PRIVACY NOTICE

Last updated:

This notice explains how Fillenza handles your data with end-to-end encryption and privacy-first design. For our service terms, see the Terms of Service. Manage your account at the Fillenza Portal.

This Privacy Notice for CSHARPAD DOO, doing business as Fillenza ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

  • Visit our website at https://fillenza.com, or any website of ours that links to this Privacy Notice
  • Use the Fillenza Portal (management dashboard) to manage your account and subscriptions
  • Integrate the Fillenza widget into your websites using our JavaScript SDK and API
  • Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at support@fillenza.com.

This Privacy Notice is incorporated into and forms part of our Terms of Service. For information about subscription payments and refunds, see our Refund Policy. For pricing details, see our Pricing page.

SUMMARY OF KEY POINTS

This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

What personal information do we process? When you register for and use the Fillenza Portal, we collect account information (email, password) and billing information (company name, VAT number, address). The Fillenza widget processes form data (text, documents, images) submitted by end users, but this data is never stored — it is processed in real-time and discarded immediately. Learn more about personal information you disclose to us.

Do we process any sensitive personal information? The Fillenza widget may process sensitive personal information as part of form data submitted by end users (such as financial details, health information, or government identifiers). However, this data is protected by strong, industry-standard end-to-end encryption and is never stored on our servers. It is processed ephemerally in memory and discarded immediately after form completion.

Do we collect any information from third parties? We do not collect information from third parties. All information is provided directly by you through the Portal or processed ephemerally through the widget.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

In what situations and with which parties do we share personal information? We share information with specific third parties: Paddle (payment processing), Azure OpenAI (AI fallback processing), and Loopia (transactional emails). Learn more about when and with whom we share your personal information.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information, including the right to access, correct, delete, or port your data. Learn more about your privacy rights.

How do you exercise your rights? The easiest way to exercise your rights is by contacting us at support@fillenza.com. We will consider and act upon any request in accordance with applicable data protection laws.

TABLE OF CONTENTS

  1. WHAT INFORMATION DO WE COLLECT?
  2. HOW DO WE PROCESS YOUR INFORMATION?
  3. END-TO-END ENCRYPTION AND DATA SECURITY
  4. WIDGET DATA PROCESSING
  5. AI DATA PROCESSING
  6. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
  7. COOKIES AND TRACKING TECHNOLOGIES
  8. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
  9. HOW LONG DO WE KEEP YOUR INFORMATION?
  10. DO WE COLLECT INFORMATION FROM MINORS?
  11. WHAT ARE YOUR PRIVACY RIGHTS?
  12. CONTROLS FOR DO-NOT-TRACK FEATURES
  13. DO WE MAKE UPDATES TO THIS NOTICE?
  14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
  15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Fillenza Portal, express an interest in obtaining information about us or our products and Services, or otherwise when you contact us.

Portal Registration and Account Data. When you create an account on the Fillenza Portal, we collect:

  • Email address
  • Password (stored only as a cryptographic hash — we never store or have access to your plaintext password)
  • Two-factor authentication settings (if enabled)

Billing Profile Data. When you subscribe to a paid plan, we collect:

  • Company name
  • VAT number
  • Company registration number
  • Billing address (country, city, postal code, address lines)

Widget Form Data. When end users interact with the Fillenza widget embedded on your website, the widget processes form data that may include text, documents (PDF, DOCX), and images. This data is protected by end-to-end encryption and is never stored on our servers. See Section 4 (Widget Data Processing) for details.

Sensitive Information. The Fillenza widget may process sensitive personal information as part of form data submitted by end users. This could include financial details, health information, government identifiers, or other sensitive categories depending on the forms the widget is integrated with. We do not determine what data end users submit — this is determined by the forms on your website. Critically, all such data is:

  • Protected by strong, industry-standard end-to-end encryption (see Section 3)
  • Processed ephemerally in memory only
  • Never stored, logged, or retained on our servers
  • Never used for AI model training or any secondary purpose

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Is providing personal information required? Providing your registration information (email, password) is a contractual requirement necessary to use the Services. Providing billing profile data (company name, VAT number, address) is required to subscribe to a paid plan. If you do not provide this information, we will be unable to create your account or process your subscription. Widget form data is provided voluntarily by end users and is not retained.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, and information about how and when you use our Services. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Specifically:

