Why your company blocks online image converters
CloudConvert, Convertio, FreeConvert, OnlineConvert and similar services work by uploading your file to a third-party server. From your corporate IT department's perspective, this is exactly the pattern DLP (Data Loss Prevention) systems are designed to stop: an internal user, possibly handling regulated data, transferring file content out to a public cloud.
Most enterprise networks block the entire category — not just CloudConvert. Depending on the DLP product (Microsoft Purview, Forcepoint, Netskope, Zscaler), the block surfaces as "This action has been blocked by IT policy", "Unable to upload", a generic HTTP 403, or sometimes nothing at all (silent quarantine, with a notification to the security team).
How LocalJPG slips past the DLP rule
LocalJPG doesn't upload anything. The site is a static HTML page hosted on Cloudflare Pages. The image conversion logic ships as a WebAssembly module that runs inside your browser tab. The complete picture from the DLP system's side:
- HTTPS GET to
localjpg.com— static HTML, ~100 KB - HTTPS GET for the JavaScript and WebAssembly bundles — cached after first load
- Zero file uploads during conversion
- Zero outgoing requests with body content from your local files
The conversion runs in JavaScript memory, the output JPG is created in browser memory, and the "download" is a Blob URL handed to the browser's native save dialog. Nothing touches the network during the conversion step.
Proving it to your IT department (or yourself)
- Open localjpg.com.
- Press F12 to open DevTools.
- Switch to the Network tab. Clear the list.
- Drop a file onto the converter.
- Watch the Network tab during conversion. You will see zero requests carrying your file content.
For a stronger demonstration: disconnect Wi-Fi after the page loads. The conversion still works. This is impossible if the converter were server-side.
Common corporate scenarios
- Bank / law firm secretaries — receive HEIC attachments from clients on iPhones; need to convert to JPG to embed in documents or upload to internal systems that only accept JPG.
- Government employees — many agency networks block all third-party file processing services as a matter of policy.
- Healthcare — HIPAA-adjacent networks treat any patient-related image as protected; uploads to public converters are flagged.
- Engineering / R&D — DLP blocks uploads of anything that might contain IP, even if the file looks like a vacation photo.
Caveats & honest limits
- If your IT specifically blocks
localjpg.comon the URL filter, you need an exception. Ask — the rationale ("static page, no upload, verifiable in DevTools") is straightforward for a security review. - If your browser is in a locked-down policy mode that blocks WebAssembly, the converter won't run. This is rare.
- For very large batches (hundreds of files at once), older corporate laptops with limited RAM may struggle. Convert in chunks.
Frequently asked
Is using this against corporate policy?
Almost certainly not — the policies you're working around target file upload, which LocalJPG doesn't do. But check your specific acceptable use policy.
Will the converted file leave a trail in browser cache?
Only as a normal download from the browser, the same as any file save. The converted JPG goes to your Downloads folder; nothing about the original is logged anywhere external.
What about HEIC files specifically?
Same workflow. Drop the .heic, get a .jpg back. Works for WebP, PNG, AVIF, BMP, TIFF too.
Related: CloudConvert alternative · HEIC to JPG · HEIC to JPG without uploading · Passport scan compression