Security

Split CSV uses modern TLS encryption and secure infrastructure and development processes to keep your information safe and secure.
Our default data retention policy is for all content (uploaded files and output files) to be deleted 24 hours after the split is complete.
We use Stripe and Paypal to process payments: no credit card information is stored on our servers.

More Information

Please send any reports to security@splitcsv.com: we will get back to you as soon as possible. We would be grateful if you:

  • Notify Split CSV and provide all details of the vulnerability before making any information public.
  • Provide us a reasonable amount of time to address the issue before publication.
  • Provide all details of the vulnerability to support validation and reproduction of the issue.
  • Work with us to avoid data destruction, theft, privacy violations or service interruptions.

Exclusions

While researching, we'd respectfully ask that you don't:

  • Perform denial of service attacks
  • Spam our service and endpoints
  • Perform any social engineering or phishing of our staff or contractors
  • Perform any physical attempts

In addition, our security policy considers the following to be out of scope:

  • DMARC configuration