Tools.FAST
Convert.FAST

Transform files between formats
Compress.FAST

Shrink files without losing quality
Tools.FAST Current

Your complete file toolkit
PDF.FAST Coming soon

Professional PDF tools

Your data, protected

Security & Privacy

Your files are your business. We built every layer of Tools.FAST to keep it that way.

Last updated: December 2025

Encryption

All connections use TLS 1.3 with perfect forward secrecy. Files are encrypted on disk using AES-256-GCM with unique per-job keys. During processing, files are decrypted only in memory for the milliseconds-to-seconds required, then immediately re-encrypted. Decrypted data is never written to disk.

Where Your Data Lives

All processing servers are physically located in the European Union (Germany) on dedicated infrastructure we control. Your files are stored and processed exclusively within EU borders, ensuring GDPR compliance and protecting your content from foreign surveillance laws.

Your files stream straight from your browser to our servers in Germany, encrypted with TLS 1.3. There's no third-party in the middle—we control the entire path from upload to deletion.

Automatic Deletion

All files are automatically deleted 1 hour after processing completes—regardless of plan tier. You can also delete files immediately after downloading. Once deleted, files are securely wiped and cannot be recovered.

What we retain (for billing and fraud prevention): job identifiers, operation type, file sizes, processing time, and credits consumed.

What we do NOT store:

  • Filenames (only file extensions)
  • File contents or thumbnails
  • Metadata extracted from files
  • IP addresses (only transient rate-limiting hashes)

No Third-Party Processing

Unlike services that rely on cloud APIs, we process files entirely on infrastructure we own. We use a mix of open-source and commercial libraries with no external API dependencies. Your files are never sent to third-party services for processing.

External services we use:

  • Stripe — Payment processing only. They never see your files.

Analytics & Cookies

We self-host Plausible Analytics on our own infrastructure—a privacy-focused analytics tool that doesn't use cookies, doesn't collect personal data, and is fully GDPR/CCPA compliant. Data is aggregated and anonymous; we cannot identify individual users. No analytics data leaves our servers.

Session cookies: We use minimal session cookies for authentication (encrypted, HttpOnly, SameSite=Strict). These are technically necessary and automatically deleted when you log out.

Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access your job metadata
  • Delete your files immediately or request account data deletion
  • Export your job history
  • Object to processing

To exercise your rights, email privacy@tools.fast. We respond within 30 days. See our full Privacy Policy for details.

Security Incidents

In the unlikely event of a security breach affecting your data, we will notify affected users within 72 hours (per GDPR requirements), explain what data was affected, and recommend steps to protect yourself.

To report a security vulnerability, email security@tools.fast. We respond within 24 hours.

Contact