Privacy Policy

Welcome to Validata – the data cleaning tool built on a privacy-first business model.

Unlike free AI tools that monetize by training on your data, or enterprise solutions that cost thousands per month, Validata offers a third path: affordable data cleaning with enterprise-grade privacy protection. We charge a transparent subscription fee ($29.99/month) so we never have to compromise your data privacy to make money.

This Privacy Policy explains exactly how we collect, use, store, and protect your information when you use our service. By using Validata, you agree to the practices described here. If you do not agree, please do not use the service.

Bottom line: Your data is yours. We process it, clean it, give it back to you, and delete it within 24 hours. That's our promise.

1. What We Collect

a. Account Information

We collect only the essential information needed to create and maintain your account:

• Name and Email Address: Collected during signup for authentication and communication.
• Payment Information: Processed and stored securely by our payment processor, Paddle. We do not store credit card numbers on our servers.
• Account Preferences: Optional settings like language or display preferences.

b. File Data (CSV and Excel Uploads)

This is the most important section of our Privacy Policy.

When you upload CSV or Excel files to Validata for cleaning:

• Files are processed in real-time on our secure servers.
• Files are temporarily cached only during the active cleaning process.
• Cleaned files are made available for immediate download to you.
• Files are automatically and permanently deleted from all servers within 24 hours of upload completion.
• No backup copies are retained after deletion.
• We do not view, analyze, read, or process your data for any purpose other than the cleaning service you requested.
• We never use your data to train machine learning models, improve algorithms, or for any other secondary purpose.

Translation: We touch your data only to clean it. Then we delete it. Forever.

c. Usage and Technical Data

We automatically collect limited technical information to ensure the service works properly:

• IP address, browser type, and operating system
• Pages visited and time spent on pages
• Error logs and performance metrics
• Number of files processed (not the file contents)

This data is anonymized where possible and used solely for improving service reliability and security.

2. What We Don't Do With Your Data

Here's what we explicitly do NOT do with your information:

• ❌ We do NOT use your uploaded files to train AI or machine learning models.
• ❌ We do NOT sell your data to advertisers, data brokers, or any third parties.
• ❌ We do NOT share your files with other users or make them publicly accessible.
• ❌ We do NOT analyze file contents for marketing purposes.
• ❌ We do NOT retain copies of your files after the 24-hour deletion window.
• ❌ We do NOT use your customer lists for our own marketing.
• ❌ We do NOT access your files unless you explicitly request technical support and grant permission.

Why this matters: Many "free" AI tools and data cleaning services monetize by using your uploaded data to improve their models or by selling insights to third parties. Validata's business model is subscription-based precisely so we never have to make money from your data.

3. How We're Different from AI Chat Assistants

You might be wondering: "Why not just use ChatGPT or Claude to clean my data? It's free."

Here's the critical difference:

• AI Chat Assistants: Most AI assistants (especially free ones) explicitly state in their terms that uploaded content may be used to train and improve their models. Your customer data could become part of their training dataset.
• Validata: We guarantee zero data retention and zero data reuse. Your files are processed, returned to you, and permanently deleted within 24 hours. We never train on your data.

What about enterprise AI tools with privacy protections?

Enterprise-grade AI services with similar privacy guarantees (like ChatGPT Enterprise or Claude for Enterprise) cost hundreds or thousands of dollars per month. Validata offers the same level of data privacy for just $29.99/month – making enterprise-level privacy accessible to small businesses.

Our philosophy: Privacy shouldn't be a luxury. It should be standard. And it should be affordable.

4. How We Use Your Information

We use your data only for these specific purposes:

• To provide the service: Process your uploaded files and display cleaned results.
• To manage your account: Handle authentication, subscriptions, and account settings.
• To process payments: Through our secure payment partner, Paddle.
• To communicate: Send confirmation emails, service updates, and security alerts (no marketing spam).
• To improve performance: Analyze anonymized usage patterns to fix bugs and optimize speed.
• To provide support: Respond to technical questions or troubleshoot issues when you contact us.
• To comply with laws: Meet legal obligations or respond to valid legal requests.

We do NOT use your uploaded data files for marketing, profiling, analytics, or product improvement.

5. How We Protect Your Data

Security is built into every layer of Validata. Here's how we protect your information:

Encryption

• HTTPS/TLS Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS protocols.
• Uploaded files are encrypted during transmission and while temporarily stored on our servers.

