Security

Last updated: January 18, 2026

Our Security Approach

Datamapify is designed with a privacy-first, security-conscious architecture. Our core principle is simple: your data files never touch our servers.

Client-Side Processing

All CSV and Excel file processing happens in your browser using WebAssembly. File contents are never uploaded to our servers.

No Data Collection

We don't use analytics trackers, collect browsing behavior, or store your file contents. See our Privacy Policy for details.

Secure Infrastructure

Our backend services use TLS encryption, secure authentication via Clerk, and payment processing through Stripe (PCI-DSS compliant).

Direct Cloud Transfer

Google Drive imports and exports transfer directly between your browser and Google. We never see or store the file data.

Data Flow Architecture

┌─────────────────────────────────────────────────────────────┐
│                      YOUR BROWSER                           │
│  ┌─────────────┐    ┌─────────────┐    ┌─────────────┐     │
│  │  CSV/Excel  │───▶│  Process &  │───▶│  Download   │     │
│  │   Upload    │    │  Transform  │    │   Result    │     │
│  └─────────────┘    └─────────────┘    └─────────────┘     │
│         │                                     │             │
│         ▼                                     ▼             │
│  ┌─────────────┐                      ┌─────────────┐      │
│  │Google Drive │◀────────────────────▶│Google Drive │      │
│  │   Import    │   (Direct Transfer)  │   Export    │      │
│  └─────────────┘                      └─────────────┘      │
└─────────────────────────────────────────────────────────────┘
                              │
                    Only metadata & auth
                              │
                              ▼
┌─────────────────────────────────────────────────────────────┐
│                    DATAMAPIFY SERVERS                       │
│  ┌─────────────┐    ┌─────────────┐    ┌─────────────┐     │
│  │    Auth     │    │  Templates  │    │   Billing   │     │
│  │   (Clerk)   │    │  (Postgres) │    │  (Stripe)   │     │
│  └─────────────┘    └─────────────┘    └─────────────┘     │
└─────────────────────────────────────────────────────────────┘

Third-Party Security

Service	Purpose	Compliance
Clerk	Authentication	SOC 2 Type II, GDPR
Stripe	Payments	PCI-DSS Level 1, SOC 2
Google Cloud	Drive API	ISO 27001, SOC 2, FedRAMP
Vercel	Hosting	SOC 2 Type II
Supabase	Database	SOC 2 Type II, HIPAA

Vulnerability Disclosure

We take security seriously and appreciate responsible disclosure of vulnerabilities.

How to Report

Email security@datamapify.ai with details
Include steps to reproduce the vulnerability
Allow us reasonable time to address the issue before public disclosure

What to Expect

Acknowledgment within 48 hours
Regular updates on our progress
Credit in our security acknowledgments (if desired)
We do not pursue legal action against good-faith security researchers

Security Practices

Encryption in transit: All connections use TLS 1.3
Encryption at rest: Database encrypted via Supabase/AWS
Access control: Role-based access, principle of least privilege
Dependency management: Automated security scanning via Dependabot
Code review: All changes reviewed before deployment
Error monitoring: Sentry for error tracking (no PII in logs)

Questions?

For security inquiries, contact security@datamapify.ai.