GoValidate.ai

Privacy & Compliance

Browser-first file validation. Raw file contents and cell values stay on your device.

  • Privacy Policy
Last Updated: July 1, 2026

1. Browser-First Architecture Guarantee

GoValidate.ai is built as a browser-first application. When you load files (such as CSV, XLSX, or JSON) into our Data Quality, Reconcile, or Editor tools, the validation and processing are executed locally on your device using Web Workers. The raw contents and cell values of your files never leave your browser, are never uploaded to our servers, and are never stored on our infrastructure.

2. Data We Process on Our Servers

While your raw file contents remain local, we process specific categories of data on our servers to verify subscription limits, enforce security policies, and manage account authorization:

  • File Metadata: When you perform validation tasks, the client transmits metadata including file size, file extensions, normalized filename hashes, file integrity hashes (SHA-256), and Indicators of Compromise (such as macro detection results for Excel files). We use this metadata solely to run security policies and enforce validation limits.
  • Authentication & Identity Data: If you register or authenticate, we process your user credentials, email addresses, and secure authentication tokens. For anonymous sessions, a cryptographically signed anonymous identity token is processed.
  • IP Addresses & Security Logs: We log system calls for security monitoring, rate limiting, and incident response. Any IP addresses and filenames are hashed (SHA-256) before they are written to durable storage to ensure individual identifiers are anonymized.

3. Privacy-Safe Behavioral Telemetry

We collect behavioral metrics to improve the usability and performance of GoValidate.ai. Our telemetry is designed to be privacy-safe:

  • Aggregate Metrics: Telemetry outputs contain only numeric counters (such as page views, clicks, and session heartbeats) and opaque data quality categories (such as count of warning columns or generic counts of detected PII types). It never contains raw column names, sample cell values, or raw file parameters.
  • PII Redaction Guard: Our analytics ingestion API automatically runs a redaction filter. If any event contains prohibited key patterns (such as email, credit card numbers, SSNs, or passwords), that event is instantly rejected and dropped.
  • Geo-Fenced Pointer Tracking: Mouse coordinate path tracking is completely disabled for all visitors originating from the European Union (EU), United Kingdom (UK), and European Economic Area (EEA), or when location cannot be determined.
  • Third-Party Analytics: Validated telemetry is stored in our first-party tables for up to 90 days and forwarded to a self-hosted instance of PostHog for UX analysis.

4. Your Rights and Compliance (GDPR & CCPA)

We comply with applicable global privacy frameworks, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA):

  • Right to Access & Portability: You have the right to request a copy of the personal metadata we store about your account.
  • Right to Deletion: You have the right to request the erasure of your account metadata and associated session logs.
  • No Sale or Sharing of Data: GoValidate.ai does not sell, share, or rent your personal data to third parties.

5. Privacy Controls & Data Apparatus

Use the controls below to retrieve or request deletion of the personal metadata stored in our server-side storage for this browser session.

Detecting local browser identity...
Product
Legal Privacy Policy
© 2025-2026 GoValidate.ai. All rights reserved.