Privacy Policy
This Privacy Policy explains how Individual Entrepreneur DALER AZIMOV ("we", "us", "our") collects, uses, and protects personal data in connection with the Convertessa macOS application ("App") and the website at convertessa.app ("Site").
We collect only the data listed in this policy. Nothing in this policy is boilerplate filler: every category below corresponds to a real, code-verified data flow.
1. Who We Are (Data Controller)
Individual Entrepreneur DALER AZIMOV
Registered in Georgia under the LEPL National Agency of Public Registry.
Identification number: 305750979
Address: Georgia, Tbilisi, Saburtalo district, Bakhtrioni street, N 22, apartment N75
Email: support@convertessa.app
Phone: +992 88 000 1024
2. What Data We Collect and Why
2-A. When You Visit the Website
Cloudflare Web Analytics
Our website uses Cloudflare Web Analytics, a privacy-first analytics service. It records anonymised signals — page views, referring URL, browser type, operating system, and approximate country — without placing cookies or tracking individual visitors across sessions. No cross-site tracking, no fingerprinting, no personally identifiable information.
- Legal basis (GDPR): Legitimate interest (Art. 6(1)(f)) — understanding aggregate traffic patterns so we can improve the site.
- Processor: Cloudflare, Inc. (subject to Cloudflare's Data Processing Addendum and Privacy Policy).
- Retention: governed by Cloudflare's own data retention policy.
2-B. When You Buy Convertessa
When your purchase is confirmed, Paddle (our Merchant of Record) sends a webhook event to our payment API. We process and store the following data.
Buyer email address
| What | Your email address, as entered at checkout |
| Why | To generate your license key, deliver your license email, and allow us to re-send the key if you lose it |
| Where stored | Cloudflare D1 database (licenses table), hosted in Cloudflare's infrastructure |
| Who else receives it | Resend (email delivery service — sends you the license email); the operator (a notification email and Telegram message are sent to the product owner to confirm the sale) |
| Retention | Indefinitely, for the lifetime of your license — we need your email to verify ownership and re-deliver your key on request |
| Legal basis (GDPR) | Contract performance (Art. 6(1)(b)) — the email is the primary identifier for your perpetual license |
Payment webhook audit log
| What | The raw JSON webhook payload sent by Paddle for every order event, including events with invalid or unrecognised signatures. Contains at minimum your email address and Paddle order details |
| Why | Audit trail for fraud detection, dispute resolution, and API debugging |
| Where stored | Cloudflare D1 database (webhook_events table) |
| Retention | Up to 12 months from the date of the event, then automatically deleted by a scheduled purge routine |
| Legal basis (GDPR) | Legitimate interest (Art. 6(1)(f)) — financial audit obligations and fraud prevention |
What Paddle retains (independent of us)
Paddle is the Merchant of Record for all purchases. Paddle independently collects and retains your payment method details, billing address, and transaction history under its own Privacy Policy. We do not receive or store your payment card number, billing address, or any full payment instrument details.
2-C. Your License Token (Stored on Your Device)
After activating Convertessa, your license token is saved locally on your Mac at:
~/Library/Application Support/FileConverter/license
The token is a cryptographically signed string that encodes your email address as a base64url payload. It is verified offline using a public key embedded in the App; no network call is made during activation or on subsequent launches to validate your license. The file is protected by standard macOS filesystem permissions but is not encrypted at rest beyond that.
We do not receive or have access to the local license file after it is delivered to you. This data is under your control on your own device.
2-D. Software Update Checks (Sparkle Framework)
The App uses the Sparkle open-source framework to check for software updates. On every App launch, and approximately once every 24 hours, the App sends an HTTPS request to updates.convertessa.app.
The request transmits:
| Field | Example value |
|---|---|
| App version | e.g. "1.0.0" |
| macOS version | e.g. "15.2" |
| CPU architecture | "Apple Silicon" or "Intel" |
| Sparkle framework version | e.g. "2.x" |
No personally identifiable information is transmitted — not your email address, not your license token, and not any file names or conversion data. Updates are never installed automatically; you approve each update via the standard Sparkle prompt.
There is no in-app toggle to disable update checks; they run automatically on the schedule described above.
- Legal basis (GDPR): Legitimate interest (Art. 6(1)(f)) — ensuring users can receive security and compatibility updates for the App.
