ConV Security & Privacy Architecture

ConV delivers browser-based image optimization without routing source or output files through ConV-operated image infrastructure. Codec execution happens via WebAssembly; orchestration leverages Web Workers. Billing and subscription validation use Stripe independently of optimizer bytes.

This document helps IT security, procurement, data protection officers, and compliance partners evaluate how ConV reduces upload-related risk compared with typical cloud converters.

ConV exists to help teams compress, convert, resize, and strip metadata from large batches of raster images while keeping operations inside a controlled browser session. It is not a DAM, CDN, or legal compliance product on its own.

Users explicitly select local files. Those files are read into tab memory, processed, and optionally packaged into ZIP archives. No step in the described workflow uploads image payloads to ConV for remote conversion.

1. User device loads the ConV web application over HTTPS.
2. User selects files; the browser reads bytes into RAM.
3. Web Workers schedule decode/encode jobs using WASM modules.
4. Optional metadata stripping runs locally before download.
5. Outputs and ZIP bundles are offered from the same session.

• Raster image bytes provided by the user.
• Derived previews for UI display.
• Intermediate buffers required for encoding.
• ZIP archive structures generated client-side.

• HTTP requests for HTML, JavaScript, WASM assets, and fonts.
• Authenticated entitlement checks tied to billing when applicable.
• Optional privacy-friendly analytics where enabled by deployment configuration.

• Image pixel payloads from optimizer jobs.
• EXIF or GPS metadata extracted for stripping.
• Optimized binaries prior to explicit user download.

Metadata removal uses the same local pipeline as encoding. Results depend on format, codec, and browser implementation. Teams must verify outputs when legal or contractual obligations require complete removal.

Stripe handles payment instruments, invoices, and subscription state. ConV issues server-side session checks based on Stripe responses. That control plane does not require image uploads and is not used to exfiltrate optimizer payloads.

Entitled customers may request a time-limited sign-in link if their browser loses the signed session cookie. The flow consults Stripe customer records to deliver the link through an email provider. No password database is maintained by ConV for this flow.

• Browser crashes or tab closure discard in-memory jobs.
• Large batches may exhaust device RAM.
• Extensions or enterprise policies can alter behavior.
• Availability depends on user networks and browser vendors.

Local processing can reduce unnecessary transfers to US-centric image SaaS. Whether ConV fits a specific processing activity requires your Article 30 records, DPIA, and vendor due diligence. ConV does not certify customers against GDPR automatically.

• Map ConV components to your system diagram and data inventory.
• Document approved browser versions and hardware minimums.
• Validate metadata stripping on representative files.
• Coordinate with counsel on cross-border considerations for non-image data.

Email [email protected] for privacy-specific questions referencing this whitepaper version.