Last updated: April 25, 2026

Privacy

How Filio handles data - written plainly, without legalese where we can avoid it.

The short version

Filio helps your users import CSV and Excel files into your product. Their actual row data passes through us briefly during the import flow - we don't store it. Your account data (email, template configs, import logs) we do store, because we have to.

We don't sell data. We don't share it for advertising. We don't train AI models on it.

What we collect

From you (our customer):

  • Email address and account info (handled by Clerk, our auth provider)
  • Template configurations you create
  • API keys you generate
  • Import log metadata: row count, duration, status, timestamp, the user who triggered the import
  • Payment info (handled by Stripe - we never see card numbers)

From your users (during imports):

  • CSV/Excel column headers (sent to our AI provider for column mapping; they don't retain or train on them)
  • Row data passes through our processing during the import, then streams to your onComplete callback. We don't persist row data after the import completes.

What we don't collect

  • The contents of your users' CSV rows after the import completes
  • Browsing behavior on your product (we only see imports)
  • Personal info beyond what's needed to run accounts and process imports

Third parties we use

Filio is built on top of services that handle parts of our infrastructure:

  • Clerk - auth and account management
  • Stripe - billing (when you upgrade to a paid plan)
  • Vercel / Railway - hosting our dashboard and API
  • OpenAI- AI column mapping. We send only column headers, not row data. OpenAI doesn't retain or train on this content.

Where data lives

Our infrastructure runs in US-East regions (Vercel and Railway). If you need EU data residency for compliance, write to us - it's on our roadmap and customers asking for it move it up the priority list.

Data retention

  • Account data: retained while your account is active.
  • Import logs: kept for 30 days, then automatically deleted.
  • Import row data: not persisted - discarded after the import completes.
  • Closed accounts: data deleted within 30 days of account deletion.

Your rights

Under GDPR, CCPA, and similar regulations, you have the right to:

  • Access the data we have about you
  • Export your data in a portable format
  • Correct inaccurate data
  • Delete your account and associated data
  • Object to certain processing

Email hello@usefilio.com and we'll handle it within 30 days.

Security

All data in transit is encrypted with TLS. Account passwords are handled by Clerk and never touch our servers. We're a small team and limit access to production data to engineers who need it for support or operations.

Changes to this policy

If we make material changes, we'll email customers and update the date at the top of this page. For minor clarifications, we'll just update the page.

Questions

Email hello@usefilio.com. We read every message.