ConvertUnlimited

Trust Center

Third-party and runtime script policy

The public site may use ads and analytics. The privacy build is the review target for no ads, no analytics, no remote fonts, and no third-party runtime scripts.

Short answer

Trust claims must specify which build is being discussed. The privacy build is generated separately and audited for known third-party runtime references.

Build boundary

The public site may load ads and analytics. The privacy build at privacy.convertunlimited.com is the no-ads, no-analytics review target.

Verification path

Use the verification page, browser DevTools, and repository privacy tests to inspect the behavior instead of relying on marketing language.

Public site

The public site is ad-supported and may load analytics or advertising services. Its core supported tool logic can still process files in the browser, but the public site should not be used as evidence for no-ads/no-analytics claims.

Privacy build

  • No ads: Ad scripts and ad scaffold DOM are removed from the generated artifact.
  • No analytics: GTM, GA4, and platform analytics wrappers are stripped from the privacy build.
  • No remote fonts: Remote font references are removed.
  • No runtime CDNs: Required runtime libraries are served from same-origin vendored files.
  • No host injection: Cloudflare Web Analytics, Zaraz, Rocket Loader, email obfuscation, and injected challenge scripts must remain disabled for privacy.convertunlimited.com.

Related source documentation

Trust topics

FAQ

Does the privacy build load Google Tag Manager?

No. GTM is stripped from the privacy build.

Does the privacy build load Cloudflare Web Analytics?

It should not. If a beacon appears in rendered HTML, that is a Cloudflare dashboard configuration problem that must be disabled.

Are vendored libraries third-party code?

They are third-party libraries served from the same origin and tracked in the repository inventory.

Review note

Trust documentation reviewed: May 2026. These pages describe the current public and privacy-build architecture and should be updated when deployment, telemetry, or runtime dependencies change.