Privacy Policy

Last Updated: March 19, 2026

FillFlow is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information.

Information We Collect

Account Information

When you create an account, we collect your email address and password (encrypted). This is required to provide you with access to your account and to communicate with you about the service.

Uploaded Documents

We store the documents you upload to use for form filling. These documents are encrypted and accessible only to you. We do not view, analyze, or use your documents for any purpose other than providing the service you request.

Usage Information

We collect basic usage data such as which features you use, forms filled, and error logs to improve our service. This data is anonymized and aggregated.

Technical Information

We automatically collect browser type, IP address, device information, and cookies to ensure the service functions properly and to detect security issues.

Browser Extension Data Practices

The FillFlow Chrome extension operates as follows:

Page Access

The extension is injected into web pages you visit to detect fillable forms. It reads form field labels and structure on the active page solely to facilitate form filling. We do not record, transmit, or store the content of pages you browse during normal use.

Form Fill Requests

When you initiate a form fill, the extension sends the detected form field names and structure (not their current values) along with identifiers for your selected documents to our servers. This data is used only to generate fill suggestions and is not retained after the request completes.

Local Storage

The extension stores your authentication session token and account identifier in your browser's local storage (chrome.storage.local) to keep you logged in between sessions. This data never leaves your device except as part of normal API authentication.

Host Permission

FillFlow requests access to all websites (<all_urls>) because forms exist across thousands of different domains. The extension only activates when you explicitly click the Fill Form button. It does not monitor, record, or transmit any page content during passive browsing.

Third-Party Services

We use Supabase (supabase.com) for authentication and document storage. Supabase acts as a data processor on our behalf and is contractually bound to protect your data. Their privacy policy is available at supabase.com/privacy.

How We Use Your Information

  • To provide and maintain the FillFlow service
  • To fill forms with data from your uploaded documents when you request
  • To communicate with you about your account, updates, and support
  • To improve our service through aggregated, anonymized usage analytics
  • To detect and prevent fraud, security incidents, and technical issues
  • To comply with legal obligations and enforce our Terms of Service

How We Protect Your Information

Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

Access Controls: We implement strict access controls to limit employee access to your documents.

Secure Infrastructure: We use enterprise-grade cloud infrastructure with regular security audits.

Data Minimization: We collect only what's necessary to provide the service.

Information Sharing and Disclosure

We do NOT sell your data. Ever.

We may share your information only in these limited circumstances:

  • Service Providers: Trusted third-party services including Supabase (authentication and storage), hosting providers, email, and payment processing — all contractually bound to protect your data and use it only for providing services to us.
  • Legal Requirements: When required by law, court order, or to protect our rights and safety.
  • Business Transfers: In the event of a merger or acquisition, your data may be transferred. You'll be notified and have the option to delete your account.
  • With Your Consent: We'll ask for explicit permission before sharing your data for any other reason.

Your Privacy Rights

You have the right to:

  • Access: Request a copy of all data we have about you
  • Correction: Update or correct inaccurate information
  • Deletion: Delete your account and all associated data at any time
  • Export: Download your documents and data in a portable format
  • Opt-Out: Unsubscribe from marketing emails (account-related emails are required)
  • Object: Object to certain data processing activities

To exercise these rights, email us at FillFlow@gmail.com

Data Retention

We retain your account data and uploaded documents as long as your account is active. When you delete your account, all your data is permanently removed from our systems within 30 days. Backup copies are deleted within 90 days. We may retain anonymized usage data for analytics purposes.

Cookies and Tracking

We use cookies to maintain your session, remember your preferences, and analyze site usage. We use:

  • Essential Cookies: Required for the service to function (login, security)
  • Analytics Cookies: Help us understand how users interact with our service (anonymized)

You can disable cookies in your browser settings, but this may limit functionality. To manage your cookie preferences on FillFlow, visit our Data Handling page to reset your cookie consent at any time.

Children's Privacy

FillFlow is not intended for users under 13 years old. We do not knowingly collect data from children under 13. If you believe we've collected information from a child under 13, please contact us immediately at FillFlow@gmail.com.

International Data Transfers

Your data may be processed and stored in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place to protect your data regardless of location, in compliance with GDPR and other applicable laws.

Changes to This Policy

We may update this Privacy Policy from time to time. We'll notify you of material changes via email and by updating the "Last Updated" date at the top of this page. Continued use of FillFlow after changes constitutes acceptance of the updated policy. If you disagree with changes, you may delete your account.

Contact Us

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us:

Email: FillFlow@gmail.com

Response Time: We aim to respond to privacy inquiries within 48 hours.