Privacy Policy

For information relating to your account and the flyers you build, Fillyr is the “controller” (the party that decides how and why your information is processed). For information that a Recipient types or adds when filling out a flyer you published, you — the flyer creator — are responsible for that information; see section 6.

We collect the following categories of information.

• Account information. Your name, email address, and a securely hashed password when you register. If you sign in with Google, we receive your basic profile information (such as name, email, and profile image) from Google.
• Flyer content. The flyer images you upload, the fields you place on them, titles, sample values, and related settings.
• Usage and analytics. Aggregate counts of how often your flyer links are filled (for example, the flyer involved, the source, and a timestamp). These are tied to your flyer, not to the identity of the Recipient.
• Technical and security data. To keep you signed in and protect accounts, we store session records that include your IP address and basic device/browser information.

We do not intentionally collect special categories of data (such as health, biometric, or government-ID data). Please do not upload such data into flyers.

We use information to:

• create and secure your account and authenticate you;
• store, render, and publish your flyers and generate shareable fill links and QR codes;
• send transactional emails (for example, verification and password resets);
• show you analytics about how your links perform;
• operate, maintain, debug, and improve the Service and prevent abuse; and
• comply with legal obligations.

We do not sell your personal information, and we do not use it for third-party advertising.

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

• Contract — to provide the Service you sign up for;
• Legitimate interests — to secure, maintain, and improve the Service and prevent abuse, in a way that is balanced against your rights;
• Consent — where we ask for it, which you may withdraw at any time; and
• Legal obligation — where the law requires us to process information.

We use a strictly necessary session cookie to keep you signed in and to protect your account. Because it is essential to the Service, it is set when you log in. We do not use advertising or cross-site tracking cookies.

When someone opens a flyer link and enters details to personalise it, that information is handled in the Recipient’s own browser. In particular, photos a Recipient chooses on the fill page are processed on their device and are not uploaded to our servers. We record only aggregate fill activity for your analytics, not the content a Recipient enters.

If you, as a flyer creator, design a flyer to collect personal information from Recipients, you are responsible for handling that information lawfully — including giving Recipients any required privacy notices and obtaining any required consents.

We share personal information only as needed to run the Service, with service providers that process it on our behalf under appropriate confidentiality and data-protection obligations. These include:

• image hosting and content delivery (to store and serve flyer images);
• cloud database and application hosting;
• email delivery (for transactional emails); and
• authentication, including Google when you choose to sign in with it.

We may also disclose information if required by law, to enforce our terms, to protect the rights, safety, and security of Fillyr or others, or in connection with a merger, acquisition, or sale of assets (subject to this Policy).

We and our service providers may process information in countries other than yours. Where we transfer personal information out of the EEA or UK, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or an adequacy decision.

We keep your account and flyer data for as long as your account is active. You can delete a flyer at any time, and you can ask us to delete your account. After deletion we remove or anonymise your information, except for limited copies retained in routine backups for a short period or where we must keep it to comply with the law or resolve disputes.

We take reasonable technical and organisational measures to protect personal information, including hashing passwords and using encrypted connections. No method of transmission or storage is completely secure, so we cannot guarantee absolute security; please use a strong, unique password and keep your credentials confidential.

Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of your personal information, to object to certain processing, and to withdraw consent. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data-protection authority.

If you are a California resident, you have rights under the CCPA/CPRA to know what personal information we collect, to request access and deletion, and not to be discriminated against for exercising these rights. We do not sell or “share” personal information as those terms are defined under California law.

To exercise any of these rights, contact us using the details below. We will respond within the time required by applicable law and may need to verify your identity first.

The Service is not directed to children under 13 (or the minimum age of digital consent in your country), and we do not knowingly collect their personal information. If you believe a child has provided us information, please contact us and we will take appropriate steps to delete it.

We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Service after an update means you acknowledge the revised Policy.

Questions or requests about this Policy or your personal information? Reach us at support@fillyr.app. See also our Terms of Service.