This page documents how to verify the privacy build without relying on marketing claims.
The privacy-reviewed artifact is dist/privacy-build/, generated by npm run build:privacy. It is designed to be served from a separate origin such as privacy.convertunlimited.com.
After the static page assets are loaded from the same origin, file processing should not create network requests. The generated headers set connect-src 'none' where supported.
npm run verify:privacyThe verification command builds the privacy artifact, scans it for known third-party runtime references, opens it in a headless browser, blocks common network APIs, processes a sample image, and fails if network requests occur during processing.
User-selected file
-> Browser File/Blob APIs
-> Local JavaScript tool logic
-> Canvas/PDF/browser encoder
-> Blob/Object URL
-> Browser downloadThe privacy build does not defend against a compromised browser, malicious extensions, host-level script injection, or operating-system telemetry. It is a static local-processing web app, not a sandbox for a compromised device.
Technical verification notes for ConvertUnlimited's privacy build.
Selected file contents are processed locally in your browser for supported workflows. The public site may load ads and analytics; use the privacy build for privacy-sensitive workflows.
Use the controls on this page, review the output in your browser, then download the result from this tab.