ImportKit is an embeddable CSV and Excel import widget for SaaS applications. It provides AI-powered field mapping, duplicate detection, smart date parsing, phone normalization, built-in validation, and inline data editing. It can be set up in 5 minutes using a React component.

How does the AI field mapping work?

ImportKit uses a two-tier mapping strategy: first, client-side fuzzy matching for instant results, then AI-powered semantic matching for ambiguous columns. It also learns from user corrections — mappings that are confirmed repeatedly get promoted to instant matches for future imports.

What file formats does ImportKit support?

ImportKit supports CSV, XLSX (Excel), and XLS file formats, up to 50MB. Large files are streamed and validated using a Web Worker to keep the UI responsive.

How long does it take to integrate ImportKit?

About 5 minutes. Install the npm package (@importkit/react), add the ImportWidget component to your app with your API key and field definitions, and deploy. The widget handles the rest.

Is there a free tier?

Yes. ImportKit's free tier includes 5,000 rows per month and 3 import templates. No credit card required.

How does ImportKit handle messy data?

ImportKit includes duplicate detection (single or composite keys), smart date parsing that auto-detects DD/MM vs MM/DD format per column, phone number normalization, find & replace for bulk corrections, and inline cell editing. Users can fix errors directly in the preview before importing.

Is my data sent to ImportKit servers?

No. CSV and Excel files are parsed entirely in the browser. No file data is sent to or stored on ImportKit servers. Only metadata (row counts, field names, mapping decisions) is retained for analytics.

How does ImportKit compare to Flatfile?

ImportKit is designed for indie developers and growing SaaS products. It starts free ($0/month), processes data client-side for better privacy, and the widget is MIT-licensed. Flatfile targets enterprise customers with pricing starting at $500+/month. ImportKit is lighter, faster to integrate, and more affordable.

Can I customize the look of the widget?

Yes. ImportKit supports custom theming including primary color, success/error colors, border radius, font family, and font size. On the Pro plan, you can also remove the ImportKit watermark and add custom branding.

Does ImportKit handle duplicate detection?

Yes. Users can select one or more fields to check for duplicates. ImportKit groups matching rows, highlights them, and lets users skip or keep each duplicate. Comparison is case-insensitive and supports composite keys (e.g., first name + last name).

What date formats does ImportKit support?

ImportKit auto-detects date formats per column: DD/MM/YYYY, MM/DD/YYYY, YYYY-MM-DD, and named months (e.g., 'March 25, 2026'). It handles dashes, dots, and slashes as separators. All dates are normalized to ISO-8601 (YYYY-MM-DD) in the output.

Is ImportKit GDPR compliant?

Yes. ImportKit is operated by Qualitas Imports ehf., based in Reykjavik, Iceland (EU/EEA). Data is processed client-side, no tracking cookies are used in the widget, and the lawful basis is documented under GDPR Art. 6(1)(b) and Art. 6(1)(f).

Can I route imported data to my API?

Yes. On the Pro plan, ImportKit can relay imported data directly to your API endpoint. You configure the destination URL and authentication (Bearer token, Basic auth, or custom headers), and ImportKit handles delivery with retry logic.

Is the ImportKit widget open source?

Yes. The @importkit/react widget is MIT licensed. You can inspect the source code, modify it, or self-host it. The widget is published on npm.

Security & Data Handling

How ImportKit protects your data at every step.

Data Processing

CSV and Excel files are parsed entirely in the browser using the @importkit/react widget.
No file data is sent to or stored on ImportKit servers.
Only metadata is retained: row counts, field names, mapping decisions, success/failure counts.

API Authentication

All API calls require a valid API key (ik_live_* or ik_test_*).
Keys are hashed with SHA-256 before storage — raw keys are never persisted.
Rate limiting is enforced per API key to prevent abuse.
Revoked keys are immediately rejected on all endpoints.

Encryption

API destination credentials (webhook URLs, auth tokens) are encrypted with AES-256-GCM.
Credentials are decrypted only at the moment of relay delivery.
Credentials are never logged or exposed in API responses.

Data Transience

Import data is not permanently stored after completion.
Only aggregated analytics metadata (row counts, error rates) is retained.
Users can delete their account and all associated data at any time.

GDPR Compliance

ImportKit is operated by Qualitas Imports ehf., based in Reykjavik, Iceland (EU/EEA).
Lawful basis: Art. 6(1)(b) contract performance, Art. 6(1)(f) legitimate interests.
No tracking cookies in the widget.
Full privacy policy: importkit.app/privacy

Infrastructure

Application hosted on Vercel (global edge network).
Database on Supabase (PostgreSQL, EU region).
Email delivery via Resend (EU processing).

Questions about security? Contact us at info@importkit.app