Privacy Policy

Last updated: April 11, 2026

1. Introduction

SciZone ("we", "our", or "the Service") is an enthusiast project operated by an individual, not a company. This Privacy Policy explains what limited information is collected when you use the Service, and what we deliberately do not collect.

By using the Service, you agree to the practices described here. If you do not agree, please stop using the Service.

2. Information We Collect

2.1 Files You Process Locally

When you use the local image converter, your files are processed entirely on your device by a WebAssembly module running in your browser:

  • Files never leave your device. No image, file name, or file content is uploaded to any server controlled by us.
  • Temporary local storage. Converted files are kept in your browser's IndexedDB during a conversion session and are cleared when you start a new batch or click Clear.
  • No identifiers. We do not associate the files you process with any account, cookie, or identifier.

2.2 Cloud Integration (Optional)

If you choose to convert files stored in Google Drive or Dropbox:

  • OAuth tokens stay in your browser. Temporary access tokens issued by Google or Dropbox are kept in your browser's sessionStorage and are not transmitted to or stored by us.
  • File access is direct. Files are downloaded from and uploaded back to your cloud provider directly from your browser, using their official APIs.
  • No server-side proxy. We do not host a backend that touches your cloud files.

You can revoke access at any time through your Google or Dropbox account settings.

2.3 Analytics and Advertising

To understand how many people visit the site and which pages are useful, we load Google Analytics 4 (measurement ID G-R29QK2EHHC) on every page. GA4 collects aggregated, pseudonymous visitor data: pages viewed, approximate country (derived from a truncated IP address), browser and device type, referrer, and session duration.

The site also declares a Google AdSense account (publisher ID ca-pub-2477226824798244) via a <meta> tag for ownership verification. No AdSense script or ad units are currently loaded on the site, so AdSense does not actively collect data or set cookies. If we ever start showing ads, this policy will be updated accordingly.

Both services are operated by Google. The data Google Analytics collects is governed by Google's own privacy policy and data processing terms. We never see your personal identity through them — only aggregated reports in the Google Analytics console.

We do not show a cookie consent banner because we do not use this data for personalised advertising or for tracking individuals across other sites — only for understanding the size and rough geography of our audience. If you would prefer not to be measured at all, you can install Google's official Analytics opt-out browser add-on, or use any standard tracker-blocker extension — the converter itself will keep working.

2.4 What We Do NOT Collect

We do not collect, request, or store:

  • Your name, email address, phone number, or any account information (we have no accounts).
  • The content, names, or metadata of any files you process — those never leave your device.
  • Anything that ties Google Analytics data back to you personally.
  • Device fingerprints, advertising profiles, or cross-site behavioural data of our own.

3. How We Use Information

The limited information described above is used only for:

  • Providing the conversion service.
  • Understanding aggregated visitor patterns through Google Analytics (where people come from, which pages get used) so we can decide what to improve next.

We do not sell, rent, or share data with any third party other than the Google services described in section 2.3. We do not use the information for personalised advertising or for re-identification.

4. Data Storage and Processing

4.1 Local Browser Storage

Files processed by the local converter live in your browser's IndexedDB only:

  • They remain on your device.
  • They are not accessible to us or any third party.
  • You can delete them at any time by clearing site data for scizone.dev in your browser.

4.2 Cloud Integration

OAuth tokens for Google Drive and Dropbox are stored in sessionStorage and are wiped automatically when you close the browser tab. Files exchanged with the cloud provider pass directly between your browser and the provider's servers — they are never stored on infrastructure we control.

4.3 Analytics Data on Google's Servers

Data collected by Google Analytics 4 is processed and stored by Google according to its own retention rules; we have not customised the defaults. We only access aggregated, non-identifying reports through the Google Analytics console. We do not export raw event data or join it with anything else.

5. Third-Party Services

The Service relies on the following third parties. Each has its own privacy policy, which we encourage you to read:

  • Google Drive API — used only when you choose the Google Drive flow.
  • Dropbox API — used only when you choose the Dropbox flow.
  • Google Analytics 4 — loaded on every page for aggregated visitor measurement.
  • Google AdSense — declared via a meta tag for account ownership; no script or ad units are currently loaded.
  • Cloudflare Pages — hosts the static site; standard server logs may be processed by Cloudflare for security and infrastructure operation.

Relevant policies:

We are not responsible for the privacy practices of these services beyond our own integration with them.

6. Your Rights

Under applicable data protection laws (including the GDPR), you have the following rights:

  • Access — you can ask what data we hold about you. In practice, we hold none directly; the only data linked to your visit lives inside Google Analytics in aggregated, non-identifying form.
  • Deletion — you can clear all locally-stored data by clearing site data for scizone.dev in your browser.
  • Object / Opt-out — you can opt out of Google Analytics measurement by installing the official Google opt-out add-on or by using any tracker-blocker extension. You can revoke cloud-provider access at any time through your Google or Dropbox account settings.
  • Stop using the Service — you can stop visiting at any time, and there is nothing left tied to you afterwards.

Because we hold no accounts and identify no individuals, requests to "delete your account" or "export your data" are not applicable in the usual sense — there is nothing on our side to export or delete.

7. Data Security

We take a few simple measures to keep things safe:

  • Local processing — files are converted in your browser and never uploaded.
  • No backend — there is no server we control that stores files or personal data.
  • Standard OAuth 2.0 — cloud integrations use the official Google and Dropbox auth flows.
  • HTTPS everywhere — the site is served over TLS by Cloudflare.

That said, no transmission over the internet is ever 100% secure. We cannot make absolute guarantees.

8. Cookies and Local Storage

The site uses the following storage mechanisms:

  • IndexedDB — stores converted files temporarily during a conversion session. Cleared by clicking Clear or by clearing site data in your browser.
  • sessionStorage — holds OAuth access tokens for Google Drive / Dropbox during a single session, plus a CSRF state value for the Dropbox login flow. Wiped automatically when you close the tab.
  • Google Analytics cookies (_ga, _ga_R29QK2EHHC) — set by the GA4 script to distinguish unique browsers and sessions in aggregated reports.

We do not set any first-party cookies of our own. Blocking third-party cookies in your browser, or using a content blocker, will disable Google Analytics measurement without affecting the conversion functionality.

9. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from anyone, including children. If you are a parent or guardian and believe a child has somehow shared identifying information with us, please contact us so we can address it.

10. Changes to This Privacy Policy

This policy may be updated from time to time. When that happens, we will update the "Last updated" date at the top of this page. Material changes (for example, adding a new third-party integration) will be called out in the affected sections.

Continued use of the Service after a change means you accept the updated policy.

11. Contact

Questions or concerns about this Privacy Policy? Reach out at:

support@scizone.dev

For privacy-related inquiries, please include "Privacy Policy" in the subject line.