Show HN: CSVtoAny, CSV Local File Converter

csvtoany.com

3 points by nighwatch 2 days ago

About two weeks ago I built a small text-comparison tool as a simple front-end project. Recently I ran into another annoyance: converting CSV/Excel/JSON with tools that upload files to servers, feel slow, or impose limits. Since I prefer privacy-first tools, I built this one as well.

100% local: All parsing and conversion run in Web Workers. No uploads.

Format support: CSV ↔ Excel (.xlsx), JSON, SQL, XML, Markdown.

Smart column restoration: Fixes copied tables that collapse into a single column (enable under “More Options”).

No size limits: Only limited by your RAM.

My goal is to grow this into a small, one-stop CSV/format toolbox. It just launched, so there may be rough edges — feedback is welcome.

Tech

Next.js, Tailwind, SheetJS, Web Workers, i18next.

Looking for feedback

Try it with your odd CSVs: unusual delimiters, quoted newlines, mixed encodings, huge files, broken pasted tables. Also curious whether the column-restoration feature feels intuitive.

Thanks for checking it out!

mattewong 6 hours ago

The site says privacy-first and also says "we cannot lose your data if we never collect it" but it makes a WHOLE lot of POST calls passing what appear to be encrypted payloads, and refuses to work offline-- so the user has no way to verify that the limited info you claim to be collecting is in fact what is being collected. Worse, if you simply visit and use the site, you never once see any mention of terms of use, and yet those published terms-- which you will only find if you actively scroll way down to the bottom of the SPA and click on a tiny link-- and claim to be binding merely by the use of the site, which could have easily happened without the user having any knowledge or notice whatsoever that they "agreed" to something (in other words, without actually agreeing to anything). The terms also do not say anything about your data collection, though if one looks hard enough one can find it mentioned in the privacy policy, well below the contradictory opening line that says "we cannot lose your data if we never collect it". Sorry, but meta data is still data, so "we never collect [your data]" is simply false.

So, maybe you did not intend it to be so, but to me the site comes off as being very sketchy and untrustworthy.

  • nighwatch 3 hours ago

    Thanks for the thoughtful and critical feedback, this is exactly why I posted here.

    You raised fair points about the mixed messaging, and I’ve just pushed updates to address them:

    • Privacy Policy & data collection: You're right that the tagline “we never collect data” was too absolute. I do use standard analytics (GA) for anonymous usage metrics and error tracking. The Privacy Policy now clearly separates File Data — which is processed 100% locally and never leaves the browser — from Usage Metadata, which is anonymized and collected only for understanding feature performance.

    • Network activity: The POST requests you saw come solely from those analytics libraries. No file contents, pasted text, or conversion results ever hit the network. I’ll also review whether I can reduce or defer analytics calls to make this more transparent.

    • Visibility of terms: Agreed. I’ve added a prominent Privacy/Terms link in the header and a first-visit consent banner so users aren’t relying on a tiny footer link or assumptions.

    • Offline behavior: The conversion logic runs entirely in Web Workers and doesn’t require a server, but my PWA config wasn’t robust enough to guarantee a clean offline startup. I’m working on tightening that up so users can verify the “local-only” behavior themselves.

    None of this was intended to be sketchy — I simply oversimplified the marketing copy and didn’t surface the right information. I really appreciate you calling it out and giving me the chance to improve it.