Filly AI Home

Privacy Policy

Last updated: June 26, 2026

This policy explains how Filly AI collects, uses, and protects personal data. We act as a data controller for your account data and as a data processor for the client data you choose to store.

1. Data we collect

  • Account data: your email address and authentication metadata.
  • Billing data: subscription status and Stripe customer/identifier (card details are handled by Stripe; we never see them).
  • Your Content: documents you upload and client profile fields you enter — which may include names, contact details, addresses, dates of birth, and sensitive identifiers such as tax IDs, passport numbers, or ID numbers.
  • Usage data: basic logs needed to operate and secure the Service.
  • Signatures: e-signature images, timestamps, and the signer's IP address and browser, kept as an audit trail.

2. How we use data

  • To provide the Service: analyze documents, autofill forms, generate PDFs, and collect signatures.
  • To process payments and manage subscriptions.
  • To send transactional emails (e.g. sign-in links, signature notifications).
  • To secure the Service and prevent abuse.

3. Legal basis (GDPR)

We process account and billing data to perform our contract with you, transactional email on the basis of legitimate interest and contract, and we process client data on your instructions as your processor. Where you upload data about third parties, you are responsible for having a lawful basis to do so.

4. Sub-processors

We share data only with providers needed to run the Service:

  • Supabase — database, authentication, and file storage.
  • Anthropic — AI document analysis and autofill.
  • Stripe — subscription billing.
  • Resend — transactional email delivery.
  • Vercel — application hosting.

We do not sell personal data. Business customers can request a Data Processing Agreement.

5. Data retention

We retain Your Content while your account is active. On deletion, content is removed from our active systems within a reasonable period, subject to backups and legal obligations. You can delete clients, forms, and fills from within the app at any time.

6. Security

Data is encrypted in transit and at rest. Access is restricted by row-level security scoped to your account, and privileged keys are used only on the server. No system is perfectly secure; we work to protect your data using industry-standard measures.

7. International transfers

Our providers may process data outside your country, including the United States, under appropriate safeguards such as Standard Contractual Clauses.

8. Your rights

Depending on your location, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict processing. To exercise these rights, contact support@getfilly.app.

9. Cookies

We use only essential cookies required for authentication and security. We do not use advertising cookies.

10. Contact

For privacy questions or requests, contact support@getfilly.app.