How we handle your data.
Plain answers to the questions buyers ask before signing. Encryption, retention, residency, sub-processors. If something here does not cover your case, ask us.
Encryption
- Profile fields are encrypted at rest with AES-256.
- PDFs sit in encrypted object storage and are served only through short-lived signed URLs.
- Every connection uses TLS 1.3.
Retention
Original PDFs are deleted after your configured retention window. Default is 7 days on Free. Pro and Teams customers can shorten or extend it. Export PDFs are kept for 7 days after generation. Profile data stays until you delete your account.
Where your data lives
EU data centers by default. Teams customers can pick US or MENA regions instead. Billing data is processed by Polar in their region.
Compliance
GDPR
GDPR-compliant by default on every plan. DPA available on request for Teams.
HIPAA
Available on the Teams plan with a signed BAA.
SOC 2
Not yet certified. We can scope SOC 2 work into a Teams contract if you need it before signing.
Who else touches your data
We use the smallest set of sub-processors needed to ship the product.
Google Document AI
OCR for scanned PDFs. Only rasterized page images are sent. Profile data never leaves our database.
Polar Software Inc.
Payment processing and merchant of record for paid plans. Polar collects billing details and remits VAT and sales tax. We never see full card numbers.
Have a question we do not answer here?
Teams prospects: send security questionnaires, DPAs, or compliance asks to sales@fillwizard.com.
For security disclosures or product questions, write to support@fillwizard.com.
We answer in English, French, Spanish, German, and Arabic.