Privacy Policy
We are committed to protecting your privacy and ensuring the security of your personal information.
1. Introduction
Welcome to Fyltr ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered form building platform.
Important: This platform is designed specifically for document extraction and form building purposes. We do not use your data for any other purposes beyond what is necessary to provide our core services.
2. Information We Collect
Personal Information
- •Email address and name when you create an account
- •Payment information for subscription billing (processed securely by Stripe)
- •Profile information you choose to provide
- •Billing address and contact information for account management
Service Usage Information
- •Forms you create and their configurations
- •Form responses and submitted data
- •Documents uploaded for AI-powered extraction
- •Basic analytics about form performance (response counts, access logs)
- •IP addresses and browser information for security and analytics
AI Processing Data
- •Documents and images you upload for AI extraction
- •Extracted data from your documents (stored only for your use)
- •AI processing logs for service improvement (no personal content retained)
- •Form generation prompts and JSON configurations when using AI form generation
3. How We Use Your Information
We use your information strictly for the following purposes:
- •To provide our core form building and document extraction services
- •To process payments and manage your AI credits balance through Stripe
- •To send important account and service updates
- •To provide customer support for our services
- •To improve our AI extraction algorithms and platform functionality
- •To comply with legal obligations and enforce our terms of service
- •To detect and prevent fraud, abuse, and security threats
We do NOT:
- •Sell, trade, or monetize your personal data
- •Use your data for advertising or marketing purposes
- •Share your documents or extracted data with third parties
- •Use your data for purposes unrelated to our services
Pay-As-You-Go Billing Model
Fyltr uses a pay-as-you-go (PAYG) model for AI features. Here's how it works:
- •Credits System: You purchase AI credits which are deducted when you use AI features like document extraction or chart generation
- •Variable Costs: Document extraction costs vary based on document length and complexity—a 1-page document costs less than a 100-page document due to different AI token usage
- •Auto-Refill (Optional): You may enable automatic credit refills when your balance drops below a threshold. We securely store your payment method with Stripe for this purpose
- •Transparency: You can view your usage history and costs at any time in your billing settings
4. Data Processing and AI Services
Our platform uses AI services to extract structured data from your documents and generate form configurations. Here's how this works:
Document Extraction
- •Document Upload: When you upload documents, they are temporarily processed by our AI extraction service
- •AI Processing: We use OpenAI's GPT models to extract relevant information from your documents
- •Variable Costs: Document extraction costs vary based on document length and complexity. A single-page document uses fewer AI tokens and costs less; a 100-page document will use significantly more tokens and have a higher cost
- •Data Storage: Original documents are stored securely in Cloudflare R2 and are viewable and downloadable by you. Extracted structured data is stored in our database exclusively for your access and use
- •No Training: Your documents are not used to train AI models or improve extraction for other users
AI Form Generation
- •When you use AI form generation, your form description is sent to external AI services (Claude, ChatGPT, Perplexity)
- •These services process your description to generate form JSON configurations
- •We do not store your form descriptions or share them beyond what's necessary for generation
- •The generated JSON is returned to you and stored only if you choose to save it
Google Drive Integration
- •File Uploads: If you enable Google Drive integration, files uploaded by respondents are directly uploaded to your connected Google Drive account
- •Folder Management: We create a dedicated folder structure (
/fyltr/form-name/field-name) in your Drive to keep files organized - •Permissions: We require "drive.file" permission which grants us access ONLY to files and folders created by our application. We cannot see, read, or modify any other files in your Google Drive
- •Limited Use: Our use of Google Drive APIs adheres strictly to the Google API Services User Data Policy, specifically the "Limited Use" requirements
All AI processing is done through secure, encrypted channels. The AI extraction and generation is purely functional - it helps you convert unstructured documents into usable form data and create forms from descriptions. We do not retain or analyze your documents or prompts for any other purpose.
5. Data Security
We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes:
- •Encryption: Data in transit (TLS/SSL) and at rest (AES-256 encryption)
- •Access Controls: Role-based access controls and authentication requirements
- •Regular Security Assessments: Ongoing security audits and vulnerability testing
- •Secure Infrastructure: Industry-standard cloud security practices
- •Data Backup: Regular encrypted backups with disaster recovery procedures
- •Incident Response: Procedures for detecting and responding to security incidents
Your documents and extracted data are stored securely in our cloud infrastructure with industry-standard encryption and access controls. We regularly review and update our security practices to maintain the highest level of data protection.
Data Breach Notification: In the unlikely event of a data breach that affects your personal information, we will notify you and relevant authorities within 72 hours as required by applicable data protection laws.
