Privacy policy

FillDef is a form-filling browser extension and web app designed to keep your personal data on your device. We collect the minimum needed to run an account and bill for credits — nothing more. Your profile is encrypted in your browser; we cannot decrypt it. Our AI proxy receives only field labels, never your values. PDFs are processed client-side and never reach our servers.

“FillDef”, “we”, “us”, and “our” refer to the operator of FillDef. For the purposes of GDPR, we are the data controller for the small set of personal data described in “What we collect” below.

For privacy enquiries, contact hello@filldef.com.

The complete list of personal data we collect and store server-side:

• Email address — for account login and receipts.
• Credit balance — so credits work across your devices.
• Purchase history — pack purchased, amount, date, payment-provider session id. Required for tax compliance and refund handling.
• Fill counts (numeric) — how many fills you used this month, used to enforce the free-tier quota and detect abuse. We do not record what you filled, where you filled it, or any value.
• Authentication metadata — managed by Supabase Auth (see “Sharing & sub-processors” below). Includes last-sign-in time and basic session tokens.

Standard backend logs may include request timestamps, approximate region, and IP address; these are operational logs from our hosting providers (see “Sharing & sub-processors” below), not a behavioral profile.

We use the data listed above to:

• Authenticate you and run your account.
• Process credit purchases and provide receipts/refunds.
• Enforce free-tier limits and detect abusive usage patterns.
• Send transactional emails (purchase confirmations, security notices). We do not send marketing email.
• Respond to your support and privacy requests.
• Comply with legal obligations (tax records, valid legal process).

We deliberately do not collect, store, or have access to:

• The contents of your profile — name, address, tax IDs, signature image, custom fields. These are encrypted on your device with a key we cannot reproduce.
• The PDFs you fill. They are processed entirely in your browser.
• The websites you fill on, the values you submit, or any behavioral analytics on form interactions.
• The mapping AI does not receive any value from your profile. It receives only field labels and form attributes; see /privacy for the architectural detail.

If you are in the EEA, UK, or Switzerland, our legal bases for processing the data listed in “What we collect” are:

• Performance of a contract — to provide the FillDef service to you.
• Legitimate interests — to detect abuse, secure our infrastructure, and improve reliability.
• Legal obligation — to keep tax records and respond to lawful requests.

These map to the lawful bases set out in GDPR Article 6.

We do not sell or share personal data for advertising. We use the following sub-processors to operate the service:

• Supabase — authentication, PostgreSQL database, Edge Functions.
• Cloudflare — web app hosting and CDN.
• Polar — payment processing for credit purchases.
• AI model provider — receives field labels only (no values, no profile data) when the local pattern dictionary cannot resolve a field. Currently routed through a single provider with a model-agnostic interface so we can change providers without changing what is sent.

We may also disclose data when required by law, valid legal process, or to protect the safety, rights, or property of FillDef, our users, or the public.

• Account data (email, balance) — kept while your account is active.
• Purchase history — retained as long as required by tax law in our jurisdiction (typically up to 10 years).
• Fill counts — retained per month for free-tier accounting; aggregated or pruned beyond a rolling window.
• Backend logs — short-term (typically 30–90 days) per hosting-provider defaults.
• On account deletion, we remove or anonymize the above except records we are legally required to keep.

Depending on where you live, you may have the right to:

• Access a copy of the data we hold about you.
• Correct inaccurate data.
• Delete your account and the associated data (subject to legal retention requirements above).
• Object to or restrict certain processing.
• Port your data to another service.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local data-protection authority.

To exercise any of these, email hello@filldef.com from your account email. We respond within 30 days.

Your profile is encrypted in your browser using AES-256-GCM with a key derived locally via PBKDF2 from your account identifier. We do not have, and cannot reconstruct, that key. Account data on our servers is protected by standard database access controls and row-level security.

No system is perfectly secure. If you suspect a security issue, email hello@filldef.com.

Our sub-processors operate globally. Where personal data is transferred outside your jurisdiction, we rely on standard contractual clauses or equivalent safeguards offered by the relevant provider.

The web app uses cookies and similar storage strictly for authentication and session management — for example, to keep you signed in across pages. We do not use advertising, analytics, or behavioral-tracking cookies. The extension uses browser storage to hold your encrypted profile locally.

FillDef is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). If you believe a child has provided us with personal data, contact us and we will delete it.

We may update this policy. The “Last updated” date at the top reflects the current version. Material changes will be communicated via email to active accounts before they take effect.

For all privacy and security enquiries, email hello@filldef.com.