Privacy Policy
Last updated: May 29, 2026
TL;DR — Your files are processed in memory and deleted within 1 hour. We measure which tools get used so we know what to improve. The full list of what we send to Google Analytics is in Section 5 below.
1. Who we are
Docuconverter (“we,” “our,” or “us”) operates the website docuconverter.in and provides browser-based PDF tools. This policy explains, in plain English, what data we collect and what we do with it.
2. Files you upload
Files you upload are processed on our worker servers and deleted within 1 hour of the job completing. We do not write your files to any long-term database or cloud bucket. File contents never leave the worker — they are not sent to Google Analytics, not sent to Sentry, and not shared with any third party.
Transfers between your browser and our servers use HTTPS (TLS 1.2+).
3. Account information
Signing in is optional. If you sign in with Google, we receive and store:
- Your name and email address (from your Google profile)
- Your Google profile picture URL
- The timestamp of when you signed in
This information lives in our MongoDB database and powers features like the conversion history. We never receive your Google password.
Separately, when you are signed in we also send your Google account identifier (technically a string Google calls sub — an opaque, stable identifier per Google account) to Google Analytics as our user_id. The sub reveals no name, no email, and no photo — it lets us count returning visits across your devices without sending Google Analytics anything personally identifying. We do not send your name, your email, or your profile picture to Google Analytics.
4. Cookies and local storage
- Session cookie — HTTP-only, signed; keeps you logged in for up to 30 days or until you sign out.
- Google Analytics client identifier — a first-party cookie Google Analytics sets so we can recognise the same browser across page loads in a session. It does not contain your name or email.
- UTM session storage — if you arrive via a marketing link with
utm_*parameters in the URL (for example,?utm_source=youtube&utm_campaign=hindi-yt-2026-q2), we read those values and keep them in your browser'ssessionStorageunder the keydc.utm.v1. They are attached to analytics events for the rest of your visit so we can see which channels bring people in. They clear when you close the tab. They are not stored on our servers.
Your IP address is anonymised before it reaches Google Analytics (anonymize_ip: true). We also disable Google Signals (allow_google_signals: false) so Google Analytics does not cross-link your visit with your wider Google ad profile.
5. The exact analytics events we send
We believe in showing our work. Below is every event we send to Google Analytics, when it fires, and the data attached to it. Every event also carries a shared envelope of context: which tool you were using (tool_slug), your interface language (locale), whether you were signed in (signed_in_state), the type of page (page_type), the UTM source/medium/campaign if any, and a boolean (has_user_id) that lets us sanity-check the sign-in wiring.
| Event | When it fires | Extra data sent |
|---|---|---|
| page_view | Each page you visit. | Page URL, page title (the standard Google Analytics fields). |
| tool_landed | First time you open a specific tool in a session (for example, /convert/merge-pdf or /edit-pdf). | Which site referred you (entry_referrer_host, e.g. google.com). |
| file_uploaded | When you drop, pick, or paste a file into a tool. | File type (file_mime, e.g. application/pdf) and file size in kilobytes (file_size_kb). The file content and the file name are not sent. |
| file_size_validated | When the size check on your file passes or fails. | File size in kilobytes; whether it was under the tool's limit (true/false). |
| job_submitted | When the server accepts your file for processing. | An internal job identifier (random string; not tied to you personally). |
| job_polling | The first time the browser successfully checks job status (lets us confirm the client-server roundtrip works). | Job identifier. |
| job_completed | When your file has finished processing. | Job identifier; how long processing took in milliseconds (duration_ms). |
| file_downloaded | When you click the download link on a finished file. This is our primary success measure. | Job identifier; whether this was the first download or a re-download (via). |
| conversion_abandoned | When you leave a tool after starting a job but before downloading. | Which step you got to (uploaded / submitted / polling / completed); how long you spent (dwell_ms). |
| signin_modal_shown | When the sign-in prompt appears. | What triggered it (hit a usage wall / clicked download in editor / clicked header button / direct route). |
| signin_clicked | When you click the Google sign-in button. | What triggered the prompt (same options as above). |
| signin_completed | When Google confirms your sign-in. | Which provider (currently always google); whether your prior session resumed (had_resume_token). From this event onward we attach the user_id described in Section 3. |
| signin_failed | When sign-in does not complete (you cancelled, OAuth error, network drop). | A short reason code (user_cancelled / oauth_error / network / unknown). |
| anon_wall_shown | When the “you've used your daily anonymous quota” modal appears. | Which tool; how many seconds you spent on the page before the wall appeared. |
| anon_wall_passed | When you use one of your 2 free anonymous conversions per day. | Which tool; which conversion (1 or 2); whether the local quota counter fell back to a server-authoritative limit (fallback, true/false). |
| anon_wall_hit_limit | When you try a third anonymous conversion within 24 hours. | Which tool. |
| error_shown | Any time we show you an error message. | A short error code (e.g. 413_upload_too_large); which part of the app it surfaced in (upload / processing / download / auth / wall / editor / other); a short technical detail string (capped at 200 characters; the underlying server status code or exception message — never your file contents, file name, or any account field). |
| editor_text_edited | When you save a row of text in the editor. | Whether the row had mixed formatting (had_mixed_formatting); which font fallback we picked, if any. |
| editor_signature_placed | When you place a signature on a page. | How the signature was made (drawn / typed / uploaded / re-used from a saved one). |
| merge_files_added | When you add a second-or-later file to a merge job. | Total file count after the add. |
Detail events (kept for product debugging)
In addition to the canonical events above, we also fire a smaller set of detail events used purely for product diagnostics — they layer extra context under the same envelope (tool_slug, locale, signed_in_state, page_type, utm_*, has_user_id) so reports can correlate them with the canonical funnel. Each one is listed below for the same reason as the canonical table: we believe in showing our work.
