Is It Safe to Convert JPG to PNG (and PNG to JPG) Online?
Most online image converters upload your photos to a server. Learn the difference between server-side and browser-based conversion — and how to convert JPG and PNG without your files ever leaving your device.
Published: 19 Juli 2026

Short answer: it depends entirely on whether the converter uploads your files. Most online image converters send your photos to a remote server, convert them there, and send the result back. A browser-based tool does the whole job on your own device, so the image never travels anywhere. If your photos contain anything private — passport scans, medical images, family pictures, work screenshots — that distinction is the whole ballgame.
This guide explains what actually happens to a photo when you convert JPG to PNG (or PNG to JPG) online, how to tell the two approaches apart, and how to convert images without uploading them at all.
What happens when you convert images on most websites
When you drop a photo into a typical online converter, here's the sequence: your browser uploads the raw image bytes to the company's server, the server re-encodes the file (JPG to PNG or PNG to JPG), stores the result temporarily, and serves you a download link.
That means, for at least a short window, your photo physically sits on a machine you don't control. Most reputable services delete files after an hour or so, and many use encrypted connections — but you are still trusting their retention policy, their security, and their staff. For a meme or a stock photo, fine. For a passport scan, a medical X-ray, or a screenshot of your bank app, you're handing a copy of something sensitive to a third party you can't audit.
The uncomfortable part: from the user's side, a server-side converter and a browser-based converter look identical. Same drag-and-drop box, same "Convert" button. The difference is invisible unless you go looking — which is exactly why so many people assume "online" must mean "uploaded."
Server-side vs. browser-based: the difference that matters
There are two fundamentally different ways to convert JPG and PNG online, and the privacy gap between them is enormous.
- Server-side (the common way). Your image leaves your device, gets processed on someone else's computer, and comes back. Privacy depends on a stranger's policies.
- Browser-based / client-side (the private way). The conversion code runs inside your browser using JavaScript and the Canvas API. Your photo is read into memory locally, re-encoded locally, and offered back to you as a download — all without a single byte being transmitted. No upload endpoint ever receives the file. Close the tab and everything is gone, because nothing was ever stored anywhere but your own RAM.
A genuinely client-side tool can even work with your Wi-Fi switched off after the page loads. That's the simplest litmus test there is.
How to tell if an image converter actually uploads your files
You don't have to take anyone's word for it. Three ways to check, from easiest to most thorough:
- Go offline. Load the page, then turn off your internet. If you can still convert a file and download the result, the work is happening locally. If it stalls, your files were going to a server.
- Watch the Network tab. Open your browser's developer tools (F12 or right-click → Inspect → Network), then convert a file. On a client-side tool you'll see no request carrying your image data uploaded. On a server-side tool you'll see a large outgoing request — that's your photo leaving.
- Read the security page and look for open source. Tools serious about privacy explain their architecture and, ideally, publish their code so anyone can audit it. Vague reassurance ("we take your privacy seriously") with no technical detail is a yellow flag.
When does converting images online actually become risky?
To be fair, server-side conversion isn't automatically dangerous — most people convert harmless photos and nothing bad ever happens. The risk concentrates around a few situations:
- The image is sensitive — passport scans, medical photos, financial screenshots, or anything with personal identifiers.
- You're on a shared or work network where you don't know the data-handling rules.
- The tool is unfamiliar — no clear company behind it, no security page, no privacy policy.
- You'd be uploading repeatedly — every upload is another copy on another server.
If none of those apply, a mainstream tool is probably fine. If any of them do, browser-based conversion removes the risk entirely rather than asking you to trust it away.
Convert JPG and PNG without uploading them
The cleanest way to avoid all of this is to use a tool that never uploads in the first place. pdfruk's JPG to PNG and PNG to JPG tools run entirely in your browser — drop your image, click convert, and download the result. The file stays on your device the whole time, there's no account or sign-up, and you can verify the no-upload claim yourself using any of the checks above.
For sensitive photos especially, "it never left my device" is a stronger guarantee than "they promised to delete it." Read our security page for the full breakdown of how pdfruk handles your files.
Frequently asked questions
Can online JPG converters see my photos?
If the tool uploads files to a server, yes — at least temporarily. A browser-based converter processes images locally and never transmits your file contents.
Is it safe to convert passport scans or ID photos online?
Only with a tool that processes files in your browser. Avoid any converter that uploads to a server for images like these — use a client-side tool so the photo never leaves your device.
Can I convert JPG to PNG completely offline?
Yes. A true client-side tool keeps working after the page has loaded even with your internet disconnected, because all the processing happens on your own device.
How do I know an image converter isn't uploading my files?
Disconnect your internet after the page loads and try to convert — if it works, it's local. Or open your browser's Network tab and confirm no request carries your image data out.