File Safety

Your files are processed, not hosted.

FormatOS processes your file for the action you choose. No galleries, no public hosting, no file library, no selling of your uploaded files.

Browser-first

Most actions run locally

Temporary

Server files cleaned up

No galleries

No public file hosting

Your files

Not published or sold

Designed for

Everyday file work. Nothing risky.

FormatOS is built for practical, lawful file preparation. Only upload files you own or have clear permission to process.

What the workspace is built for:

Converting images between formats

Compressing files for email or forms

Organizing or splitting PDF pages

Cleaning hidden metadata before sharing

Packaging files into a ZIP archive

Trimming or compressing your own video

Converting spreadsheets between data formats

Preparing documents for web or print

On every upload

What we check before touching your file.

Every upload goes through a validation pass. Dangerous or unsupported files are rejected cleanly — not silently broken mid-process.

Extension check

Only recognized file extensions are accepted. Unknown or executable file types are rejected before any processing begins.

MIME type verification

The declared file type is cross-checked against what the file actually contains — not just what the filename claims.

Size limits enforced

Files that exceed current processing limits are flagged before upload completes, not after wasting your time waiting.

Dangerous types rejected

Executables, scripts, suspicious archives, and path traversal attempts are blocked and left unprocessed.

Where files go

Two paths. Both safe. Always honest.

Depending on the action you choose, your file is either processed entirely on your device or sent temporarily to a server. We tell you which — we never hide it.

Most operations

In your browser

Most image, PDF, data, and document actions run entirely in your browser tab. The file never leaves your device for these operations.

Video & audio

Temporary server processing

Video, audio, and some PDF operations require a server-side engine. Files are used only to complete the selected action, and the server route is designed to clean up temporary working files after processing.

Hard limits

Things FormatOS doesn't do.

These are not corner-case limitations — they are deliberate decisions. FormatOS is not built for these workflows and never will be.

URL-based media downloading

Social platform video downloading

Streaming site ripping

DRM or copy-protection bypass

Password cracking or PDF unlocking

Watermark removal from third-party content

Fake document generation

Permanent public file hosting

Public upload galleries

If you encounter anything on this site that appears to enable these workflows, please report it via the Contact page. That would be a bug, not a feature.

Honest note

Metadata removal isn't magic.

We reduce common hidden metadata — we don't guarantee perfect anonymization.

Metadata removal tools strip common fields like GPS location, camera model, author name, and document history. But metadata is complex — some fields may survive depending on the format, tool, or conversion path.

If you're handling sensitive files — legal documents, medical records, personal photos with location data — review the output carefully before sharing. And keep your originals until you're confident.

We'd rather be honest about this than claim something we can't fully deliver.

More detail