Privacy Policy

This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you use our website, Chrome extension, and services.

This Privacy Policy applies to Fillio, a service operated by [Company Name], registered at [Registered Address]. For the purposes of data protection law, [Company Name] is the data controller.

By using our services, you agree to the collection and use of information in accordance with this Privacy Policy. If you have any questions, feel free to contact us at [Contact Email].

1. Information We Collect

We collect and process various types of personal information, including:

• Account Data: Email address, user ID, and credit balance information used for authentication and billing.
• Support Data: Any information you voluntarily provide when contacting our support inbox.
• Usage Data & Telemetry: Information on how you use our website and extension. For the extension, we only store anonymous user credit consumption logs and generic usage metrics, such as the number of form fields processed, and login/logout events. We do not retain the actual content of the fields.
• Cookies and Tracking Data: We use cookies and similar tracking technologies to monitor activity on our website and improve user experience.

2. Zero Data Storage Principle (Chrome Extension)

Our core privacy philosophy for the Fillio extension is simple: we don't store your personal profile data, nor do we retain any form-filling data. The profile data you enter into the Fillio extension stays on your device (in your browser's local storage). We do not maintain a database of our users' personally identifiable information (PII) or form responses.

Furthermore, we strictly ensure that the data processed during an autofill session is never used to train our AI models or any third-party AI models. The AI processing is strictly ephemeral.

Please note that because Fillio uses AI to autofill form data based on your local presets, the extension does not automatically submit forms. This ensures you have the opportunity—and responsibility—to review the accuracy of the data before manual submission.

3. How We Use Your Information

We process your personal data only when necessary to provide our services or when we have a legitimate interest in doing so. These purposes include:

• Providing and maintaining the Fillio extension and website services
• Processing payments and managing your credit balance
• Communicating with you about your account, support requests, or our services
• Fulfilling legal obligations, such as fraud prevention or compliance with applicable laws
• Improving and developing new features of our platform

4. Legal Basis for Processing

We rely on the following legal bases for processing your personal data:

• Contractual Obligation: Processing is necessary for the performance of a contract you have with us, such as creating an account or using our services.
• Legitimate Interest: Processing is necessary to improve our services, protect our platform, or pursue legitimate business interests, provided your rights and interests are not overridden.
• Consent: You have provided clear consent for us to process your data for specific purposes (e.g., marketing communications).
• Legal Compliance: We may process your data when required to comply with legal obligations.

5. How We Share Your Data & Third-Party Services

To provide our service securely and effectively, we partner with specialized third-party providers. In all cases, your personal data is protected:

• Authentication Partners (e.g., Supabase): Used to securely manage your login sessions, store your user ID, and track your credit balance.
• Payment Processors (e.g., Paddle): Acts as our Merchant of Record to handle all payment processing and billing data. We do not store or process your payment card details.
• Secure Cloud Infrastructure (Google Cloud): Our servers run on secure cloud infrastructure. When you trigger an autofill, form data and profiles are processed entirely in-memory to route the request and are immediately discarded. No user data is stored at rest on these servers.
• Generative AI Partners: The core of our service uses LLM APIs to analyze the form structure against your local profile. This data is transmitted securely, processed ephemerally to generate a fill plan, and is never used to train their models.
• Legal Requirements: We may disclose your personal information when required by law, court order, or to prevent fraud or illegal activities.

6. International Transfers

We prefer to use data centers located within the European Union (such as Google Cloud EU) for data processing and storage where possible. Where data is transferred outside the European Economic Area (EEA) or the UK (for example, when using global analytics services), we ensure appropriate safeguards are in place, such as the use of Standard Contractual Clauses approved by the European Commission or equivalent UK mechanisms.

7. Data Security

We take data security seriously and implement industry-standard measures to protect your information from unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

8. Your Rights

Under the UK GDPR and global data protection laws, you have the following rights regarding your personal data:

• Access: You have the right to request access to the personal data we hold about you.
• Correction: You can request that any inaccurate or incomplete data be corrected.
• Erasure ("Right to be Forgotten"): You can request the deletion of your personal data in certain circumstances.
• Restriction of Processing: You can ask us to restrict the processing of your data in specific situations.
• Data Portability: You can request that we provide your personal data in a structured, commonly used, and machine-readable format.
• Objection to Processing: You can object to the processing of your personal data based on legitimate interests.
• Withdraw Consent: If we rely on your consent to process your data, you can withdraw this consent at any time.

To exercise any of these rights, please contact us at [Contact Email]. You also have the right to lodge a complaint with your local data protection authority (e.g., the Information Commissioner's Office in the UK).

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Chrome Extension Data: Your profile data is stored locally on your device and remains until you clear it or uninstall the extension.
• Account Information: Kept for the duration of your account and deleted within 7 days after closure.
• Customer Support Communications: Retained for up to 2 years after resolution to improve service and address follow-up issues.
• Payment and Billing Records: Kept for up to 7 years to comply with tax and financial regulations.
• Analytics and Usage Data: Retained in identifiable form for up to 12 months, after which they are aggregated or anonymized.

10. Cookies and Local Storage

The Fillio extension uses your browser's local storage to save your data presets and profile information locally on your device. Our website uses essential cookies to maintain your session and minimal analytics cookies (e.g., Google Analytics) to understand website usage. You can manage your cookie preferences through your browser settings.

11. Children's Data

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children.

12. Third-Party Links

Our website may contain links to external sites not operated by us. We are not responsible for the content or privacy practices of these third-party sites. We encourage you to review the privacy policies of any third-party websites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and we will notify you of significant updates by email or through our website.