ConvertUnlimited

Trust Center

Security architecture

The privacy build uses a static architecture with same-origin assets, a restrictive Content Security Policy, no connect destinations, blocked sensitive browser permissions, and Worker headers for deployment separation.

Short answer

The security model reduces runtime network and script exposure, but it does not protect against a compromised browser, malicious extension, operating-system telemetry, or user-downloaded files after they leave the page.

Build boundary

The public site may load ads and analytics. The privacy build at privacy.convertunlimited.com is the no-ads, no-analytics review target.

Verification path

Use the verification page, browser DevTools, and repository privacy tests to inspect the behavior instead of relying on marketing language.

Primary controls

  • Content Security Policy: The privacy deployment uses default-src 'self', script-src 'self', connect-src 'none', object-src 'none', base-uri 'self', form-action 'none', and frame-ancestors 'none'.
  • Permissions Policy: Camera, microphone, geolocation, payment, USB, Bluetooth, accelerometer, gyroscope, magnetometer, and interest-cohort permissions are disabled.
  • Same-origin runtime: Runtime JavaScript and vendored libraries are served from the privacy origin.
  • Staging noindex: workers.dev staging responses receive noindex headers and robots meta overrides.

Why connect-src none matters

connect-src 'none' blocks fetch, XHR, WebSocket, EventSource, and sendBeacon destinations in supporting browsers after the page is loaded. It is a deployment control that supports the local-processing claim for the privacy build.

Related source documentation

Trust topics

FAQ

Does CSP make the app risk-free?

No. CSP reduces classes of network and script exposure, but it is not a complete security boundary.

Why allow unsafe-inline styles?

The current pages include inline style attributes, so style-src 'unsafe-inline' remains a future hardening task.

Does the privacy build use third-party runtime scripts?

The generated artifact is audited so it does not intentionally load third-party runtime scripts.

Review note

Trust documentation reviewed: May 2026. These pages describe the current public and privacy-build architecture and should be updated when deployment, telemetry, or runtime dependencies change.