en

Why your files are safe

Your files are safe - not because we promise it, but because they never reach us.

Legally on the safe side

  • Privacy from the ground up: your files are never transmitted in the first place.
  • Data minimisation: we never see your file contents - there is nothing to collect.
  • Analytics only with your consent - before that we measure without any cookie or identifier, and you can withdraw the choice at any time.
  • Hosted in Germany.

Structurally impossible, not just promised

  • 0 upload - files are processed in your browser, not sent.
  • 0 account - no sign-up, no registration.
  • 0 file bytes on the network - the conversion code has no access to foreign servers (enforced by CSP).
  • Analytics strictly separated - it only measures page usage, never your file contents.

Verify it yourself - don’t trust, verify

The airplane-mode test

Switch on airplane mode or disconnect Wi-Fi. Open a tool and convert a file. It keeps working - because nothing is sent. An upload site never could.

The network proof (F12)

Open the dev tools (F12) -> "Network" tab, then convert. You will see no file upload to any server - the conversion code cannot reach any foreign address (enforced by CSP). Beyond that, the page only loads itself and, after your consent, anonymous usage analytics - never a file’s contents.

The technical lock (CSP)

A strict Content-Security-Policy forbids the code from connecting to any foreign server at all. It is verifiable in the source and guarded by tests - no trust required.

Legal background: privacy by design (Art. 25 GDPR) and data minimisation (Art. 5 GDPR) for the file processing. The anonymous usage analytics is measured with a cookie only after your consent (Art. 6(1)(a) GDPR / § 25(1) TDDDG); if you decline, it stays without a cookie and without an identifier. This describes the architecture and is not legal advice; no audited certificates or seals (e.g. ISO, SOC, TÜV) are claimed.

In comparison

gottrixTypical online converters
File uploadNone - all localFile sent to foreign servers
Sign-upNoneOften required
Analytics cookieOnly after consentUsually set
Works offlineYesNo
VerifiableYes (CSP + airplane mode)Promise only

Security in technical detail: TLS, HTTP headers and the full Content-Security-Policy

Common questions from data protection, IT security and compliance

Can we use gottrix when cloud uploads are forbidden in our organisation?

That is exactly what it is built for: the conversion runs entirely in your browser and the file is never sent to a server. Where a policy bans uploading documents to online services, the critical step simply does not happen - there is no upload. Your data protection or security team makes the final call; the behaviour is verifiable in the network tab.

Is using it GDPR-compliant?

We give no legal advice and claim no certification. Architecturally, privacy by design and data minimisation help: your file contents never leave the device, so there is no processing of those contents by us and no third-country transfer of them. The optional, consent-based usage analytics is separate and described in the privacy policy. Whether that is sufficient in your specific case is for your controller to assess.

What technically happens to my file - is anything stored?

The file is processed in the browser memory and exists only while the page is open. There is no server storage, no database, no recycle bin - so nothing for us to delete (or that we could). Close the tab and it is gone.

Are my files used to train AI?

No. Because the content never reaches our system, it cannot be used for AI training or any other purpose. There is no server-side processing of your files at all.

How do we evidence this internally (e.g. for an audit)?

Three reproducible proofs: the airplane-mode test (the tool works offline), the network tab (F12 -> no file request during conversion), and the strict Content-Security-Policy in the source. Any team can reproduce these themselves - stronger than a promise.

Do you accept liability or offer an SLA?

No - the service is free and carries no service-level agreement. The protection is not contractual but architectural and self-verifiable: what is never transmitted cannot leak. For binding guarantees, a paid service with a contract is the right route.