Last updated: 27 May 2026
The short version. Mappd processes your spreadsheet files entirely in your browser — your file data never reaches our servers. We only store your account details and the recipes (column-mapping definitions) you choose to save. We never sell your data.
Mappd is operated by Mappd Ltd ("Mappd", "we", "us"), a company registered in England & Wales and based in London. For the purposes of UK data protection law, Mappd Ltd is the data controller for the personal data described in this policy.
If you have any questions about this policy or how we handle your data, contact us at hello@mappd.co.uk.
Mappd transforms CSV and Excel files entirely client-side, inside your browser. The contents of the files you process are never transmitted to or stored on our servers. When you close the tab, that data is gone from our reach.
When you create an account we collect your email address and an authentication credential. If you subscribe to a paid plan, our payment processor, Paddle, collects your billing details on our behalf as the Merchant of Record. We do not see or store full card numbers.
A "recipe" is the set of column-mapping and transformation rules you choose to save. Recipes contain column names and rule definitions — not your row data — and are stored against your account so you can reuse them.
Like most websites, we collect limited technical information automatically, such as your IP address, browser type, and pages visited, to keep the service secure and reliable.
Under UK GDPR we rely on the following legal bases: performance of a contract (to deliver the service you signed up for); legitimate interests (to secure, improve, and support the service, balanced against your rights); consent (where you have opted in, for example to non-essential cookies); and legal obligation (where we must retain or disclose data by law).
We use a small number of trusted service providers ("processors"). They act on our instructions and are bound by contract to protect your data.
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Account database and authentication; stores saved recipes | Email, auth credentials, recipe definitions |
| Paddle | Subscription billing and payment processing, acting as Merchant of Record (Paddle.com Market Ltd., a UK company) | Billing details, payment status, business / tax information for invoicing |
| Anthropic | AI column-matching suggestions (Pro and Team plans) | Column names only — never row data |
| Resend | Transactional email delivery (magic links, account notifications) | Email address, message metadata |
| Vercel | Web and application hosting | Technical request data, IP address |
Where a provider processes data outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or equivalent approved mechanisms.
Mappd uses only the cookies and local storage necessary to keep you signed in and to operate core features. We do not use advertising cookies or sell data to advertisers. If we introduce non-essential analytics in future, we will ask for your consent first.
We keep your account data and saved recipes for as long as your account is active. If you delete your account, we delete the associated personal data within 30 days, except where we are required to retain certain records (for example, billing records for tax purposes). Uploaded file contents are never retained because they are never sent to us.
Under UK data protection law you have the right to access, correct, delete, or restrict processing of your personal data; the right to data portability; and the right to object to processing based on legitimate interests. To exercise any of these rights, email hello@mappd.co.uk and we will respond within one month.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, though we would appreciate the chance to resolve your concern first.
We use industry-standard measures to protect your data, including encryption in transit, row-level security on stored recipes, and restricted access to production systems. Because file processing happens in your browser, the most sensitive data — the contents of your spreadsheets — never leaves your device.
Mappd is a tool for businesses and professionals and is not directed at anyone under 16. We do not knowingly collect personal data from children.
We may update this policy from time to time. When we make material changes we will update the "Last updated" date above and, where appropriate, notify you by email.
Questions, requests, or concerns about your privacy? Email hello@mappd.co.uk and we will be glad to help.
See also our Terms of Service and Refund Policy.