Privacy Policy
Last updated: February 26, 2026
1. Introduction
FixfyCSV ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our service at fixfycsv.live ("the Service"). This policy complies with the Brazilian General Data Protection Law (LGPD — Lei n. 13.709/2018) and the European General Data Protection Regulation (GDPR).
2. Data We Collect
2.1. Account Data
When you sign up, we collect your name and email address through our authentication provider (Clerk). This is necessary to create and manage your account.
2.2. Payment Data
Payment processing is handled by Stripe. We do not store your credit card number or full payment details. We only store your Stripe customer ID and subscription status.
2.3. CSV File Data
- Files under 2MB: Validated entirely in your browser using a Web Worker. Your file data never leaves your device.
- Files over 2MB: Uploaded to our servers for processing. Files are stored temporarily in secure, encrypted storage (Supabase) and automatically deleted after 30 days.
2.4. Usage Data
We collect usage information such as number of validations performed, file sizes, detected CSV types, and processing times. This data is used to enforce plan limits and improve the Service.
2.5. Technical Data
We collect error reports and performance data through Sentry to diagnose issues and improve reliability. This may include browser type, operating system, and anonymized interaction data.
3. How We Use Your Data
We use your data for the following purposes:
- Providing and operating the Service (account management, CSV validation)
- Processing payments and managing subscriptions
- Sending transactional emails (welcome email, validation results)
- Enforcing usage limits based on your subscription plan
- Monitoring and fixing errors in the Service
- Improving the Service based on aggregate usage patterns
4. Legal Basis for Processing (LGPD/GDPR)
- Contract performance: Processing your CSV files and managing your account is necessary to provide the Service you subscribed to.
- Legitimate interest: Error monitoring, security measures, and service improvements.
- Legal obligation: Retaining billing records as required by tax and financial regulations.
5. Data Sharing
We share your data only with the following service providers:
- Clerk — Authentication and user management
- Stripe — Payment processing
- Supabase — Database and file storage (hosted in the cloud with encryption at rest)
- Upstash — Rate limiting and queue processing
- Resend — Transactional email delivery
- Sentry — Error tracking and performance monitoring
We do not sell your personal data. We do not share your data with advertisers or marketing platforms.
6. Data Retention
- Account data: Retained while your account is active. Deleted upon account deletion request.
- CSV files: Automatically deleted 30 days after upload. Validation metadata (file name, error counts) is retained for your history.
- Payment records: Retained as required by applicable tax laws.
7. Your Rights
Under the LGPD and GDPR, you have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data (subject to legal retention requirements).
- Portability: Request your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interest.
- Revocation of consent: Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at support@fixfycsv.live. We will respond within 15 business days.
8. Security
We implement industry-standard security measures to protect your data, including:
- HTTPS encryption for all data in transit
- Encryption at rest for stored files
- Row-Level Security (RLS) policies on our database
- Rate limiting to prevent abuse
- Regular security monitoring via Sentry
9. Cookies
We use only essential cookies required for authentication and session management. We do not use tracking cookies or third-party advertising cookies.
10. Children's Privacy
The Service is not intended for children under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
11. International Data Transfers
Your data may be processed in countries outside of Brazil, including the United States, where our service providers operate. These transfers are protected by appropriate safeguards in compliance with LGPD and GDPR requirements.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on the Service. The "Last updated" date at the top reflects the most recent revision.
13. Contact and Data Protection Officer
For any questions or requests regarding this Privacy Policy or your personal data, contact us at: