Privacy Policy

ZeroDataUpload

Last Updated: April 3, 2026
Effective Date: April 3, 2026

What This Policy Covers

Hi there. I'm Milan Salvi, and I run ZeroDataUpload through my company, Leena Software Solutions. This privacy policy is here to tell you, plainly, what happens with your data when you use our site at https://zerodataupload.com/.

The short version? Not much. We built ZeroDataUpload around a simple idea: your files and data should never leave your device. Every tool on our platform — from the PDF converter to the password generator to the image watermarker — runs entirely in your browser using JavaScript and browser APIs. Nothing gets uploaded to a server. There is no server-side processing. Your files stay on your machine, period.

That said, we do use Google Analytics and Google AdSense, and those services do collect some information. This policy explains exactly what that looks like. We've written it to cover our obligations under the GDPR, the CCPA/CPRA, and India's Digital Personal Data Protection Act (DPDPA) 2023.

Who We Are

Leena Software Solutions is the data controller for ZeroDataUpload. Here's how to reach us:

Data Controller: Leena Software Solutions
Founder: Milan Salvi
Address: Satyam APT, B-104, Plot - 65, Sai Section, Hutatma Chowk, Ambernath East, Maharashtra, India. PIN - 421501
Email: leenasoftwaresolutions@gmail.com
Website: https://zerodataupload.com/

The Big Picture: Your Files Never Leave Your Device

This is the most important thing we can tell you. When you use any of our tools — convert a PDF, generate a UUID, resize a passport photo, extract text with OCR — all of the actual work happens right there in your browser. We use client-side JavaScript, the Canvas API, Web Workers, and other browser technologies to process everything locally.

We don't have a backend that touches your files. We don't have a database storing your conversions. There is no account system, no login, no registration. We can't see what you're converting because it literally never reaches us. Our site is hosted on Cloudflare Pages, which serves static HTML, CSS, and JavaScript files — that's it.

What We Actually Collect (and What We Don't)

Let's start with what we don't collect, because the list is longer and more interesting:

Your files, images, documents, or any content you process with our tools
Your name, email, phone number, or any personal contact details
Login credentials (there are none — we don't have accounts)

Now, here's what does get collected — not by us directly, but by two Google services we use on the site:

Google Analytics 4 (GA4)

We use GA4 to understand basic things like which tools are popular, which pages have issues, and where our visitors come from geographically. GA4 collects:

Your IP address (Google anonymizes this automatically)
Browser type, version, and operating system
Screen resolution and device type (phone, tablet, desktop)
Pages you viewed, how long you stayed, and what led you to the site
Country and region (city-level data is not collected)

Google AdSense

We show ads to keep the site free. AdSense uses its own cookies and tracking to decide which ads to show you. Specifically, it collects:

Cookie identifiers for ad personalization
Device and browser details
Your IP address for geographic ad targeting
Whether you clicked or interacted with an ad

Technical Basics

Your browser also sends us standard technical information when loading the page — things like which image formats it supports and whether JavaScript is enabled. We don't log this in any custom way; it's just part of how the web works. Cloudflare, which hosts and serves our site, processes some technical data for performance and security (more on that below).

How and Why We Use This Information

We want to be upfront about why we collect anything at all, and what legal grounds apply:

Analytics (legal basis: legitimate interest). We look at aggregate traffic patterns to figure out which tools people use most, whether pages load correctly across different devices, and where visitors drop off. This helps us decide what to build next and what to fix. We don't use analytics to identify or profile individual visitors.

Advertising (legal basis: consent). Google AdSense shows ads on our pages. It uses cookies to personalize those ads based on your browsing habits across the web. This is how we keep the entire platform free to use — no subscriptions, no freemium tiers, no paywalls. You can opt out of personalized ads through Google's ad settings or your browser's cookie controls.

Keeping the site running (legal basis: legitimate interest). Basic technical processing — serving pages over HTTPS, caching through Cloudflare's CDN, protecting against bots — is necessary for the site to function at all.

Third-Party Services We Rely On

We work with three external services. Here's exactly what each one does with your data:

Google Analytics 4

Google Ireland Limited acts as the EU representative. We have a data processing agreement in place with Google. They receive anonymized usage data and device information. You can read Google's privacy policy for the full details, or install the Google Analytics opt-out browser add-on if you'd rather not be counted.

Google AdSense

AdSense receives cookie data, device information, and ad interaction metrics. You can manage your ad personalization preferences through Google Ads Settings. Google's advertising-specific privacy information is at policies.google.com/technologies/ads.

Cloudflare

Our site is hosted on Cloudflare Pages. Cloudflare's global CDN serves our static files and provides DDoS protection and SSL/TLS encryption. They process some technical data (IP addresses, request headers) as part of delivering the site to your browser. Their privacy policy is at cloudflare.com/privacy.

