Last updated: 27 May 2026
The short version. Mappd processes your spreadsheet files in your browser. Your file data is only stored on our servers if you save a conversion to your history, and you can delete it any time. Otherwise we store your account details and the recipes (column-mapping definitions) you choose to save. We never sell your data.
Mappd is operated by Mappd Ltd ("Mappd", "we", "us"), a company registered in England & Wales and based in London. For the purposes of UK data protection law, Mappd Ltd is the data controller for the personal data described in this policy.
If you have any questions about this policy or how we handle your data, contact us at hello@mappd.co.uk.
Mappd transforms CSV and Excel files client-side, inside your browser. The contents of a file you process are not sent to our servers unless you save the conversion to your history. If you never save a conversion, that data is gone when you close the tab.
When you save a conversion to your history (which also happens when you download its output), Mappd stores that file's source and output data against your account so you can re-open and re-download the conversion later. This data is protected by row-level security, so only you can access it, and you can delete any saved conversion at any time from the Files view. Free accounts keep a limited number of recent conversions; paid plans keep more.
When you create an account we collect your email address and an authentication credential. If you subscribe to a paid plan, our payment processor, Paddle, collects your billing details on our behalf as the Merchant of Record. We do not see or store full card numbers.
A "recipe" is the set of column-mapping and transformation rules you choose to save. Recipes contain column names and rule definitions — not your row data — and are stored against your account so you can reuse them.
Like most websites, we collect limited technical information automatically, such as your IP address, browser type, and pages visited, to keep the service secure and reliable.
Under UK GDPR we rely on the following legal bases: performance of a contract (to deliver the service you signed up for); legitimate interests (to secure, improve, and support the service, balanced against your rights); consent (where you have opted in, for example to non-essential cookies); and legal obligation (where we must retain or disclose data by law).
We use a small number of trusted service providers ("processors"). They act on our instructions and are bound by contract to protect your data.
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Account database and authentication; stores saved recipes and saved conversions | Email, auth credentials, recipe definitions, and the file data of conversions you save |
| Paddle | Subscription billing and payment processing, acting as Merchant of Record (Paddle.com Market Ltd., a UK company) | Billing details, payment status, business / tax information for invoicing |
| Anthropic | AI column-matching suggestions (Pro and Team plans) | Column names only — never row data |
| Resend | Transactional email delivery (magic links, account notifications) | Email address, message metadata |
| Vercel | Web and application hosting | Technical request data, IP address |
Where a provider processes data outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or equivalent approved mechanisms.
Mappd uses only the cookies and local storage necessary to keep you signed in and to operate core features. We do not use advertising cookies or sell data to advertisers. If we introduce non-essential analytics in future, we will ask for your consent first.
We keep your account data, saved recipes, and saved conversions for as long as your account is active, or until you delete them. You can delete any saved conversion at any time from the Files view. If you delete your account, we delete the associated personal data (including saved conversions) within 30 days, except where we are required to retain certain records (for example, billing records for tax purposes). File contents you do not save are never sent to us and so are never retained.
Under UK data protection law you have the right to access, correct, delete, or restrict processing of your personal data; the right to data portability; and the right to object to processing based on legitimate interests. To exercise any of these rights, email hello@mappd.co.uk and we will respond within one month.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, though we would appreciate the chance to resolve your concern first.
We use industry-standard measures to protect your data, including encryption in transit, row-level security on stored recipes and saved conversions, and restricted access to production systems. File processing happens in your browser, and your spreadsheet contents are only stored if you save a conversion. Where they are stored, row-level security means only you can access them.
Mappd is a tool for businesses and professionals and is not directed at anyone under 16. We do not knowingly collect personal data from children.
We may update this policy from time to time. When we make material changes we will update the "Last updated" date above and, where appropriate, notify you by email.
Questions, requests, or concerns about your privacy? Email hello@mappd.co.uk and we will be glad to help.
See also our Terms of Service and Refund Policy.