ListMatchGenie

Security Practices

How we protect your data at every layer of the stack.

PII-Free Database Architecture

This is the foundation of our security model. Our application database is designed to never contain personally identifiable information from your uploaded files.

When you upload a CSV or Excel file, the actual data goes directly to encrypted regional storage. The database stores only metadata:

  • File name, size, and storage path (not the file contents)
  • Column headers and data types (schema, not values)
  • Row counts and aggregate statistics
  • Match job configurations (field mappings, thresholds, weights)

This means that even if the database were compromised, an attacker would find no customer data — only structural metadata about files and jobs.

Encryption

At Rest

Every file is encrypted at rest using AES-256 server-side encryption — the same standard used by financial institutions and government agencies. Encryption is applied automatically; there are no unencrypted files in our storage, ever.

In Transit

All data transmitted between your browser and our servers uses TLS 1.2 or higher. That covers file uploads, API requests, match results, and every other communication. HTTPS is enforced across all endpoints with HTTP Strict Transport Security (HSTS) headers.

Internal communication between our services is also TLS-encrypted.

Regional Data Storage

To support GDPR and data residency requirements, we offer three storage regions. When you sign up, you select your region, and all uploaded files are stored exclusively in that region:

RegionLocation
USN. Virginia, United States
EUFrankfurt, Germany
UKLondon, United Kingdom

Files are not replicated across regions. If you select the EU region, your data stays in Frankfurt. Period. This makes it straightforward to demonstrate GDPR compliance for data residency requirements.

File Validation and Protection

Upload Validation

Every uploaded file undergoes validation before processing:

  • File type verification (only CSV and Excel formats accepted)
  • File size limits enforced per subscription tier
  • MIME type and magic byte verification (not just file extension)
  • Character encoding detection and conversion to UTF-8

CSV Injection Sanitization

CSV files can contain formula injection attacks where cell values starting with =, +, -, or @ can execute code when opened in spreadsheet applications. Our export pipeline sanitizes all output files to prevent CSV injection in downloaded results.

Malware Protection

Uploaded files are scanned for known malware signatures. Files that fail validation are rejected and not stored. We use a defense-in-depth approach: even if a malicious file were uploaded, the processing pipeline treats file contents as data (not executable code) and operates in an isolated environment.

Authentication Security

  • Password hashing: All passwords are hashed using bcrypt with a work factor that makes brute-force attacks computationally impractical. We never store plaintext passwords.
  • Session management: Sessions use signed JWT tokens stored in HTTP-only, Secure, SameSite cookies. Tokens cannot be accessed by JavaScript, preventing XSS-based session theft.
  • Session expiry: Sessions expire after 7 days of inactivity. Active sessions are refreshed automatically.
  • Login history: All login events are recorded with timestamps, IP addresses, and user agent strings. Users can review their login history in account settings.
  • Rate limiting: Login endpoints are rate-limited to prevent credential stuffing and brute-force attacks.

Infrastructure

ListMatchGenie is built on enterprise-grade cloud infrastructure from providers who hold the standards you'd expect:

  • Web hosting with automatic HTTPS, DDoS protection, and a global edge network for fast page loads worldwide.
  • Application database hosted on managed infrastructure with automated backups and continuous security patching.
  • File storage in region-isolated, encrypted object storage — your files stay in your chosen region and never cross borders.

Every provider in our stack holds SOC 2 Type II and/or ISO 27001 certifications and undergoes regular third-party audits. We share specific vendor details with Business customers during vendor-risk reviews on request.

AI Data Handling

Our AI features (cleansing narratives, match summaries, and follow-up questions) run on enterprise AI services with strict data-handling policies. We've built the integration around one principle: the AI model never sees your raw data.

When generating AI insights, we send only:

  • Column names and detected data types
  • Aggregate statistics (row counts, null percentages, unique value counts, format distributions)
  • Match rate statistics (percentage matched, unmatched, review needed)
  • Data quality scores and cleansing statistics

We never send individual records, names, addresses, phone numbers, email addresses, or any other personally identifiable information to the AI model. It works only with structural metadata.

Our AI provider doesn't use customer data to train or improve their foundation models. Your metadata is processed in real time and not retained after the response is generated.

Responsible Disclosure

If you discover a security vulnerability in ListMatchGenie, we ask that you report it responsibly. Please email security@listmatchgenie.com with details of the vulnerability. We commit to:

  • Acknowledging receipt within 24 hours
  • Providing an initial assessment within 72 hours
  • Not pursuing legal action against good-faith security researchers
  • Crediting you in our security advisories (if desired)

Have security questions?

We are happy to answer detailed security questions for your organization's review process. For our legal framework, see our Privacy Policy, Terms of Service, and Data Processing Agreement.

Contact us at security@listmatchgenie.com.