| Event | When it fires | Extra data sent |
|---|---|---|
| signed_in | An alias of signin_completed — fired at the same moment, kept separately because Google Analytics counts it under the name our founder asked for in reports. | Same payload as signin_completed (provider, had_resume_token). |
| editor_page_view | When the PDF editor loads. | Whether you were already signed in (is_authenticated). |
| editor_session_end | When you leave the editor. | How long the editor was open in seconds (duration_seconds). |
| editor_pdf_uploaded | When you pick a PDF to edit. | Page count (page_count); file size in kilobytes. |
| editor_mode_switched | When you switch editor mode (pages, forms, sign, annotate). | Which mode (mode). |
| editor_page_op | When you rotate, delete, reorder, extract, or add a PDF page. | Which operation (op). |
| editor_download_started | When you click Download in the editor. | (no extra params) |
| editor_download_success | When the editor finishes writing the output PDF. | Time taken in milliseconds (duration_ms). |
| editor_signin_completed | The editor-specific sign-in detail event — fires when you sign in mid-edit. | Whether the edit was resumed from a prior session (had_resume_token). |
| editor_success_screen_shown | When the “your edited PDF is ready” overlay appears. | (no extra params) |
| editor_edit_further_clicked | When you click “edit further” from the success overlay. | (no extra params) |
| homepage_editor_hero_click | When you click the editor call-to-action on the homepage. | (no extra params) |
| editor_landing_cta_click | When you click an editor call-to-action on the editor landing page. | Where on the page the button was (cta_location). |
| blog_post_view | When you open a blog post. | The post slug (slug — the URL-safe name of the post); the language we served it in; whether we fell back to English because your locale was missing (fallback). |
| blog_list_view | When you open the blog index page. | The language served (locale); how many posts were listed (count). |
| text_edit_v2_row_started | When you click a row of text in the editor to edit it. | Page count; row run count; the font name reported by the PDF (e.g. Helvetica, Mukta-Regular); which scripts (Latin, Devanagari, etc.) the row contains; whether the row had mixed formatting. |
| text_edit_v2_row_cancelled | When you dismiss the row-edit modal without saving. | Original text length; how long the modal was open in milliseconds (dwellMs). |
| text_edit_v2_row_re_edited | When you reopen the modal on a row you already edited. | A short row identifier (rowId — internal to this page session, not tied to you); which iteration of the edit this is. |
We also pivot reports against these 11 dimensions, all derived from the data already named above: tool_slug, locale, signed_in_state, anon_cohort_week, utm_source, utm_medium, utm_campaign, page_type, error_code, file_mime, and has_user_id. There are no hidden dimensions beyond this list.
6. What we do not collect
The following never reach Google Analytics or any third party:
- File contents — they only ever go to our worker server and are deleted within 1 hour.
- File names — we send file type and size, but not the name.
- Passwords or anything you type into a password field.
- Your name, your email address (in plaintext), or your phone number.
- Your raw IP address — it is anonymised before it reaches Google Analytics.
- Your Google profile picture URL.
- The text you type or edit inside the PDF editor.
7. Third-party services
- Google OAuth 2.0 — for optional sign-in. Governed by Google's Privacy Policy.
- Google Analytics 4 — for the measurement described in Section 5.
- Sentry — for error monitoring (currently configured but with no active reporting endpoint). When active, error reports include the URL you were on, your browser version, and a JavaScript stack trace — never your files, your email, or your name.
We do not sell your data. The only reason we would share user data with anyone else is if we were compelled to by a valid legal request from an Indian court or law-enforcement authority — we are honest that we have to comply with the law, and we will not pretend otherwise.
8. Your rights and opt-outs
You can opt out of measurement in any of these ways:
- Browser-level — install the Google Analytics opt-out browser add-on or any tracking blocker (uBlock Origin, Privacy Badger).
- Sign out — clears the
user_idfor the rest of your session. - Clear cookies — resets the Google Analytics client identifier so we cannot match the next visit to this one.
- DoNotTrack — we read the browser DNT signal; if your browser sends it, we skip the
user_idattachment.
You also have the right to access, correct, or delete the account data we hold about you. If you are in the EU/EEA, you have rights under the GDPR including data portability. The Indian Digital Personal Data Protection Act (DPDP) regime is still being operationalised at the time of writing — we will update this policy as the rules take effect. To exercise any of these rights, email privacy@docuconverter.in.
9. Data retention
- Uploaded files: deleted within 1 hour of the job completing.
- Analytics events: retained by Google Analytics for up to 14 months under our current settings.
- Account data: retained until you ask us to delete it.
To delete your account and the associated data, email privacy@docuconverter.in.
10. Why we measure what we measure
Our single product metric is the count of files our users successfully convert each month. The events in Section 5 exist so we can tell which tools get used, which steps people get stuck on, and which channels bring useful traffic. The data tells us what to improve next.
We do not use this data to power streaks, badges, leaderboards, daily check-in mechanics, or “you haven't visited in a week” notifications. That is a deliberate product decision, not an accident.
11. Data protection
We use HTTPS for every connection, server-side input validation, and restricted database access. No system that transmits data over the public internet can promise zero risk; we use commercially reasonable measures and try to be honest about the limits.
12. Children's privacy
Docuconverter is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, email us at the address below and we will remove it.
13. Changes to this policy
We update this policy when our data practices change. The “Last updated” date at the top of the page reflects the most recent revision. Material changes to what we collect will be noted in our release notes.
14. Contact
Questions about this policy or about the data we hold on you:
Docuconverter
Email: privacy@docuconverter.in
General feedback: feedback@docuconverter.in
Website: https://docuconverter.in