Privacy · How it works

Are online image converters safe? What you're actually uploading

'It's just an image, who cares?' — until it's a medical scan, an ID photo, or a design NDA. Here's what happens to your file on a typical converter, and how to check.

SCShariq Chaudhary· Founder, ImageConvertToJPG 5 min read

Every year we hear from users who converted a passport photo, a legal exhibit, or an internal design mockup on a random converter — and later found the image cached in search results, or the URL sitting on a public bucket. The pattern is consistent, and it's worth understanding before you drop your next file somewhere.

How a traditional converter works

You drop a file. The browser sends it as an HTTP upload to the site's server. The server runs a command-line tool (usually ImageMagick, sometimes libvips) and writes the output somewhere — a temp folder, an S3 bucket, or a CDN. You get a download link. On many services, that link is publicly reachable for anyone who guesses the (often sequential or predictable) filename.

What can go wrong

Publicly-listed S3 buckets. Search engines indexing 'private' download URLs. Server operators keeping images for 'quality analysis'. Breach of the third-party service. Cached copies on intermediate CDNs. None of these are hypothetical; each has happened publicly to a well-known converter service in the last five years.

The browser-based alternative

A tool that runs in your browser reads the file into memory (never sends it over the network), processes it locally using the Canvas API or WebAssembly, and produces the result inside the same tab. The file never leaves your device. That is what this site does — and it's provable by opening your browser's Network tab and watching: you should see zero requests going out with your image data.

How to tell if a tool is really local

Open DevTools → Network before you drop your file. If uploading the file triggers no outbound request (or only requests with tiny payloads, unrelated to the image), the tool is genuine. If you see a large POST request the moment you drop, it's uploading. Second check: turn off the network entirely (browser DevTools → Network → Offline) and try to convert. A real browser tool will still work; a server tool will fail.

When does this actually matter?

For a screenshot of a meme, not much. For personal photos of children, medical images, ID documents, work-in-progress designs, financial statements, or anything that would be embarrassing or damaging to have leaked — a lot. When in doubt, use a local tool.

Frequently asked questions

How can I tell if an online image tool is safe?

Open your browser's DevTools → Network before dropping a file. If no outbound request contains your image data, the tool is running locally. You can also flip Network to Offline mode — a real browser tool still works.

Does imageconverttojpg.com upload my images?

No. Every tool on the site processes files in your browser using the Canvas API or WebAssembly. Nothing is uploaded, stored or logged. You can verify this from your browser's DevTools.

Is it safe to compress a passport photo online?

Only with a browser-based tool that provably doesn't upload the file. Uploading a passport photo to a server-based converter risks it being cached, indexed by search, or leaked in a breach.

Tools referenced in this article
SC
Shariq Chaudhary
Founder, ImageConvertToJPG · imageconverttojpg.com

Shariq founded ImageConvertToJPG after a decade of shipping image pipelines for e-commerce and publishing platforms. Every tool on the site runs entirely in the browser — no uploads, no accounts, no tracking on tool pages.

Keep reading