Convert HEIC photos without uploading them

Type “heic to jpg” into a search engine and you’ll get pages of free converters. Most work the same way: your photos upload to their server, something processes them, converted files come back. For a random document that might be fine. For photos — and it’s worth spelling out why photos are different — the deal deserves more suspicion than it gets.

What you actually hand over when you upload a photo

A modern phone photo is not just the picture:

Upload a camera-roll batch to a converter and you’ve given an unknown company a location-stamped diary of your life, governed by a privacy policy you didn’t read, on servers in a jurisdiction you didn’t check. “We delete files after one hour” — the standard reassurance — is a promise about behavior, unverifiable from the outside, offered by a site whose business model you don’t know. Even with perfect intentions, their server is one breach away from your photos being someone else’s data set.

The point isn’t that every converter site is malicious. Most are surely fine. The point is that you can’t tell which, and for photos the downside is personal enough that “surely fine” is a weak standard.

The alternative: converters with no server at all

Browsers have quietly become capable of running serious software. WebAssembly lets a page ship a real codec — in our case libheif, the same open-source HEVC/HEIF decoder desktop tools use — and run it on your machine. The photo is decoded, redrawn and re-encoded locally; the site never receives anything because there’s nothing to receive it. This isn’t a nicer privacy policy — it’s an architecture in which the policy has nothing to cover.

Several sites now work this way (we’re one; we’re not the only one). Which raises the real question: marketing pages all say “private” — how do you check?

Check 1: the Network tab (two minutes, no expertise)

  1. Open the converter page in your browser.
  2. Press F12 (or right-click → Inspect) and switch to the Network tab.
  3. Convert a photo — a throwaway one, since you’re testing.
  4. Watch what appears. Page assets loading (scripts, styles, the decoder) is normal — that’s the tool arriving at your browser. What matters is whether any request leaves carrying your file: look for POST requests, or uploads with a size in the megabytes, fired when you drop the photo.

On a genuinely local converter, dropping and converting a photo produces no upload request. On an upload-based one, you’ll see your 3 MB photo leave immediately — even on some sites whose marketing says “secure” and “private,” which makes this check worth running on any tool you’re considering, ours included.

Check 2: pull the plug (thirty seconds, conclusive)

  1. Load the converter page fully.
  2. Disconnect — Wi-Fi off, airplane mode, cable out.
  3. Convert a photo.

A local converter keeps working, because everything it needs is already on your machine. An upload-based converter fails instantly, because its engine lives on a server you can no longer reach. This test is impossible to fake: no amount of marketing language survives an unplugged network cable. Our site goes a step further and works as an installable offline app — the without-uploading page has details.

The metadata bonus of local re-encoding

One more privacy property worth understanding: when a converter redraws the image and encodes it fresh — as ours does — the EXIF metadata (GPS, timestamps, device) doesn’t carry into the output. The JPG you share is clean; the original on your device keeps its data. If you share photos on marketplaces or forums, this matters independently of the upload question: plenty of platforms strip metadata on upload, but not all do, and a clean file is safe on all of them.

Note the two claims are separable: an upload-based converter can also strip metadata, but it strips it after seeing it. Local conversion is the only version where nobody but you ever had the data.

Reasonable objections, answered honestly

“Isn’t local conversion slower?” Decoding runs about a second per photo on typical hardware. Upload converters spend longer than that moving your batch up and down the network, so local usually wins — though on a fast connection with a small file it’s roughly a wash.

“My browser is old / locked down.” Local converters need JavaScript and WebAssembly — present in every mainstream browser for years, including on Windows 10’s still-updated browsers. Corporate machines that block the Microsoft Store generally don’t block web pages, which is exactly why the browser route works where codec installs don’t.

“Why trust your claims?” Don’t — that’s the whole thesis. Run both checks above on this site. They take under three minutes and they’re the same checks we’d run on anyone else.

The habit worth keeping

Before any personal file goes into any “free online tool,” spend the two minutes: Network tab open, convert, watch. If the file leaves, decide consciously whether that trade is worth it — sometimes it legitimately is. For photos, with local alternatives one search away, it almost never has to be.