  • Portal: We log IP address and User-Agent for security events (successful/failed login attempts, account lockouts, registration).
  • Widget API: IP addresses are used for rate limiting (per-IP fixed window) but are not stored persistently.
  • Landing Page: We may use Google Analytics to collect anonymized usage statistics. See Section 7 (Cookies and Tracking Technologies) for details.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services. The table below describes each processing activity and its legal basis under the GDPR (Article 6(1)):

Processing Activity Description Legal Basis (GDPR Art. 6(1))
Provide and maintain the Services We use your account information to authenticate you, manage your subscription, and provide access to the Fillenza Portal and API. Performance of contract (b)
Process payments We share necessary billing information with Paddle (our Merchant of Record) to process your subscription payments. See Section 6 for details. Performance of contract (b)
Send transactional communications We use your email address to send account-related notifications such as password reset emails, subscription confirmations, and service alerts. These emails are sent through our SMTP provider (Loopia). Performance of contract (b)
Ensure security We log security events (login attempts, API usage patterns) to detect and prevent fraud, abuse, and unauthorized access. We implement rate limiting on API endpoints using IP-based fixed windows. Legitimate interest (f)
Provide AI-powered form filling When end users interact with the Fillenza widget, we process the submitted form data through our AI infrastructure to generate form completion suggestions. This processing is ephemeral — data exists in memory only during the active processing of a request. See Sections 4 and 5 for details. Performance of contract (b)
Analytics (if implemented) We may use Google Analytics to collect anonymized usage statistics on our website. See Section 7 for details and opt-out options. Consent (a)
Comply with legal obligations We may process your information to comply with applicable laws, regulations, or legal proceedings. Legal obligation (c)

3. END-TO-END ENCRYPTION AND DATA SECURITY

In Short: All data transmitted through the Fillenza widget is protected by strong, industry-standard end-to-end encryption with unique, single-use cryptographic keys.

Data security is not an afterthought at Fillenza — it is the foundation of our architecture. We implement a Privacy by Design approach where security is embedded at every layer.

End-to-End Encryption

All data transmitted through the Fillenza widget is protected by end-to-end encryption that operates above and beyond standard TLS transport security:

  • Key Exchange: RSA-OAEP-256 (asymmetric encryption for secure key exchange)
  • Payload Encryption: AES-256-GCM (symmetric encryption for data payloads)
  • Unique Keys: Every fill request uses a unique, one-time symmetric encryption key. No two data transmissions are ever encrypted with the same key.
  • Key Disposal: All session encryption keys (used for individual fill requests) are immediately and permanently destroyed after a single use. Keys cannot be recovered, reused, or reconstructed.
  • Fillenza Request Token (FRT): Each API request is authorized with a short-lived (up to 5 minutes), single-use JSON Web Token (JWT). After use or expiration, the token is permanently invalidated.
  • Transport Security: TLS 1.2 or higher is used for all communications, providing an additional layer of encryption at the transport level.

Additional Security Measures

  • Domain-bound API keys: Live API keys are bound to specific authorized domains, preventing unauthorized usage from unregistered origins.
  • Database-level data isolation: Every customer's data is separated by user-scoped query filters at the database level, ensuring strict data separation. No customer can access another customer's data.
  • Opaque API keys: Publishable API keys use opaque, non-guessable tokens (e.g., pk_test_..., pk_live_...) rather than sequential identifiers, preventing enumeration attacks.
  • Rate limiting: API endpoints are protected by per-IP rate limiting with fixed window algorithms.
  • Audit logging: Security-relevant events are logged with sensitive fields automatically masked (e.g., VAT numbers, API keys appear as ***MASKED***).

4. WIDGET DATA PROCESSING

In Short: The Fillenza widget processes form data in real-time but never stores it. Data exists only in memory during processing and is discarded immediately.

The Fillenza widget is the core of our service — a JavaScript component that developers embed into their websites to enable AI-powered form filling. Understanding how data flows through the widget is critical to understanding our privacy practices.

What data does the widget process?

