Data Processing Addendum
A plain-English summary of how ChangeThisFile processes data on your behalf — and how to execute a signed DPA.
The Short Version
For the contents of files you convert, you are the data controller and ChangeThisFile is a data processor. Files are processed solely to perform the conversion you requested, retained for minutes (at most 24 hours for async API jobs), never inspected outside the conversion path, and never used to train anything. For account, billing, and usage data, ChangeThisFile is the controller.
What We Process, Why, and for How Long
| Data | Purpose | Retention |
|---|---|---|
| File contents | Performing the conversion you request — nothing else | Synchronous conversions: input deleted immediately when the conversion finishes (success or failure); output deleted seconds after delivery. Async API jobs: deleted automatically from temporary storage within 24 hours. Client-side conversions are never transmitted to us at all. |
| Account data (email, hashed API keys, plan, usage counts) | Authentication, quotas, billing | While your account is active; deleted on request |
| Usage metadata (format pair, file size, duration, success/failure) | Analytics and capacity planning — never includes file contents | 12 months |
| Payment data | Handled by Stripe; we never store card details | Per Stripe's retention |
Subprocessors
| Subprocessor | Purpose | Location |
|---|---|---|
| Cloudflare, Inc. | CDN, edge compute, DNS, temporary async-job storage (R2) | Global edge network (US-headquartered) |
| Hetzner Online GmbH | Conversion server hosting | Germany (EU) |
| Stripe, Inc. | Payment processing | United States / EU entities |
| Maileroo | Transactional email delivery (sign-in links, receipts, account notices) | Email delivery network |
We notify customers with an executed DPA before adding or replacing subprocessors.
International Transfers
Server-side file processing takes place in Germany (EU). Where a subprocessor operates outside the EEA (Cloudflare, Stripe), transfers rely on the EU Standard Contractual Clauses and, where the provider is certified, the EU-US Data Privacy Framework.
Security Measures
Technical and organizational measures are described on our security page: TLS in transit, a sandboxed and resource-isolated conversion backend, code-enforced automatic file deletion, and no file-content analytics. That page serves as the plain-English equivalent of an Annex II measures description.
Data Subject Requests & Deletion
Because files are deleted automatically within minutes of conversion, there is normally nothing left to delete by the time a request could reach us. For deletion of account data, or to route a data-subject request you've received as a controller, email support@changethisfile.com — we respond to all requests and will confirm completion.
Executing a DPA
A signable Data Processing Addendum incorporating the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) is available for execution on request for API customers. Email support@changethisfile.com with your company name and entity details and we'll return a countersigned copy.
This page is a summary for review convenience — the executed DPA is the governing document.