EGO HERO · LEGAL

Privacy Policy

Effective date: May 5, 2026

Short version: most of our tools run entirely in your browser, so we never see the files you convert. The data we do collect is the minimum needed to operate this site. We don’t sell data. We don’t share it with advertisers. We use Google Analytics only if you opt in.

Overview

This Privacy Policy describes how EGO HERO LLC (“EGO HERO,” “we,” “us”) collects, uses, and shares personal information when you use egohero.com and our related services (the “Service”). It applies to visitors, registered users, and people who contact us. It does not cover third-party services we link to.

1. Who is the controller / business?

For the purposes of the EU/UK General Data Protection Regulation (“GDPR”) and US state privacy laws (CCPA/CPRA, VCDPA, CPA, etc.), the controller / business is:

  • EGO HERO LLC
  • 5830 E 2nd St, Ste 7000 #31990, Casper, WY 82609 US
  • Email: hello@egohero.com

We have not appointed a Data Protection Officer because we are not required to. You can reach our privacy team at the email above for any GDPR or US-state-law request.

2. Data we collect

2.1 Files you process with our tools

None reach our servers. Every converter on this site — image, audio, video, document, data, 3D, security, OCR, RAW, DICOM, and the rest — runs in your browser using Web APIs and WebAssembly. Your files are read into your browser’s memory, processed locally, and offered back to you as a download. We do not receive, store, log, or transmit them. You can verify this in your browser’s DevTools Network tab.

2.2 Account information (only if you sign in)

Some sections (the design-system catalog) require you to sign in. When you do, our authentication provider Supabase records:

  • Your email address.
  • A user ID (UUID) used to identify your account.
  • Sign-in metadata (timestamps, OAuth provider, last-seen).
  • Your access status for gated features (“pending,” “approved,” or “rejected”) and timestamps for any change to that status.

Your Supabase session token is stored in your browser’s localStorage. We do not store passwords because we use Google OAuth and email magic-link authentication.

2.3 Contact-form submissions

If you fill out the contact form on the home page, we collect: name, email address, optional phone number, and the message you write. The form is delivered to us by email through our service provider, Mailgun. There is also a hidden “company” honeypot field used solely to filter automated spam.

2.4 Cookies, local storage, and analytics

See our Cookies Policy for the full inventory. In summary:

  • Strictly necessary: a single localStorage entry (egohero:consent:v1) recording your cookie choices, plus a Supabase auth token in localStorage when you are signed in.
  • Analytics (only if you consent): Google Analytics 4 with IP-anonymisation and ad-personalisation disabled. Sets first-party cookies named _ga and similar.

2.5 Server logs

Like most websites, our hosting infrastructure (Traefik reverse proxy, nginx, Docker) records standard request metadata: IP address, user-agent string, request path, response code, timestamp. These logs are kept on our server for a short period (rotated by file size; typically a few days) and used only for security, debugging, and to comply with law.

2.6 What we do NOT collect

  • We do not collect payment information — the Service is free.
  • We do not run session-recording or heatmap tools.
  • We do not buy data from third-party data brokers.
  • We do not sell data, ever.
  • We do not use the contents of files you process to train any model.

3. Purposes and legal bases

The table below summarises why we process the data above. For users in the EU/UK we identify the relevant legal basis under Article 6 GDPR.

  • Provide the Service. Run sign-in and access checks. Legal basis (EU/UK): performance of a contract / our legitimate interest in operating the Service.
  • Reply to your messages. Process contact-form submissions. Legal basis: legitimate interest / pre-contractual steps at your request.
  • Security and abuse prevention. Maintain server logs and detect attacks or fraud. Legal basis: legitimate interest.
  • Analytics (with consent). Aggregate usage statistics to improve the Service. Legal basis: your consent (which you can withdraw at any time via “Cookie settings” in the footer).
  • Comply with law. Respond to lawful requests from authorities. Legal basis: legal obligation.

4. Who we share data with

We use a small set of service providers (“sub-processors” under GDPR) to run the Service. They process personal data only on our instructions:

  • Supabase — authentication and the gated design-system database. Hosted in the United States.
  • Google — OAuth sign-in (if you sign in with Google) and Google Analytics 4 (only if you consent). Hosted in the United States.
  • Mailgun (Sinch) — delivery of contact-form submissions to us by email. Hosted in the United States.
  • Hostinger — the data centre that hosts our servers.
  • Hostinger DNS — DNS resolution for egohero.com.
  • unpkg / jsDelivr / Google Fonts — content-delivery networks that serve static font files and lazy-loaded WebAssembly libraries to your browser. They receive standard request metadata (IP, user-agent) like any website you visit.

