Privacy
Privacy Policy
Last updated: January 26, 2026
1. Information We Collect
We collect information in two distinct categories:
Account Information
- Name, email, and contact details
- Company/Team details
- Billing information (processed securely by Stripe)
Transformation Data
- Source files you upload for processing
- Mapping logic and rules you create
- Lookup tables you specifically save to your library
2. How We Use Your Information
We use the collected information to:
- Provide and improve our data transformation services
- Communicate with you about updates and features
- Ensure security and prevent fraud
- Comply with legal obligations
3. Data Retention & Security
Our retention policy is designed to minimize liability and risk:
- Temporary Retention: Data uploaded for transformation is securely stored in an isolated environment for 24 hours to facilitate large file processing and retrieval. It is automatically and permanently deleted after this window.
- User Library: Configuration data (Mapping Logic, Lookup Tables) that you explicitly save is stored with at-rest encryption until you choose to delete it.
- Infrastructure: We utilize SOC2 compliant providers (Railway, Supabase) hosted in US regions (Virginia).
4. AI Data Usage
If you opt-in to AI-assisted features:
- We share only schema information (headers) and a small sample (first 10 rows) with our AI provider, with PII masked.
- Your data is never used to train external AI models.
- We do not retain the data sent to the AI provider.
5. Third-Party Service Providers (Sub-processors)
We utilize trusted third-party service providers to facilitate our services. We have Data Processing Agreements (DPAs) in place with each provider.
| Provider | Purpose | Location |
|---|---|---|
| Railway | Application Hosting & Processing | USA (Virginia) |
| Supabase | Database & Authentication | USA |
| Vercel | Frontend Hosting, Edge Network & CDN | Global / USA |
| OpenAI | AI Logic Processing (Opt-in) | USA |
| Stripe | Payment Processing | USA |
| Sentry | Error & Performance Monitoring | USA |
6. International Data Transfers
DataFlowMapper is hosted in the United States. If you are accessing the service from the European Economic Area (EEA), United Kingdom, or Switzerland, please be aware that your data will be transferred to and processed in the United States.
To ensure the protection of your data during these transfers, we rely on the European Commission's Standard Contractual Clauses (SCCs) as the legal mechanism for data transfer. By using our services, you acknowledge and agree to this transfer and processing.
7. Your Rights (GDPR & CCPA)
Depending on your location, you may have specific rights regarding your personal data:
- Right to Access: You can request a copy of your personal data.
- Right to Rectification: You can request corrections to inaccurate data.
- Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data.
- Right to Portability: You can request your data in a structured, commonly used format.
- Right to Withdraw Consent: You can withdraw consent for processing where applicable.
To exercise these rights, please contact us at support@dataflowmapper.com.
8. Cookies & Analytics
We use cookies and similar technologies to improve your experience and analyze service performance.
- Essential Cookies: Required for authentication and core functionality (e.g., Supabase Auth).
- Performance Monitoring (Essential): We use Sentry to identify and fix application errors.
- Marketing Analytics (Optional): We use Google Analytics, Microsoft Clarity, and LinkedIn Insights to understand website usage and improve our marketing. You can opt-out via our cookie banner or your browser settings.
The visual data transformation platform that lets implementation teams deliver faster, without writing code.
Start mappingNewsletter
Get the latest updates on product features and implementation best practices.