6. Data Sharing and Third-Party Services
We do not sell, trade, or otherwise transfer your personal information to third parties except in the following limited circumstances:
Service Providers
- •Stripe: For secure payment processing (no document data shared)
- •Supabase: For secure database storage and authentication
- •OpenAI: For AI-powered document extraction (documents are processed but not stored by OpenAI)
- •Cloudflare R2: For secure file storage (encrypted at rest)
- •Google Drive: For storing uploaded files directly in your personal storage (only when integration is enabled)
- •Vercel: For hosting and basic analytics (no personal content)
- •AI Services (Claude, ChatGPT, Perplexity): For form generation (only when you explicitly use this feature)
Legal Requirements
We may disclose your information when required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users or others.
Important: Your documents and extracted data are never shared with any third-party services except for the specific AI processing required to provide our extraction services. All third-party services are bound by strict data protection agreements and comply with applicable privacy laws.
Google User Data Limited Use Policy
Fyltr's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
7. Your Rights and Data Control
You have the right to:
- •Access: Request a copy of all personal data we hold about you
- •Rectification: Request correction of inaccurate or incomplete information
- •Erasure: Request deletion of your personal data (right to be forgotten)
- •Portability: Export your form data and responses in CSV format
- •Objection: Object to processing of your data for certain purposes
- •Restriction: Request restriction of processing in certain circumstances
- •Withdraw Consent: Withdraw consent for data processing where applicable
Note: While we don't currently offer automated account deletion, you can contact us at privacy@fyltr.co to request deletion of your account and associated data. We will process such requests within 7 days.
8. Data Retention and Deletion
We retain your data only as long as necessary to provide our services:
- •Account Data: Retained while your account is active
- •Uploaded Documents: Stored securely in Cloudflare R2 until you delete them
- •Extracted Data: Stored in your account until you delete it
- •Form Responses: Retained until you delete the form or your account
- •Payment Information: Retained by Stripe according to their policies
- •Logs and Analytics: Retained for up to 12 months for security and service improvement
When you delete forms or responses, the data is permanently removed from our systems within 30 days. If you close your account, we will delete all associated data within 30 days, except where we are required to retain it for legal or regulatory purposes.
10. GDPR Compliance
If you are located in the European Economic Area (EEA) or United Kingdom, you have certain rights under the General Data Protection Regulation (GDPR). We are committed to GDPR compliance and have implemented the following measures:
- •Lawful Basis: We process your data based on contract performance, consent, and legitimate interests
- •Data Protection Officer: Contact us at privacy@fyltr.co for GDPR-related inquiries
- •Right to Complain: You have the right to lodge a complaint with your local data protection authority
- •Data Processing Records: We maintain records of all data processing activities
- •Privacy by Design: We implement privacy considerations at every stage of development
11. Children's Privacy
Our services are not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@fyltr.co and we will delete such information.
If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information as soon as possible.
12. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We ensure that appropriate safeguards are in place for such transfers:
- •Standard Contractual Clauses: We use EU-approved standard contractual clauses for data transfers
- •Adequacy Decisions: We transfer data to countries with adequate data protection laws
- •Third-Party Safeguards: All third-party services we use have appropriate data protection measures
By using our services, you consent to the transfer of your information to these countries and the processing of your information as described in this Privacy Policy.
13. Form View Analytics
When you view a public form, we collect anonymous analytics to help form creators understand engagement metrics.
Information Collected
- •Anonymized visitor fingerprint (one-way hash of IP address and browser information)
- •Page referrer (source of traffic)
- •Browser type and timestamp
Privacy Safeguards
- •IP addresses are one-way hashed and cannot identify individuals
- •Data is fully anonymized and GDPR-compliant
- •Analytics data retained for 90 days, then automatically deleted
- •Each visitor counted once per 24-hour period per form
This data is used solely for calculating view counts and conversion metrics. No personal information can be derived from this analytics data.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:
- •Posting the updated policy on this page with a new "Last updated" date
- •Sending an email notification to registered users for significant changes
- •Displaying a notice in your dashboard for material changes
We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes indicates your acceptance of the updated policy.
15. Contact Us
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:
- •Posting the updated policy on this page with a new "Last updated" date
- •Sending an email notification to registered users for significant changes
- •Displaying a notice in your dashboard for material changes
We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes indicates your acceptance of the updated policy.
14. Contact Us
If you have any questions about this Privacy Policy, our data practices, or would like to exercise your data rights, please contact us at privacy@fyltr.co
We are committed to responding to your privacy inquiries within 48 hours and will work with you to address any concerns about your data or our privacy practices.