The widget processes whatever data end users choose to submit for form completion. This may include:

  • Free-form text input
  • PDF documents (text-based and scanned, processed via OCR)
  • DOCX documents
  • Images (PNG, JPEG)

We do not determine or control what data end users submit — this depends entirely on the forms on the developer's website.

How is widget data handled?

  1. Encryption: All data is encrypted on the end user's device using unique, one-time cryptographic keys before being transmitted (see Section 3).
  2. Transmission: Encrypted data is sent to our API over TLS.
  3. Processing: Data is decrypted in a secure, isolated memory space and processed by our AI infrastructure to generate form completion suggestions.
  4. Response: The AI-generated form suggestions are encrypted and sent back to the end user's browser.
  5. Disposal: All data — the original input, decrypted content, and AI-generated output — is immediately and permanently discarded from memory. Nothing is written to disk, database, or any persistent storage.
  6. Form submission: When the end user submits the completed form, the data goes directly to the developer's server. Fillenza does not receive, intercept, or process the final form submission.

What we do NOT do with widget data:

  • We do NOT store widget data on our servers, in databases, or in log files.
  • We do NOT use widget data to train, fine-tune, or improve any AI models.
  • We do NOT share widget data with any third party (except for ephemeral AI processing — see Section 5).
  • We do NOT retain any record of the content submitted through the widget.

What we DO retain:

  • Operational metadata: usage counts (number of Smart Fills consumed), performance metrics, error rates, and internal audit logs (which may include user identifiers and change records for security monitoring and regulatory compliance). No user-submitted content (text, documents, images) is included in these records.

5. AI DATA PROCESSING

In Short: Form data is processed by our AI infrastructure using either an On-Premise LLM server (primary) or Azure OpenAI Service (fallback). Neither stores user data.

Primary Processing: On-Premise LLM

Our primary AI processing infrastructure is an On-Premise Large Language Model (LLM) server located in Serbia. This server:

  • Runs locally on our own hardware — data does not leave our infrastructure
  • Does not store, retain, or log any user data
  • Processes all data ephemerally in GPU memory only
  • Discards all data immediately upon completion of each request

Fallback Processing: Azure OpenAI Service

When our On-Premise LLM server is unavailable or under heavy load, requests are automatically routed to the Azure OpenAI Service (hosted in the EU — West Europe region). In such cases:

  • Data is transmitted to Azure OpenAI over encrypted channels
  • Azure OpenAI Service is configured to NOT store or train on customer data
  • Microsoft's Azure OpenAI data processing terms apply
  • We do not have direct control over Azure OpenAI's internal processing, but their enterprise terms prohibit data retention for model training

For Azure OpenAI's data handling policies, please refer to Microsoft's Azure OpenAI Service data privacy documentation.

AI Model Training

We want to be absolutely clear: your data is never used to train any AI model. Neither our On-Premise LLM nor the Azure OpenAI fallback uses customer data for training, fine-tuning, or model improvement purposes.

6. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We share information with specific third parties necessary for operating our Services. We do not sell your personal information.

We may need to share your personal information with the following third parties:

Third Party Data Shared Purpose Their Privacy Policy
Paddle (Paddle.com Market Limited) Email, company name, VAT number, company registration number, billing address Payment processing, invoicing, tax compliance. Paddle acts as our Merchant of Record — your purchase agreement for payment purposes is with Paddle. paddle.com/legal/privacy
Azure OpenAI Service (Microsoft) Form data content (only during cloud AI fallback routing, ephemeral) AI processing when On-Premise LLM is unavailable Microsoft Privacy Statement
Loopia (SMTP provider) Email address Sending transactional emails (password reset, account confirmations, subscription notifications) loopia.se/om-loopia/dataskydd
Microsoft Azure (hosting) Infrastructure-level data Cloud hosting for Portal, API, and database (West Europe region) Microsoft Privacy Statement

We do NOT:

  • Sell your personal information to any third party
  • Share your information for advertising purposes
  • Provide your data to data brokers
  • Use your information for profiling or automated decision-making that produces legal or similarly significant effects (GDPR Article 22). Our AI form-filling service generates suggestions for form completion only — it does not make decisions about you or produce legal effects. End users always review and control the final form submission.

Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

For details on our obligations as a data processor, sub-processor management, audit rights, and data deletion procedures under GDPR Article 28, please refer to our Data Processing Agreement.

7. COOKIES AND TRACKING TECHNOLOGIES

In Short: We use only functional and security cookies necessary for the operation of our Services. The Fillenza widget does not use cookies.

Fillenza Widget

The Fillenza widget does NOT use cookies, localStorage, sessionStorage, or any other persistent browser storage mechanism. All authentication is handled through ephemeral in-memory tokens (FRT).

Fillenza Portal

The Fillenza Portal uses only functional and security cookies that are strictly necessary for authentication, session management, and the secure operation of the service. These cookies cannot be disabled while using the Portal, as they are essential for its functionality. They expire when your session ends or after a defined inactivity period.

Your theme preference (light/dark mode) may be stored in localStorage. This is a functional preference and does not involve tracking.

Payment Provider

Our payment processing is handled by Paddle as the Merchant of Record. Paddle's payment scripts are loaded exclusively on authenticated pages where payment functionality is required. Visitors who have not created an account are never exposed to Paddle's cookies or tracking technologies.

By creating a Fillenza account and accepting our Terms of Service, you enter into a contractual relationship that includes the use of Paddle as our payment provider. The cookies set by Paddle in this context are strictly necessary for the performance of the payment service you have requested (within the meaning of Article 5(3) of the ePrivacy Directive 2002/58/EC) and are processed on the legal basis of contractual necessity (Article 6(1)(b) GDPR). These cookies are governed by Paddle's own cookie notice and privacy policy.

Landing Page and Analytics

We may use analytics tools on our website (fillenza.com) to collect anonymized usage statistics. When analytics cookies are in use, a cookie consent mechanism is deployed in accordance with the ePrivacy Directive (2002/58/EC), allowing you to accept or reject non-essential cookies before they are placed.

What We Do NOT Do

We do NOT use cookies or tracking technologies for:

  • Advertising or retargeting
  • Behavioral profiling
  • Cross-site tracking
  • Selling data to third parties

Cookies set by our services are not shared with third parties, except as described above with respect to our payment provider.

8. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

In Short: Your data is primarily processed within the European Union. Our On-Premise LLM server is located in Serbia.

Server Locations

Infrastructure Location Data Processed
Portal, API, Database Azure West Europe (EU) Account data, billing data, service metadata
On-Premise LLM Server Serbia Form data (ephemeral, not stored)
Azure OpenAI (fallback) Azure West Europe (EU) Form data (ephemeral, during cloud routing only)
Paddle (payment) UK/EU Billing and payment data
Loopia (SMTP) Sweden (EU) Email addresses for transactional emails

Data Protection

If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, your account and billing data is processed and stored within the EU (Azure West Europe region).

Our On-Premise LLM server in Serbia processes form data ephemerally (in memory only, no storage). As no personal data is stored on this server and all processing is ephemeral, the data protection risk is minimal. Serbia's data protection law (Zakon o zaštiti podataka o ličnosti, Official Gazette RS No. 87/2018) is modeled on the GDPR, providing a comparable level of data protection. We ensure appropriate safeguards are in place for any data transfer to Serbia, including the ephemeral nature of processing (no data at rest) and application-level end-to-end encryption for all data in transit.

All data in transit between any location is protected by TLS 1.2 or higher. Widget data is additionally protected by our application-level end-to-end encryption (see Section 3).

9. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law. Widget data is never stored.

Data Type Retention Period
Widget form data (text, documents, images) Not stored — processed in memory and discarded immediately
Portal account data (email, password hash) Until account deletion is requested; then suspended for 14 days (self-service cancellation), locked for 14 more days (admin-assisted reversal), permanently deleted after 28 days total
Billing profile data (company, VAT, address) Permanently deleted from Fillenza upon account deletion. Paddle (Merchant of Record) retains invoice and transaction records per its own retention policy and tax regulations.
Audit logs (security events) 90 days, then automatically deleted
Raw audit data (processing queue) 1 hour (processed), 7 days (poison/failed records)
Rate limiting counters (IP-based) Not persistently stored — fixed window in memory, no IP addresses are written to disk or database
AI processing data Not stored — ephemeral in-memory processing only
Google Analytics data Subject to Google's data retention settings (configured to minimum)

When you request account deletion, your account enters a 14-day suspension period during which you may cancel the request at any time by logging in to your account. After 14 days, the account is locked and marked for deletion — you may still contact support@fillenza.com to reverse the process within an additional 14 days. After 28 days total, the deletion becomes permanent and irreversible.