Where Your Data Goes (International Transfers)

Google and Cloudflare are global companies, so some data inevitably crosses borders. Google may process analytics and ad data in both EU and US data centers. Cloudflare operates a worldwide network and routes requests through whichever data center is closest to you.

These transfers are covered by Standard Contractual Clauses and, where applicable, adequacy decisions. We don't independently transfer your data anywhere — we don't have it to transfer.

How Long Data Sticks Around

Since we don't store your files or personal information ourselves, our retention story is really about what our third-party services keep:

Google Analytics: Retains data for 26 months, then automatically deletes it.
Google AdSense: Advertising identifiers expire after 18 months of inactivity. Cookie durations vary, typically 30 days to a year.
Your processed files: Zero retention. They exist only in your browser's memory while you're using the tool. Close the tab and they're gone. We never had them in the first place.

Your Rights Under Privacy Laws

Privacy regulations around the world give you meaningful control over your data. Here's what applies depending on where you are. To exercise any of these rights, email us at leenasoftwaresolutions@gmail.com and we'll respond as quickly as we can.

If You're in the EU or UK (GDPR)

You have the right to access, correct, or delete your personal data. You can also restrict or object to processing, request data portability, and withdraw consent you've previously given. If you feel we haven't addressed your concerns, you have the right to lodge a complaint with your local Data Protection Authority.

If You're in California (CCPA/CPRA)

You can ask us what personal information we've collected, request deletion, and opt out of any sale or sharing of personal information. We don't sell personal information in the traditional sense, but ad personalization may qualify as "sharing" under the CPRA. You also have the right to correct inaccuracies, limit use of sensitive personal information, and you won't face discrimination for exercising any of these rights.

If You're in India (DPDPA 2023)

Under the Digital Personal Data Protection Act, you can access your personal data, request corrections or erasure, and obtain data portability. You can withdraw consent at any time. If you're unsatisfied with our response, you have the right to file a complaint with the Data Protection Board of India.

Cookies: What's on Your Device

We use a few types of cookies. Here's a straightforward breakdown:

Essential cookies handle basic site functionality — things like remembering your dark/light mode preference. These don't require consent because the site can't work properly without them.

Analytics cookies come from Google Analytics. They help us see aggregate traffic patterns. These last up to 26 months and we rely on legitimate interest as the legal basis, though you can opt out anytime.

Advertising cookies come from Google AdSense. These are the ones that personalize the ads you see. They typically last anywhere from 30 days to a year. We ask for your consent before these are set — you'll see our cookie consent banner when you first visit.

You're always free to clear cookies through your browser settings or use our cookie consent banner to change your preferences.

How We Keep Things Secure

Our biggest security advantage is architectural: since your files never reach our servers, there's nothing for an attacker to steal. There's no database of user files to breach, no upload queue to intercept. The attack surface is genuinely small.

Beyond that, all connections use HTTPS/TLS encryption. Cloudflare provides DDoS protection and Web Application Firewall rules. We regularly review the third-party services we depend on, and we have procedures in place to handle any security incident that does arise.

A Note About Children

ZeroDataUpload isn't designed for children under 13, and we don't knowingly collect data from anyone in that age group. If you're a parent or guardian and believe your child has somehow provided personal information through our site, please reach out to us at leenasoftwaresolutions@gmail.com and we'll address it right away.

When This Policy Changes

If we make changes to this policy, we'll update the "Last Updated" date at the top and post the revised version here. For significant changes — say, if we added a new third-party service that collects data — we'd also put up a notice on the site itself. We won't reduce your rights under this policy without giving you clear notice first.

Managing Your Consent

When you visit ZeroDataUpload, you can manage what you consent to through our cookie banner. If you change your mind later, you can:

Adjust your cookie preferences through the consent banner (accessible from the footer)
Change your browser's cookie settings to block or delete specific cookies
Use Google's ad settings to control ad personalization
Install the GA opt-out add-on to stop analytics tracking
Email us directly at leenasoftwaresolutions@gmail.com

Withdrawing consent won't affect the lawfulness of any processing that happened before you withdrew it.

Supervisory Authorities

If you've raised a concern with us and you're not happy with how we've handled it, you can escalate to the relevant authority:

EU/UK: Your country's Data Protection Authority (a full list is available on the European Data Protection Board's website)
California: The California Privacy Protection Agency (CPPA) at cppa.ca.gov
India: The Data Protection Board of India, once fully operational under the DPDPA

Get in Touch

If you have questions about this policy, want to exercise your privacy rights, or just want to understand something better, we'd genuinely like to hear from you.

Email: leenasoftwaresolutions@gmail.com

Mail: Leena Software Solutions, Satyam APT, B-104, Plot - 65, Sai Section, Hutatma Chowk, Ambernath East, Maharashtra, India. PIN - 421501

We try to respond to all privacy-related inquiries within 30 days.

Last Updated: April 3, 2026