- Retention:
updates.convertessa.appis an operator-controlled server; server access logs (if any) are governed by our hosting provider's (Cloudflare's) log retention settings, not by application code.
2-E. What We Do NOT Collect
- Your files or their contents — all conversion processing happens locally on your device. No file you convert is ever uploaded to any server.
- In-app analytics, crash reports, or telemetry — no analytics SDK, no tracking pixel, no usage tracking of any kind is embedded in the App.
- Payment card numbers or billing addresses — these stay with Paddle.
- Passwords — we do not operate a user account system; your license token is your sole credential.
3. Third-Party Processors
| Processor | Role | Data shared | Privacy terms |
|---|---|---|---|
| Cloudflare, Inc. | Cloud infrastructure: compute (Workers), database (D1), file storage (R2), and website analytics | All data described in §2-A and §2-B | cloudflare.com |
| Resend | Transactional email delivery | Buyer email, license key, license token, order ID | resend.com |
| Telegram | Operator sale notification | Buyer email, short license key, license token, order ID | telegram.org |
| Paddle.com | Payment processor / Merchant of Record | Payment details, buyer email (Paddle is an independent controller for payment data) | paddle.com |
We do not sell or rent personal data to any third party. We do not use personal data for advertising or profiling.
4. Legal Bases for Processing (GDPR Summary)
| Processing activity | Legal basis |
|---|---|
| Delivering your license (email → license key → email delivery) | Art. 6(1)(b) — performance of a contract |
| Storing your email for future license re-delivery | Art. 6(1)(b) — performance of a contract |
| Retaining webhook audit log for 12 months | Art. 6(1)(f) — legitimate interest (fraud prevention, audit obligations) |
| Software update checks (Sparkle) | Art. 6(1)(f) — legitimate interest (App security and compatibility maintenance) |
| Website analytics (Cloudflare) | Art. 6(1)(f) — legitimate interest (understanding aggregate site traffic) |
5. Data Retention
| Data | Retention period |
|---|---|
Buyer email (D1 licenses table) | Indefinite — for the lifetime of your perpetual license |
Webhook event payloads (D1 webhook_events table) | Up to 12 months from the event date, then deleted |
Local license token (~/Library/Application Support/FileConverter/license) | Until you uninstall the App or delete the file manually |
| Cloudflare Web Analytics | Per Cloudflare's own retention policy |
| Resend email delivery records | Per Resend's own retention policy |
| Telegram bot messages | Per Telegram's own retention policy |
6. Your Rights (EU/EEA Residents)
If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation:
- Right of access (Art. 15): request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): request correction of inaccurate data.
- Right to erasure (Art. 17): request deletion of your personal data, where we have no overriding legal obligation to retain it. Note: erasing your email from the
licensestable will disable license re-delivery for your purchase. - Right to restriction of processing (Art. 18): request that we limit how we use your data in certain circumstances.
- Right to data portability (Art. 20): receive your personal data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21): object to processing based on legitimate interest.
- Right to lodge a complaint: if you believe we have processed your data unlawfully, you may lodge a complaint with the supervisory authority in your country of residence. In Georgia (the country of the data controller), the supervisory authority is the Personal Data Protection Service (pdp.gov.ge).
To exercise any of these rights, contact us at support@convertessa.app with the subject line "Privacy Request" and a description of your request. We will respond within 30 calendar days.
7. International Data Transfers
We are based in Georgia (country). Our infrastructure is hosted on Cloudflare, which operates data centres globally. By purchasing Convertessa or using the Site, you acknowledge that your personal data may be processed in data centres located outside your country of residence.
Cloudflare provides appropriate safeguards for international transfers through Standard Contractual Clauses and other mechanisms under GDPR Chapter V.
8. Children
Convertessa is not directed at children under 13 (or under 16 in the EU/EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@convertessa.app.
9. Changes to This Policy
We may update this policy from time to time. Material changes will be posted at convertessa.app/privacy at least 14 days before taking effect. We will note the updated "Last updated" date at the top.
10. Contact
Individual Entrepreneur DALER AZIMOV
Georgia, Tbilisi, Saburtalo district, Bakhtrioni street, N 22, apartment N75
Email: support@convertessa.app
Phone: +992 88 000 1024