Email: support@heictoall.net