Privacy Policy

Welcome to Fyltr ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered form building platform.

We use your information strictly for the following purposes:

• •To provide our core form building and document extraction services
• •To process payments and manage your subscription through Stripe
• •To send important account and service updates
• •To provide customer support for our services
• •To improve our AI extraction algorithms and platform functionality
• •To comply with legal obligations and enforce our terms of service
• •To detect and prevent fraud, abuse, and security threats

Our platform uses AI services to extract structured data from your documents and generate form configurations. Here's how this works:

All AI processing is done through secure, encrypted channels. The AI extraction and generation is purely functional - it helps you convert unstructured documents into usable form data and create forms from descriptions. We do not retain or analyze your documents or prompts for any other purpose.

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes:

• •Encryption: Data in transit (TLS/SSL) and at rest (AES-256 encryption)
• •Access Controls: Role-based access controls and authentication requirements
• •Regular Security Assessments: Ongoing security audits and vulnerability testing
• •Secure Infrastructure: Industry-standard cloud security practices
• •Data Backup: Regular encrypted backups with disaster recovery procedures
• •Incident Response: Procedures for detecting and responding to security incidents

Your documents and extracted data are stored securely in our cloud infrastructure with industry-standard encryption and access controls. We regularly review and update our security practices to maintain the highest level of data protection.

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following limited circumstances:

Important: Your documents and extracted data are never shared with any third-party services except for the specific AI processing required to provide our extraction services. All third-party services are bound by strict data protection agreements and comply with applicable privacy laws.

You have the right to:

• •Access: Request a copy of all personal data we hold about you
• •Rectification: Request correction of inaccurate or incomplete information
• •Erasure: Request deletion of your personal data (right to be forgotten)
• •Portability: Export your form data and responses in CSV format
• •Objection: Object to processing of your data for certain purposes
• •Restriction: Request restriction of processing in certain circumstances
• •Withdraw Consent: Withdraw consent for data processing where applicable

Note: While we don't currently offer automated account deletion, you can contact us at privacy@fyltr.co to request deletion of your account and associated data. We will process such requests within 7 days.

We retain your data only as long as necessary to provide our services:

• •Account Data: Retained while your account is active
• •Uploaded Documents: Stored securely in Cloudflare R2 until you delete them
• •Extracted Data: Stored in your account until you delete it
• •Form Responses: Retained until you delete the form or your account
• •Payment Information: Retained by Stripe according to their policies
• •Logs and Analytics: Retained for up to 12 months for security and service improvement

When you delete forms or responses, the data is permanently removed from our systems within 30 days. If you close your account, we will delete all associated data within 30 days, except where we are required to retain it for legal or regulatory purposes.

We use essential cookies strictly necessary for our service to function. Examples include session security, CSRF protection, and short‑lived tokens for file uploads.

Public forms accessed at /f/[slug] do not use analytics or advertising cookies. These pages operate with essential cookies only and do not show a cookie consent banner.

Within the main dashboard application, we use Vercel Analytics to understand how users interact with our platform. These analytics cookies are only enabled after consent and you may decline them. Your consent preference is stored locally in your browser and remains valid for 12 months, after which you will be asked to renew your consent.

When you visit our dashboard, you'll see a consent banner allowing you to accept all cookies or choose "Only essential" to decline analytics cookies. Your choice is immediately applied and respected across all dashboard pages. No analytics scripts will load if you decline consent.

You can control cookie preferences through your browser settings at any time.

If you are located in the European Economic Area (EEA) or United Kingdom, you have certain rights under the General Data Protection Regulation (GDPR). We are committed to GDPR compliance and have implemented the following measures:

• •Lawful Basis: We process your data based on contract performance, consent, and legitimate interests
• •Data Protection Officer: Contact us at privacy@fyltr.co for GDPR-related inquiries
• •Right to Complain: You have the right to lodge a complaint with your local data protection authority
• •Data Processing Records: We maintain records of all data processing activities
• •Privacy by Design: We implement privacy considerations at every stage of development

Our services are not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@fyltr.co and we will delete such information.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information as soon as possible.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We ensure that appropriate safeguards are in place for such transfers:

• •Standard Contractual Clauses: We use EU-approved standard contractual clauses for data transfers
• •Adequacy Decisions: We transfer data to countries with adequate data protection laws
• •Third-Party Safeguards: All third-party services we use have appropriate data protection measures

By using our services, you consent to the transfer of your information to these countries and the processing of your information as described in this Privacy Policy.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• •Posting the updated policy on this page with a new "Last updated" date
• •Sending an email notification to registered users for significant changes
• •Displaying a notice in your dashboard for material changes

We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes indicates your acceptance of the updated policy.

If you have any questions about this Privacy Policy, our data practices, or would like to exercise your data rights, please contact us at privacy@fyltr.co

We are committed to responding to your privacy inquiries within 48 hours and will work with you to address any concerns about your data or our privacy practices.