Secure Infrastructure

• Files are stored on secure servers located in the Philippines with restricted access controls.
• Our infrastructure uses isolated, access-restricted environments for file processing.
• Regular security audits and vulnerability assessments are conducted.

Automated Deletion Protocols

• Automated systems permanently delete files within 24 hours of upload – no manual intervention required.
• Deletion processes are logged and monitored to ensure compliance.

Access Controls

• Only essential personnel have access to server infrastructure.
• Your uploaded files are never accessed by Validata staff unless you explicitly request technical support and grant permission.
• Passwordless authentication (magic links) reduces the risk of password-based attacks.

No Permanent Storage

• The most important security measure: We don't keep your files. Once deleted, there's nothing to breach.

Important Note: While we implement strong security measures, no system is 100% secure. However, our 24-hour deletion policy significantly reduces risk – even in the unlikely event of a breach, attackers would only have access to files uploaded in the past 24 hours, not historical data.

6. API Security and Data Protection

6.1 HTTPS/TLS Encryption for External Services

• All connections to third-party APIs use HTTPS with TLS 1.2 or higher encryption
• SSL certificates are verified for all external connections
• Data transmitted to external services is encrypted end-to-end
• No unencrypted data transmission to third parties

6.2 Third-Party Services and Data Transmission

We integrate with select external services to provide specific features. Here's exactly what data is sent to each service and why:

Hunter.io (Email Verification)

• Purpose: Verify email deliverability during data cleaning
• Data Sent: Only email addresses from uploaded files (when email validation feature is selected)
• Data NOT Sent: Names, phone numbers, addresses, or any other customer data
• Why: To check domain validity, MX records, and mailbox existence without sending actual emails
• Privacy Protection: Email addresses are sent one at a time via encrypted API requests
• Data Retention: Hunter.io's privacy policy applies; we recommend reviewing it at hunter.io/privacy

Paddle (Payment Processing)

• Purpose: Process subscription payments securely
• Data Sent: Billing information, email address, transaction details
• Data NOT Sent: Your uploaded CSV/Excel files or any customer data from those files
• Why: Required for secure payment processing
• Privacy Protection: PCI-DSS compliant; Paddle never accesses your uploaded files
• Data Retention: Paddle's privacy policy applies; we recommend reviewing it at paddle.com/privacy

ConvertKit (Newsletter)

• Purpose: Optional newsletter subscription for product updates
• Data Sent: Email address only (with explicit user consent)
• Data NOT Sent: Uploaded files, customer lists, or any other personal data
• Why: To send you product updates and tips (you can unsubscribe anytime)
• Privacy Protection: Only sent if you explicitly opt-in during signup
• Data Retention: ConvertKit's privacy policy applies

Google Analytics

• Purpose: Understand site usage and improve user experience
• Data Sent: Anonymized page views, session duration, browser type
• Data NOT Sent: File contents, customer data, or personally identifiable information
• Privacy Protection: IP addresses are anonymized; respects Do Not Track signals
• Data Retention: Standard Google Analytics retention periods apply

Resend (Transactional Emails)

• Purpose: Send authentication emails, receipts, and service notifications
• Data Sent: Email address, name, and email content (login links, receipts)
• Data NOT Sent: Uploaded files or customer list data
• Why: Required for account authentication and transaction confirmations
• Privacy Protection: Industry-standard email encryption (TLS)

6.3 GDPR and CCPA Compliance

Our API usage and data transmission practices comply with both GDPR and CCPA:

• Minimal Data Transmission: We only send the minimum data necessary for each service to function
• Purpose Limitation: Data sent to third parties is used only for the stated purpose
• Transparent Processing: This section fully discloses what data is sent where and why
• User Rights: You can request details about all third-party data transmissions involving your information
• Data Processing Agreements: All service providers operate under strict data protection agreements
• Right to Object: EU users can object to specific data processing activities (contact us for details)
• No Data Sales: We never sell personal data to third parties under GDPR or CCPA definitions

6.4 Audit Logging Practices

We maintain security audit logs to protect your account and detect unauthorized access:

What We Log:

• API request timestamps
• Endpoint accessed (e.g., "/upload", "/process")
• HTTP status codes (success/error)
• IP addresses (for security monitoring)
• User account IDs (not names or emails in logs)
• File upload events (that a file was uploaded, not its contents)

