Tools.FAST
Convert.FAST

Transform files between formats
Compress.FAST

Shrink files without losing quality
PDF.FAST Soon

Professional PDF tools
Tools.FAST Current

Your complete file toolkit

Your data, protected

Security & Privacy

Your files are your business. We built every layer of Tools.FAST to keep it that way.

Last updated: February 2026

Encryption

All connections to Tools.FAST use TLS 1.3 with perfect forward secrecy — your files are encrypted from the moment they leave your browser. On our servers, files are encrypted at rest using AES-256-GCM. Each file receives a unique encryption key derived via HKDF-SHA256 with a random salt, meaning that even if one key were compromised, no other file would be affected. During processing, files are decrypted only in memory for the duration of processing, then immediately re-encrypted. Decrypted data is never written to disk.

Data Isolation

Each job runs in complete isolation. Files are stored in per-job directories with unique identifiers, encrypted with per-file keys, and accessible only through authenticated download endpoints that verify ownership. No Tools.FAST team member can access your file contents — there are no admin endpoints for viewing or downloading user files, and encryption keys are managed programmatically without manual access.

Where Your Data Lives

All processing servers are physically located in the European Union (Germany) on dedicated infrastructure we control. Your files are stored and processed exclusively within EU borders, ensuring GDPR compliance and protecting your content from foreign surveillance laws.

Your files stream straight from your browser to our servers in Germany, encrypted with TLS 1.3. There's no third-party in the middle—we control the entire path from upload to deletion.

No Permanent Storage

Tools.FAST intentionally does not provide permanent file storage. We are a file processing network, not a cloud storage provider. Your files exist on our servers only for the time needed to process them and for you to download the results. After 1 hour, all files — both input and output — are permanently and irreversibly deleted.

Automatic Deletion

All files are automatically deleted 1 hour after processing completes—regardless of plan tier. You can also delete files immediately after downloading. Once deleted, files are securely wiped and cannot be recovered.

What we retain (for billing and fraud prevention): job identifiers, operation type, file sizes, processing time, and credits consumed.

What we do NOT store:

  • Filenames (only file extensions)
  • File contents or thumbnails
  • Metadata extracted from files
  • Raw IP addresses (we store only irreversible HMAC-SHA256 hashes for abuse prevention)

How Your Files Are Processed

For the vast majority of operations across the Tools.FAST network — image compression, document conversion, PDF processing — we process files entirely on infrastructure we own. Your files never leave our servers. We use open-source and commercial libraries (libvips, FFmpeg, Pandoc) with no external API calls.

Some advanced features on specific tools (such as audio transcription on Convert.FAST) use vetted GDPR-compliant AI providers. These providers process files solely for your requested operation, never use your files for AI training, and delete them immediately after processing. See each tool's Security page for specific details.

Privacy by Default

Image metadata stripped by default. EXIF data including GPS coordinates, camera info, and timestamps are removed from processed images to protect your privacy.

No AI training. Ever. We do not use your files to train, fine-tune, or improve any machine learning model — ours or anyone else's. Your content is processed solely for the operation you requested, then deleted.

No content analysis. We do not scan, fingerprint, index, or analyze your file contents for advertising, profiling, or any purpose other than processing. We have no interest in what your files contain.

No filename analysis. We don't log, analyze, or monetize your filenames. We have no interest in what you're processing or why.

Analytics & Cookies

We self-host Plausible Analytics on our own infrastructure—a privacy-focused analytics tool that doesn't use cookies, doesn't collect personal data, and is fully GDPR/CCPA compliant. Data is aggregated and anonymous; we cannot identify individual users. No analytics data leaves our servers.

Session cookies: We use minimal session cookies for authentication (encrypted, HttpOnly, SameSite=Strict). These are technically necessary and automatically deleted when you log out.

Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access your job metadata
  • Delete your files immediately or request account data deletion
  • Export your job history
  • Object to processing

To exercise your rights, email privacy@tools.fast. We respond within 30 days. See our full Privacy Policy for details.

Security Incidents

In the unlikely event of a security breach affecting your data, we will notify affected users within 72 hours (per GDPR requirements), explain what data was affected, and recommend steps to protect yourself.

To report a security vulnerability, email security@tools.fast. We respond within 24 hours.

Contact