Skip to main content
Fillo

Legal

Data Processing Agreement

Last updated 15 June 2026

This Data Processing Agreement (“DPA”) applies when you (the “Customer”, acting as data controller) use Fillo, operated by [Legal entity name] (“Fillo”, the data processor), to collect responses through forms. It forms part of, and is governed by, the Terms of Service. Terms not defined here have the meaning given in the GDPR.

1. Scope and instructions

Fillo processes personal data contained in form responses only on the Customer’s documented instructions — which include using the product’s features and this DPA — and as required by law. Fillo will tell the Customer if it believes an instruction breaches data-protection law.

2. Subject matter, duration, nature and purpose

  • Subject matter: processing of form responses on the Customer's behalf.
  • Duration: for as long as the Customer's account is active, plus any short period needed to delete or return data.
  • Nature and purpose: collecting, storing, displaying, exporting, and deleting responses so the Customer can run its forms.

3. Types of data and data subjects

  • Personal data: whatever the Customer chooses to collect in its forms (e.g. names, email addresses, free-text answers) plus response metadata (source route, timestamps, status). The Customer controls which fields exist.
  • Data subjects: the Customer's end users and respondents.
  • Uploaded files: these reside in the Customer's own connected storage; Fillo does not store or process file contents (see section 9).

4. Fillo’s obligations

  • Process personal data only as described in section 1.
  • Ensure people authorised to process the data are bound by confidentiality.
  • Implement appropriate technical and organisational measures (section 8).
  • Assist the Customer, taking into account the nature of processing, in responding to data-subject requests and in meeting its obligations under Articles 32–36 GDPR.
  • Make available the information needed to demonstrate compliance with Article 28 GDPR.

5. Sub-processors

The Customer gives general authorisation for Fillo to engage the sub-processors listed on the Sub-processors page. Fillo imposes data-protection obligations on each sub-processor that are no less protective than this DPA, and remains responsible for their performance. Fillo will update that page before adding or replacing a sub-processor; the Customer may object on reasonable data-protection grounds.

6. International transfers

Hosting and the primary database are in the European Union. Where a sub-processor is outside the EEA (currently transactional email and optional AI drafting, both in the United States), transfers are made under the EU Standard Contractual Clauses and the relevant provider’s data-processing terms.

7. Data-subject requests

If Fillo receives a request from a data subject relating to the Customer’s responses, it will forward it to the Customer and will not respond directly except on the Customer’s instruction. The Customer can access, export, and delete responses directly in the product at any time.

8. Security measures

  • Encryption in transit (TLS) and encryption at rest for the database.
  • Stored storage credentials encrypted with AES-256-GCM.
  • Workspace isolation: each form, response, and file reference is scoped to its workspace.
  • Account passwords are hashed, never stored in plain text.
  • Signed webhooks; rate limiting and honeypot protection on submissions.

9. Personal data breaches

Fillo will notify the Customer without undue delay after becoming aware of a personal-data breach affecting the Customer’s data, with the information the Customer reasonably needs to meet its own notification duties.

10. Return and deletion

On termination, the Customer can export its responses. Fillo then deletes the Customer’s responses within a reasonable period, except where retention is required by law. Files remain in the Customer’s own storage and are unaffected.

11. Audits

Fillo will make available information reasonably necessary to demonstrate compliance with this DPA and will contribute to audits, including inspections, conducted by the Customer or an auditor it mandates, subject to reasonable confidentiality and security arrangements.

12. Governing law and signing

This DPA is governed by the law of [governing law / country]. To request a countersigned copy, contact [privacy contact email].