csv-api
Log in Sign up

Privacy Policy

Last updated: March 16, 2026

1. Information We Collect

We collect the following information when you use csv-api:

  • Account information: email address and a securely hashed password when you register. We require email confirmation before you can access the Service.
  • CSV data: the files you upload and the data contained within them, stored in dedicated database tables.
  • API usage logs: for each API request we record the dataset accessed, your IP address, the timestamp, and the HTTP response status code. These logs are retained for 90 days and then automatically deleted.
  • Account activity: we log key account events (sign-ins, API key creation/revocation, dataset creation/deletion, plan changes) along with your IP address and browser user agent for security and auditing purposes.
  • Contact form submissions: if you contact us through the website, we collect your name, email address, subject, and message. These are sent to our support email and are not stored in the database.

2. How We Use Information

We use your information to:

  • Provide and maintain the Service, including storing your data and serving it through the API
  • Authenticate your identity and authorize API requests using securely hashed API keys
  • Enforce plan limits and per-user rate limiting
  • Process payments and manage your subscription through Stripe
  • Send account notifications such as email confirmation, password reset, and account unlock emails
  • Respond to support requests submitted through the contact form

3. Data Storage & Security

Your uploaded CSV data is stored in PostgreSQL. Each dataset gets its own isolated database table. All dynamic queries use parameterized SQL to prevent injection attacks.

API keys are stored as SHA-256 hashes — we never store your raw API key after initial generation. Passwords are hashed using bcrypt. All traffic is encrypted in transit via HTTPS. Accounts are protected against brute-force attacks with automatic lockout after repeated failed login attempts.

We implement reasonable security measures to protect your data, but no method of electronic storage or transmission is 100% secure.

4. Data Retention & Deletion

We retain your data for as long as your account is active. Specific retention policies:

  • API request logs: automatically deleted after 90 days by a recurring background job.
  • Datasets: when you delete a dataset, the underlying database table and all its data are permanently and immediately dropped.
  • Account data: if your account is terminated, all associated datasets, API keys, account events, and API request logs are permanently deleted.

5. Cookies

csv-api uses session cookies to keep you logged in. These are essential cookies required for the Service to function. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

6. Third-Party Services

We use the following third-party services to operate csv-api:

  • Stripe — payment processing and subscription management. When you subscribe to a paid plan, Stripe processes your payment information directly. We store only your Stripe customer ID and subscription status, never your payment card details. See Stripe's Privacy Policy.
  • Resend — transactional email delivery for account confirmation, password resets, and support notifications. See Resend's Privacy Policy.
  • Railway — cloud infrastructure hosting. See Railway's Privacy Policy.

7. Your Rights

You have the right to:

  • Access: view all data associated with your account through the dashboard and API
  • Export: retrieve your data at any time through the API
  • Delete: remove individual datasets and all their underlying data at any time
  • Correct: update your email address and password through the account settings page

8. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we have collected such information, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page with a revised "last updated" date.

10. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us at [email protected].