If you cancel the deletion during the grace period, your account is restored to active status. However, any subscriptions that were paused during the deletion process must be manually reactivated by you through the Portal. Subscription billing will not resume until you explicitly reactivate each subscription.

Billing impact of account deletion: When you request account deletion, all active subscriptions are immediately suspended. No credit or refund is issued for unused time in current billing periods. If you cancel the deletion during the grace period, your subscriptions must be manually reactivated, and each reactivation starts a new billing period with the full fee charged immediately.

Upon permanent account deletion:

  • Your account data (email, password, profile) is permanently deleted
  • All API keys, usage records, and session tokens are permanently deleted
  • All subscription and billing profile data is permanently deleted from Fillenza's systems
  • Audit log entries are anonymized (user references removed) and retained for up to 90 days for security purposes
  • Paddle, as the Merchant of Record and independent data controller, retains invoice and transaction records in accordance with its own data retention policy and applicable tax regulations. For Paddle's data practices, see paddle.com/legal/privacy.

10. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 16 years of age.

We do not knowingly collect, solicit data from, or market to children under 16 years of age, in accordance with the GDPR age threshold. By using the Services, you represent that you are at least 16 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services.

If we learn that personal information from users less than 16 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 16, please contact us at support@fillenza.com.

11. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your location, you may have rights including access, correction, deletion, and portability of your personal data.

Your rights under the GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under applicable data protection laws:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal data, subject to certain legal exceptions (e.g., accounting retention requirements).
  • Right to Restriction of Processing: You can request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability (Art. 20): You can request to receive your personal data in a structured, commonly used, and machine-readable format (such as JSON or CSV), and have the right to transmit that data to another controller without hindrance, where the processing is based on consent or contract performance and is carried out by automated means.
  • Right to Object (Art. 21): You can object to the processing of your personal data where we rely on legitimate interest (Art. 6(1)(f)) as the legal basis. Upon objection, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests. You may object to processing for direct marketing purposes at any time, without needing to provide a reason.
  • Right to Withdraw Consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement (GDPR Article 77).

To exercise any of these rights, please contact us at support@fillenza.com. We will respond to your request within one calendar month, as required by applicable law.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay, as required by GDPR Article 34.

Two-Factor Authentication

When 2FA is enabled on your account, certain operations require additional verification via your authenticator application. Recovery codes are generated during 2FA setup and must be stored securely by you. Fillenza does not store recovery codes in readable form and cannot recover your account if both your authenticator device and recovery codes are lost.

Account Information

You can review and change your account information at any time by logging into the Fillenza Portal. If you would like to terminate your account, you can do so through the Portal or by contacting us at support@fillenza.com.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms, and/or comply with applicable legal requirements (particularly accounting and tax regulations for billing data).

12. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

Note: The Fillenza widget does not perform any tracking. It does not use cookies, does not collect browsing history, and does not monitor online behavior.

13. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, or wish to exercise your data protection rights, you may contact our data protection contact point at:

CSHARPAD DOO (doing business as Fillenza)
Data Protection Contact
Ludaski sor 74
Supljak 24418
Serbia
support@fillenza.com

As a small enterprise, we are not required to appoint a Data Protection Officer (DPO) under GDPR Article 37. However, our data protection contact point above handles all privacy-related inquiries and data subject requests with the same diligence.

15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information.

To request to review, update, or delete your personal information, please contact us at support@fillenza.com. We will respond to all legitimate requests within one calendar month.

For widget data: Please note that we cannot provide, modify, or delete data submitted through the Fillenza widget because we do not store it. Widget data is processed ephemerally and discarded immediately — there is nothing to retrieve or delete.