CSVbox
Get started free
Security & Compliance

Enterprise security,
built in from day one.

SOC 2 Type II certified, GDPR compliant, and designed to meet the strictest enterprise requirements — without slowing down your team.

Get started free
Certified & compliant
SOC 2 Type IICertified
GDPRCompliant
AES-256Encryption at rest
TLS 1.3Encryption in transit

Built for trust

Security that covers every angle

From infrastructure to contractual guarantees — every layer of CSVBox is designed to protect your users' data.

Audit

SOC 2 Type II Certified

Independently audited by a third-party CPA firm against the AICPA SOC 2 criteria — controls for security, availability, and confidentiality documented, tested, and reportable on request.

Annual audit
Compliance

GDPR Compliant

Full support for EU GDPR data subject rights (access, deletion, portability), DPA signing, consent management, and EU data residency. Built privacy-first from day one.

EU & global
Infrastructure

Data Residency — US or EU

Choose exactly where your data is processed and stored. US (AWS us-east-1) or EU (AWS eu-west-1). Your region preference is enforced at the infrastructure level.

Your choice
Cryptography

Encryption in Transit & at Rest

All data in transit is protected with TLS 1.3. All data at rest is encrypted with AES-256 (NIST FIPS 197). Zero plaintext exposure at any stage of the import pipeline.

AES-256 · TLS 1.3
Isolation

Full Private Mode

In private mode, the import widget runs entirely in the user's browser and pushes data directly to your API endpoint. No row or file ever touches CSVBox servers.

Zero server storage
Data rights

No AI Training on Your Data

We never use customer data to train AI or ML models, improve internal tooling, or share with third parties. Your data is exclusively yours — guaranteed contractually.

Contractual guarantee
Infrastructure

Your data stays where you choose.

Choose between US and EU data residency at account setup. CSVBox enforces your choice at the infrastructure level — not just a config flag.

  • US: AWS us-east-1 (Virginia) — CCPA ready
  • EU: AWS eu-west-1 (Frankfurt) — GDPR boundary enforced
  • Region can be configured per import template
  • No cross-region data transfer without explicit consent
Data Isolation

Full private mode. Data never leaves your control.

In private mode, the CSVBox widget runs entirely in the user's browser. Rows are validated and mapped locally, then pushed directly to your own API — CSVBox infrastructure is bypassed entirely.

  • Zero rows transmitted to CSVBox servers
  • Widget executes validation logic client-side
  • Your endpoint receives clean, validated data
  • Ideal for healthcare, legal, and financial data
Our commitment

Your data is never used to train AI or improve our products.

We contractually guarantee — in our Data Processing Agreement — that no customer data is shared with third parties, used for machine learning, or retained beyond your configured retention window. What your users upload belongs to you, completely and exclusively.

No AI trainingNo third-party sharingNo product analytics on your dataDPA available on request

CSVbox helped us quickly add CSV imports without building it ourselves — simple, efficient, and just works.

SylvainCTO @ Ondorse

Stop building CSV importers.

Ship ours in 15 minutes. Free forever on the Sandbox plan.

Get Started Free
No credit cardEmbed in minutesSecure by default