CSVbox
Get started free
Security & Compliance

Accept customer data. Never route it through us.

CSVbox Private Mode parses, validates, and maps files in the user's browser — then posts clean rows directly to your API. Zero rows ever hit CSVbox servers.

Start FreeRead the security page
  • 15 min to live
  • SOC 2 + GDPR
  • Private Mode available
  • Security review flagged your importer vendor because "files touch their infra."
  • Your customers' data includes SSNs, personal records, or financial details you can't route through a third party.
  • You need SOC 2 and GDPR alignment, and your current importer forces a DPA conversation every quarter.
How CSVbox solves it

How Private Mode works

Browser-native parsing

The widget runs client-side. File parsed, mapped, validated in-browser. CSVbox never sees a row.

SOC 2 + GDPR on every plan

Including the free tier. No enterprise gate, no line item.

US / EU data residency

Pick your region. Relevant even when you do route data through CSVbox.

Contractual — no AI training

Bootstrapped, so we don't need it. Written into the terms.

CSVbox helped us quickly add CSV imports without building it ourselves — simple, efficient, and just works.
SylvainCTO, Ondorse
Security & compliance included
  • SOC 2 Type II
  • GDPR
  • AES-256
  • TLS 1.3
  • US / EU residency
  • Private Mode
  • No AI training

Private Mode — data stays in the browser

HTML
<script src="https://js.csvbox.io/script.js"></script>
<button
  data-csvbox
  data-key="YOUR_LICENSE_KEY"
  data-private="true">
  Secure import
</button>

vs. Other embeddable importers

FlatfileOneSchemaDromoCSVbox
Rows touch vendor serverYesYesYesNo (Private Mode)
SOC 2 on free tierNoNoNoYes
Client-side validationLimitedLimitedLimitedFull
EU residencyAdd-onAdd-onLimitedIncluded

Frequently asked questions

What exactly is Private Mode?

The widget parses, maps, and validates in the browser and POSTs clean JSON to your API endpoint. No file, no row, ever lands on CSVbox servers.

Can I still use column mapping AI?

Yes — mapping happens client-side.

What certifications do you have?

SOC 2 Type II and GDPR, included on every plan — even the free tier. US and EU data residency are selectable at setup.

Can we audit this?

Yes — open browser devtools on the demo and watch the network traffic.

Related solutions

View all solutions
Healthcare
Regulated Industries
Fintech
Regulated Industries
HR & Payroll
Regulated Industries

Stop building CSV importers.

Ship ours in 15 minutes. Free forever on the Sandbox plan.

Get Started Free
No credit cardEmbed in minutesSecure by default