Privacy Policy

Last Updated: December 7, 2024

In Short: CSVImport collects minimal data (email addresses, session data, and temporary CSV files) to provide the service. We use PostHog (EU-hosted) for analytics. Your data stays in the EU and is protected under GDPR.

1. Data Controller

This service is operated by:

Name: Alessandro Diaferia
Location: Italy
Contact: info@csvimport.it

2. What Data We Collect

2.1 Email Addresses (Waitlist)

What: Email addresses submitted through the waitlist form
Why: To notify you about CSVImport launch updates and product news
Legal Basis: Your explicit consent (checkbox on waitlist form)
Retention: Indefinitely, or until you request deletion

2.2 CSV Files and Import Data

What: CSV files you upload for processing
Why: To perform the import to your specified API
Legal Basis: Necessary for service delivery (contractual necessity)
Retention: Session-based only (deleted when session ends or after 24 hours)
Important: We do not permanently store your CSV data. Files are processed in memory and temporary storage, then deleted.

2.3 Session Data

What: Session cookies (user preferences, wizard state)
Why: To maintain your session and wizard progress
Legal Basis: Necessary for service delivery (technically essential)
Retention: Session duration (browser session or 24 hours)

2.4 Analytics Data (PostHog)

What: Page views, button clicks, navigation patterns (no session recordings)
Why: To understand how users interact with CSVImport and improve the service
Legal Basis: Your consent (cookie consent banner)
Tool: PostHog (EU-hosted instance)
Retention: 90 days in PostHog, then anonymized/deleted
GDPR Compliance: PostHog is GDPR-compliant with servers in the EU. See PostHog's Privacy Policy

3. Cookies We Use

Cookie Name	Purpose	Type	Duration
`rack.session`	Session management	Essential	Session
`cookie_consent`	Remember your cookie preference	Essential	365 days
`ph_*`	PostHog analytics (user ID, session tracking)	Analytics	365 days

Note: Analytics cookies are only set if you accept cookies via the consent banner. Essential cookies are always active as they're necessary for the service to function.

4. How We Use Your Data

We use collected data only for:

Service Delivery: Processing CSV imports, maintaining session state
Communication: Sending launch updates to waitlist subscribers
Analytics: Understanding user behavior to improve CSVImport (with your consent)
Legal Compliance: Complying with legal obligations (e.g., responding to lawful requests)

We do NOT:

Sell your data to third parties
Use your data for advertising or profiling
Share your CSV data with anyone (it's processed and deleted)
Send spam or unsolicited marketing (waitlist emails only)

5. Data Storage and Security

Location: All data is stored in the European Union (GDPR-compliant hosting)
Security Measures: HTTPS encryption, secure session cookies (httponly, secure flags), rate limiting, file upload validation
Access Control: Only Alessandro Diaferia has access to stored data
Third-Party Processors: PostHog (EU instance) for analytics - covered by Data Processing Agreement (DPA)

6. Your GDPR Rights

Under GDPR (EU Regulation 2016/679), you have the right to:

6.1 Right of Access

Request a copy of the personal data we hold about you (email address, analytics data).

6.2 Right to Rectification

Request correction of inaccurate or incomplete data.

6.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data. We will comply unless legally required to retain it.

6.4 Right to Restrict Processing

Request limitation of how we use your data (e.g., stop analytics while keeping waitlist email).

6.5 Right to Data Portability

Receive your data in a machine-readable format (JSON/CSV).

6.6 Right to Object

Object to processing based on legitimate interests (e.g., analytics).

6.7 Right to Withdraw Consent

Withdraw consent for analytics cookies or waitlist emails at any time.

To Exercise Your Rights: Email info@csvimport.it with your request. We will respond within 30 days as required by GDPR.

7. Data Sharing and Transfers

We share data only with:

PostHog (EU): Analytics processor, GDPR-compliant, DPA in place, servers in EU
Hosting Provider: EU-based, GDPR-compliant

No International Transfers: All data stays within the European Union. If this changes, we will update this policy and notify you.

8. Data Retention

Data Type	Retention Period
Waitlist emails	Indefinitely (or until deletion request)
CSV files	Session duration (max 24 hours)
Session cookies	Browser session or 24 hours
Analytics data (PostHog)	90 days, then anonymized/deleted

9. Children's Privacy

CSVImport is not intended for children under 16. We do not knowingly collect data from children. If you believe we have inadvertently collected data from a child, contact us immediately at info@csvimport.it.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Changes will be posted on this page with an updated "Last Updated" date. For material changes, we will notify waitlist subscribers via email.

11. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Italian Data Protection Authority:

Name: Garante per la Protezione dei Dati Personali
Website: www.garanteprivacy.it
Email: garante@gpdp.it

12. Contact Us

For privacy-related questions, data requests, or concerns:

Email: info@csvimport.it
Response Time: Within 30 days (GDPR requirement)

This Privacy Policy is governed by Italian law and GDPR (EU Regulation 2016/679).