DoctVault LogoDoctVault
es

Privacy Policy

Last updated: November 18, 2025

📋 Executive Summary

Your images NEVER leave your device. All processing happens locally in your browser. We don't store files, don't ask for registration, only use anonymous analytics.

1. Data Controller Identity

Data Controller: DoctVault
Contact: info@formatvault.com
Website: https://doctvault.com
Jurisdiction: Spain / European Union

2. Total Privacy Commitment

At DoctVault, your privacy is our absolute priority. Unlike other image converters that upload your files to remote servers:

  • 100% local processing: All conversions run in your browser using WebAssembly (WASM).
  • Zero uploads: Your images never leave your device.
  • No registration: We don't ask for accounts, emails, or passwords.
  • No storage: We don't save files on servers.

3. Information We DON'T Collect

Data TypeStatus
Uploaded images❌ Never collected
Visual content❌ Never collected
EXIF metadata (GPS, camera)❌ Never collected
Personal data (name, email)❌ Never collected

4. Information We DO Collect (Anonymous)

To improve our service, we use Google Analytics 4 with anonymous metrics:

4.1. Usage Statistics

  • Pages visited: Which sections you browse.
  • Time on page: How long you spend on each page.
  • Bounce rate: If you leave immediately.
  • Conversion events: Source/destination format (without file content).

4.2. Technical Information

  • Browser and version: Chrome 120, Firefox 121, Safari 17, etc.
  • Operating system: Windows, macOS, Linux, Android, iOS.
  • Screen resolution: To optimize responsive design.
  • Browser language: To improve translations.

4.3. Approximate Geolocation

  • Country and city: Based on IP (we DON'T store exact IP).
  • Purpose: Regional statistics (e.g., "70% users from Spain").

5. Legal Basis for Processing (GDPR)

DataLegal BasisPurpose
Anonymous analyticsLegitimate interestService improvement
Technical cookiesContractual necessityBasic functionality
Advertising cookiesConsentAd personalization

6. Cookies and Local Storage

6.1. Strictly Necessary Cookies

Essential for basic functionality. DO NOT require consent:

  • theme_preference (localStorage): Light/dark mode | Duration: Permanent
  • language_preference (localStorage): ES/EN | Duration: Permanent
  • conversion_settings (sessionStorage): Format, quality | Duration: Session

6.2. Analytics Cookies (Google Analytics 4)

  • _ga: Anonymous unique identifier | Duration: 2 years
  • _ga_[container-id]: User session | Duration: 2 years
  • _gid: Daily statistics | Duration: 24 hours
  • _gat: Rate limiter | Duration: 1 minute

6.3. Advertising Cookies (Google AdSense)

Google AdSense uses third-party cookies to personalize ads. You can:

  • Manage preferences at Google Ad Settings
  • Opt for non-personalized advertising
  • Block advertising cookies in your browser

7. How to Disable Cookies

Instructions by browser:

  • Chrome: Settings → Privacy and security → Cookies
  • Firefox: Preferences → Privacy → Cookies and site data
  • Safari: Preferences → Privacy → Block all cookies
  • Edge: Settings → Privacy → Cookies

⚠️ Warning: Disabling cookies may affect functionality (preferences won't be saved).

8. Third-Party Services

8.1. Firebase Hosting (Google Cloud)

  • Provider: Google LLC (USA)
  • Purpose: Static hosting + global CDN
  • Data transferred: IP for server logs (aggregated, not identifiable)
  • Safeguards: EU-USA standard contractual clauses

8.2. Google Analytics 4

  • Provider: Google LLC (USA)
  • Data transferred: Anonymous usage statistics
  • Safeguards: Privacy Shield Framework + IP anonymization

8.3. Google AdSense

  • Provider: Google LLC (USA)
  • Data transferred: Third-party advertising cookies
  • User control: Google Ad Settings

9. Data Security

Implemented protection measures:

  • Mandatory HTTPS: TLS 1.3 encryption on all connections
  • Content Security Policy (CSP): XSS and injection prevention
  • Isolated Web Workers: Sandboxed processing without network access
  • No backend: No database where information can leak
  • Security headers: HSTS, X-Frame-Options, X-Content-Type-Options

10. User Rights (GDPR/CCPA)

According to European (GDPR) and Californian (CCPA) regulations, you have the right to:

RightDescriptionApplicable
AccessRequest copy of your data❌ N/A (we don't store data)
RectificationCorrect inaccurate data❌ N/A (we don't store data)
ErasureRight to be forgotten❌ N/A (we don't store data)
PortabilityExport readable data❌ N/A (we don't store data)
ObjectionReject processing✅ Block analytics cookies
RestrictionLimit processing✅ Disable JavaScript

To exercise your rights:
Email: info@formatvault.com
Response time: 48-72 business hours

11. Use by Minors

DoctVault does NOT knowingly collect information from children under 13 (16 in EU under GDPR). If you are a parent/guardian and discover your child provided data, contact us to remove it.

12. Data Retention

Data TypeRetention Period
Processed images0 seconds (never uploaded)
Google Analytics cookies (_ga)2 years (renewable with visits)
localStorage preferencesPermanent (until manual deletion)
Firebase server logs30 days (aggregated, not individual)

13. Changes to This Policy

We reserve the right to update this policy to reflect changes in:

  • Legal regulations (GDPR, CCPA, new laws)
  • Third-party services (new analytics, hosting)
  • Service functionalities

Change notification: Prominent banner on homepage for 30 days. "Last updated" date always visible.

14. Supervisory Authority

If you believe your privacy rights have been violated, you can file a complaint with:

15. Contact and Support

Data controller contact information:

✅ Your Privacy in 5 Key Points

  1. 1. Your images NEVER leave your device (100% local processing)
  2. 2. We DON'T ask for registration, email, password or personal data
  3. 3. We only use anonymous analytics to improve UX
  4. 4. We comply 100% with GDPR (EU) and CCPA (California)
  5. 5. Contact: info@formatvault.com