What We NEVER Log:

• Contents of your uploaded CSV/Excel files
• Email addresses, phone numbers, or names from your customer lists
• Payment card numbers or financial information
• Passwords or authentication tokens
• Personal data from your files

Log Retention:

• Security logs are retained for 12 months for fraud detection and security analysis
• Logs are automatically deleted after the retention period
• Logs are stored securely with restricted access
• You can request copies of logs related to your account

6.5 Data Retention and Deletion for API Transmissions

Different types of API-transmitted data have different retention policies:

Email Addresses Sent for Validation (Hunter.io):

• Our Retention: Not stored by Validata after processing completes
• Third-Party Retention: Subject to Hunter.io's privacy policy
• Deletion: When you delete files from Validata, we no longer have access to those email addresses

Payment Data (Paddle):

• Our Retention: We only store transaction references (not payment card details)
• Third-Party Retention: Paddle retains billing information per PCI-DSS requirements
• Deletion: Transaction records retained for 7 years for tax/legal compliance; payment methods can be deleted via Paddle

Analytics Data (Google Analytics):

• Retention: 14 months (anonymized data)
• Deletion: Automatically deleted after retention period
• Opt-Out: Use browser Do Not Track or opt-out via Google Analytics settings

Email Communications (Resend):

• Retention: Email delivery logs retained for 30 days
• Deletion: Automatically purged after 30 days
• Content: Only transactional emails; no marketing to customer list data

Important Note: Because we automatically delete your uploaded files within 24 hours, any customer data from those files (like email addresses) is also permanently removed from our systems. Third-party services may have their own retention policies—we encourage you to review their privacy policies.

7. How Long We Keep Your Data

Different types of data are retained for different periods:

Uploaded Files (CSV/Excel)

• Retention Period: Maximum 24 hours from upload completion
• Deletion Method: Automatic, permanent deletion with no backup copies
• Why: Files are only needed for processing and immediate download

Account Information

• Retention Period: As long as your account is active
• Deletion Method: Permanently deleted upon account closure request
• Why: Needed for authentication, billing, and service delivery

Usage and Log Data

• Retention Period: Up to 12 months
• Deletion Method: Automatic deletion after retention period
• Why: Needed for security monitoring, performance optimization, and legal compliance

Payment Records

• Retention Period: As required by law (typically 7 years for tax purposes)
• Why: Legal and regulatory compliance

You may request deletion of your account and all associated data at any time by contacting validata.customercare@gmail.com. We will process your request within 30 days.

8. When We Share Information

We share data only when absolutely necessary:

Payment Processing

• Who: Paddle (our payment processor)
• What: Billing information, payment details, transaction records
• Why: To process your subscription payments securely
• Important: Paddle never accesses or receives your uploaded CSV/Excel files. They only handle payment information.

Essential Service Providers

• Who: Infrastructure providers (hosting, email delivery)
• What: Technical data necessary for service operation
• Why: To deliver and maintain the Validata service
• Safeguards: All service providers are bound by strict confidentiality agreements

Legal Requirements

• When: If required by law, court order, or to protect rights and safety
• What: Only the minimum information legally required
• Note: Due to our 24-hour deletion policy, historical file data is not available even if requested

We do NOT: Sell, rent, trade, or share your personal data or uploaded files with advertisers, marketers, data brokers, or any other third parties.

9. Cookies & Tracking

Validata uses cookies and similar technologies to enhance user experience:

Types of Cookies We Use

• Essential Cookies: Required for authentication and core functionality. Cannot be disabled.
• Analytics Cookies: Google Analytics to understand how users interact with the site. Data is anonymized.
• Preference Cookies: Save your language and display settings.

You can manage cookie preferences in your browser settings. Note that disabling essential cookies will prevent you from using Validata.

Do Not Track

We respect Do Not Track (DNT) signals. When DNT is enabled, we disable non-essential analytics tracking.

10. Your Privacy Rights

Universal Rights (All Users)

All Validata users have the right to:

• Access: View all personal information we hold about you
• Correct: Update inaccurate or incomplete information
• Delete: Request deletion of your account and all associated data
• Export: Receive a copy of your data in a portable format
• Opt-Out: Unsubscribe from non-essential communications

To exercise these rights, contact validata.customercare@gmail.com

GDPR Rights (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have additional rights:

• Right to Object: Object to processing based on legitimate interests
• Right to Restrict Processing: Limit how your data is used
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your local Data Protection Authority

Legal Basis for Processing: We process your data based on contract performance (to provide the service), consent (for optional features), and legitimate interests (for security and service improvement).

