Privacy Policy

Last updated: May 11, 2026

jpg.now (“we,” “us,” or “our”) is an online image conversion service. This policy explains what data we collect, why we collect it, how long we keep it, and the rights you have over it. We keep this document short and plain-language on purpose — if something is unclear, contact us.

1. Who We Are

jpg.now is an independent image conversion tool available at jpg.now. For privacy questions, contact us via the contact page.

2. Data We Collect and Why

2.1 Uploaded Files

When you convert an image, we receive and temporarily store the uploaded source file and the converted output. We process these files solely to perform the conversion you requested. We do not read, analyse, index, sell, or otherwise access the content of your files for any purpose other than completing your conversion.

2.2 Account Data (registered users only)

If you sign in with Google, we receive your Google account email address, display name, and profile picture URL via Google’s OAuth 2.0 flow. We never receive or store your Google password. No other sign-in method is available; there are no jpg.now passwords to store. We store your email address to identify your account, send transactional messages (e.g. billing receipts), and let you sign back in.

2.3 Conversion History and Metadata

For registered users, we store a record of each conversion job including file name, source/target formats, file sizes, and timestamp. This powers your conversion history dashboard. Guest conversions are not linked to any account.

2.4 Payment Data (Premium and Premium Plus subscribers)

Subscription payments are processed by a third-party payment processor. We do not store your card number, CVV, or full billing details. We receive and store only a subscription status, plan identifier, and billing period so we know which features to unlock on your account.

2.5 Technical Data

We collect standard web-server logs including IP address, browser user-agent string, referring URL, and request timestamps. IP addresses are used for rate-limiting and abuse prevention; they are not permanently linked to individual user identities beyond the current session.

2.6 Cookies and Session Data

We use the following cookies:

  • Session cookie — keeps you logged in across page loads. Expires when you sign out or the session times out.
  • CSRF token cookie — protects form submissions against cross-site request forgery. Tied to your session.

We do not use third-party advertising cookies, cross-site tracking pixels, or fingerprinting. If you use a Premium or Premium Plus plan, ads are not shown and no advertising-related cookies are set.

3. File Retention by Plan

Uploaded source files and converted outputs are automatically deleted according to your plan:

Account typeRetention period
Guest (no account)24 hours
Free account7 days
Premium ($9.99/mo)365 days
Premium Plus ($29.99/mo)Stored indefinitely while account is active

Deletion is automatic and permanent. No backup copies are kept after deletion. If you cancel a Premium or Premium Plus subscription, your account reverts to the free-tier retention window; files beyond 7 days old may be deleted as part of that transition.

4. How We Share Data

We do not sell, rent, or trade your personal data. We may share limited data in the following circumstances:

  • Payment processor — your email and billing amount are passed to our payment processor to create and manage your subscription.
  • Infrastructure providers — file storage and server hosting providers handle your data under data-processing agreements that require them to keep it confidential.
  • Legal obligations — we may disclose data if required by law or to protect the rights and safety of our users or the public.

5. Data Security

All data is transmitted over HTTPS (TLS). Uploaded files are stored at paths derived from unguessable identifiers; there are no publicly browsable file listings. We apply rate-limiting, CSRF protection, MIME-type validation, and file-size limits to reduce abuse vectors. No system is perfectly secure, and we cannot guarantee absolute protection of data transmitted over the internet.

6. Your Rights

Depending on your location, you may have rights under GDPR, CCPA, or similar laws, including:

  • Access — request a copy of the data we hold about you.
  • Correction — ask us to correct inaccurate account data.
  • Deletion — delete your account and all associated data via Account Settings › Danger Zone, or by contacting us. Deletion is permanent and immediate.
  • Portability — request your conversion history data in a machine-readable format.
  • Opt-out of marketing — uncheck “Email me product updates” in Account Settings at any time. Transactional emails (billing receipts, security notices) cannot be opted out of while your account is active.

To exercise any of these rights, use Account Settings or contact us. We will respond within 30 days.

7. Children’s Privacy

jpg.now is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us so we can delete it.

8. Changes to This Policy

We may update this policy as the service evolves. The “Last updated” date at the top will reflect any changes. Material changes will be communicated via a notice on the site or by email to registered users before they take effect.

9. Contact

Privacy questions or requests: Contact Us.