We may also disclose information when we have a good-faith belief that doing so is required by law, to protect our rights or property, to investigate fraud or security incidents, or with your consent. In the unlikely event we are involved in a merger, acquisition, financing, or sale of assets, personal data may be transferred as part of that transaction; we will notify affected users and require the recipient to honour this Policy.

5. International data transfers

EGO HERO is based in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US, where data-protection laws may differ from those in your country. For transfers from the European Economic Area, the United Kingdom, and Switzerland, we rely on the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) put in place with our service providers, plus appropriate technical safeguards.

6. Retention

  • Account data: kept while your account is active and for up to 12 months after deletion to permit account recovery and meet legal obligations, then deleted or anonymised.
  • Contact-form messages: kept in our email for as long as is necessary to respond and follow up; typically 24 months. You may ask us to delete sooner.
  • Server logs: rotated by file size; typically a few days to a few weeks. Not used for marketing.
  • Analytics data: we use the Google Analytics default retention setting (currently 14 months). You may withdraw analytics consent at any time and we will instruct Google to delete data associated with your client identifier.

7. Your rights

Subject to the law that applies to you, you have rights regarding your personal data. We honour these rights for all users worldwide where we reasonably can:

  • Access — ask for a copy of personal data we hold about you.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Deletion — ask us to delete your data; we may retain limited information where the law requires us to.
  • Portability — ask for a machine-readable copy of data you have provided to us.
  • Restriction / objection — ask us to limit how we use your data, or object to processing based on legitimate interest.
  • Withdraw consent — for anything based on consent (e.g. analytics), withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Non-discrimination (US states) — we will not discriminate against you for exercising any of these rights.

To make a request, email hello@egohero.com from the email address associated with your account or your request, with the subject line “Privacy request.” We will respond within the period required by your law (typically 30 days under GDPR; 45 days under CCPA, extendable once where allowed). We will need to verify your identity.

8. EU/UK specifics

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the right to lodge a complaint with your national data-protection authority. We’d appreciate the chance to address your concern first — please email hello@egohero.com before complaining.

We do not engage in automated decision-making that produces legal or similarly significant effects. We do not perform “targeted advertising” or sell personal data, including in the meaning given to those terms by US state privacy laws.

9. US state-specific rights

Residents of California, Virginia, Colorado, Connecticut, Utah, and other states with equivalent statutes have specific rights under their state laws (collectively, “State Laws”). In addition to the rights above:

  • You may designate an authorised agent to make a request on your behalf, subject to our verifying the agent’s authority.
  • California “Shine the Light”: we do not share personal information with third parties for their direct marketing purposes.
  • Sale and sharing: we do not “sell” or “share” personal information for cross-context behavioural advertising. Therefore there is no “Do Not Sell or Share My Personal Information” opt-out to honour beyond the analytics consent control already provided.
  • Sensitive personal information: we do not collect or use sensitive personal information for purposes that would require an opt-out under State Laws.
  • Global Privacy Control (GPC): we treat a verified GPC signal from your browser as a request to opt out of any future analytics consent prompt for that browser session.

10. Children

The Service is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, contact hello@egohero.com and we will delete it. Where stricter laws apply in your country (for example, the GDPR’s digital age of consent of up to 16), those higher minimums apply instead.

11. Security

We use industry-standard measures to protect personal data, including encryption in transit (HTTPS), strict access controls on our servers, and minimisation of data collection. No method of transmission or storage is perfectly secure; we cannot guarantee absolute security. If we become aware of a breach affecting your personal data, we will notify you and the relevant authorities as required by law.

12. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes we will update the “Effective date” at the top and, where reasonably practicable, notify you through the Service. Your continued use of the Service after the new effective date constitutes acceptance of the updated Policy.

13. Contact us

Privacy questions or rights requests: hello@egohero.com — or by post to EGO HERO LLC, 5830 E 2nd St, Ste 7000 #31990, Casper, WY 82609 US.

EGO HERO uses only the cookies and local storage strictly necessary to make this site work. We’d also like to use optional analytics to understand traffic in aggregate. Nothing optional runs until you say yes. See our Cookies Policy and Privacy Policy for details. You can change your choice any time via “Cookie settings” in the footer.