File privacy questions to ask before converting documents online

Some converters process files in the browser. Some send files to a server. Some call third-party services. Those are different privacy models, and the page should say which one applies.

Markdown For All processes uploads through its Go API. The practical privacy question is what gets stored, logged, and retained after the response is returned.

Do not upload confidential contracts, private customer records, medical files, or financial documents to a public tool unless your organization has approved that workflow.

For sensitive work, run the converter in an environment you control and keep access logs, storage, and backups aligned with your internal policy.

Converted Markdown can still contain names, account numbers, addresses, internal URLs, and other sensitive details. Treat the output with the same care as the source file.

Before using any online converter, decide what kind of file you are handling. A public blog draft is different from a contract, tax form, bank statement, medical record, or customer export. The file category should decide whether public conversion is appropriate.

Look for obvious sensitive data: names, addresses, account numbers, employee records, health information, credentials, private source code, unreleased product plans, and client materials. If any of those appear, do not upload the file unless your organization has approved the workflow.

When in doubt, use a self-hosted environment or ask the data owner. The convenience of a quick conversion is not worth creating a privacy incident. A five-minute check before upload is cheaper than explaining later why a sensitive document was sent to a public service.

Different converters have different privacy models. Some run entirely in the browser. Some send files to a server. Some call third-party APIs. Some store files for later processing. The page should tell you which model applies. If it does not, treat the tool with caution.

Markdown For All processes uploads through its Go API and returns Markdown to the browser. The privacy policy says uploaded files are deleted after the conversion response and that file contents are not intentionally logged. That is the stated model you should evaluate for your use case.

Even with a reasonable processing model, operational logs may record technical details such as file size, error type, request time, and status code. Those details are usually needed to operate a service. They are different from storing document contents, but they still belong in the privacy review.

Converted Markdown can contain the same sensitive information as the source file. Copying it into a repository, chat, AI tool, ticket, or public docs site can create the same risk as sharing the original document. The format changed, but the content did not become harmless.

Review the output before sending it anywhere else. Search for names, account numbers, addresses, internal URLs, access tokens, customer identifiers, and confidential project names. If the Markdown is used for RAG or search indexing, make sure the index has the same access controls as the source material.

If you need to share a conversion bug, create a minimal sample that reproduces the structure without private data. Replace real names with placeholders, remove account numbers, and keep only the layout pattern that caused the issue. Good bug reports do not require leaking real documents.

For workplace files, ask four questions. Who is allowed to see this file? Where will the uploaded copy be processed? How long is it retained? Where will the Markdown output go next? If you cannot answer those questions, do not upload the file yet.

Also ask whether the document is covered by a customer contract, data processing agreement, internal security policy, or regulatory rule. These obligations may restrict tools even when the tool itself is well designed.

A safe conversion workflow is not only about the converter. It includes the source file, the upload path, the generated Markdown, the review process, and the destination system. Privacy needs to cover the whole chain.

If the document is sensitive, convert it in an environment you control. That might mean a local or self-hosted deployment, a private network, or an approved internal tool. The important part is that access, logging, storage, and deletion follow the same rules as the original document.

Another option is to create a redacted sample for testing. Replace names, identifiers, account numbers, and private URLs before conversion. This lets you test whether the structure converts well without exposing the real content.

For teams, write down the approved path. A clear rule such as `public converter for public files only` prevents confusion. People make risky choices when the policy is vague and the deadline is close.