CCPA Rights (California Residents)

California residents have the right to:

• Know what personal information we collect and how it's used
• Know if we sell or share personal information (we don't)
• Request deletion of personal information
• Opt-out of data sales (not applicable – we don't sell data)
• Non-discrimination for exercising privacy rights

To submit a CCPA request, email validata.customercare@gmail.com with "CCPA Request" in the subject line.

11. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we commit to:

• Notify affected users within 72 hours of becoming aware of the breach
• Provide a clear description of what occurred and what data was potentially affected
• Explain the steps we're taking to address the breach and prevent future incidents
• Offer guidance on protective measures you can take
• Comply with all applicable data breach notification laws

Why Our 24-Hour Deletion Policy Matters

Our automatic file deletion policy significantly reduces breach risk. Even in a worst-case scenario:

• Only files uploaded in the past 24 hours would be at risk
• Historical file data from previous days/weeks/months does not exist on our servers
• The "blast radius" of any potential breach is minimized to the absolute minimum

Translation: Because we don't keep your data, there's very little data to breach in the first place.

12. Third-Party Services

Validata integrates with select third-party services to operate:

Paddle (Payment Processing)

• Purpose: Process subscription payments securely
• Data Shared: Billing information, payment details, transaction history
• Privacy Protection: Paddle complies with PCI-DSS standards
• Critical Note: Paddle never accesses your uploaded files. They only process payment information – they have no visibility into the CSV or Excel files you upload for cleaning.

Google Analytics

• Purpose: Understand how users navigate the site
• Data Shared: Anonymized usage patterns, page views, session duration
• Privacy Protection: IP addresses are anonymized; no personally identifiable information is shared

Infrastructure Providers

• Purpose: Host the application and deliver emails
• Data Shared: Technical data necessary for service delivery
• Privacy Protection: All providers are bound by confidentiality agreements

Your Responsibility: We are not responsible for the privacy practices of third-party websites or services. If you click external links or visit third-party sites, review their privacy policies.

13. Children's Privacy

Validata is not intended for use by individuals under 18 years of age (or under 13 under COPPA regulations). We do not knowingly collect personal information from minors.

If you believe a child has provided us with personal information, please contact us immediately at validata.customercare@gmail.com and we will delete it promptly.

14. International Data Transfers

Validata operates from the Philippines. If you access our service from outside the Philippines, your information may be transferred to, stored, and processed in the Philippines.

For users in the European Union, we implement appropriate safeguards (such as Standard Contractual Clauses) to ensure your data receives adequate protection regardless of where it's processed.

By using Validata, you consent to the transfer of your information to the Philippines and other countries where our service providers operate.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in our privacy practices
• New features or services
• Legal or regulatory requirements
• User feedback

When we make changes:

• We'll update the "Last Updated" date at the top of this page
• For significant changes, we'll notify you via email
• We may display a notice on the website

Continued use of Validata after changes take effect constitutes acceptance of the updated Privacy Policy. If you don't agree with the changes, please stop using the service and contact us to delete your account.

16. Privacy at a Glance: Validata vs Other Solutions

Here's how Validata's privacy protections compare to other data cleaning options:

The Validata Advantage: We offer enterprise-level data privacy at a price small businesses can afford. You get strong privacy protections without breaking the bank or dealing with complex enterprise contracts.

17. Contact Information

If you have questions, requests, or concerns about this Privacy Policy or how we handle your data, please contact us:

Validata Privacy Team

📧 Email: validata.customercare@gmail.com

📍 Location: Cainta, Calabarzon, Philippines

We aim to respond to all privacy inquiries within 48 hours.

18. Acknowledgment

By using Validata, you acknowledge that:

• You have read and understood this Privacy Policy
• You agree to the data collection, use, and protection practices described
• You understand that uploaded files are automatically deleted within 24 hours
• You are authorized to upload and process the data you submit
• You will comply with all applicable data protection laws

Thank you for trusting Validata with your data. We take that responsibility seriously and are committed to protecting your privacy every step of the way.