Privacy Policy

Version 1.1 — Last Updated: 2 March 2026

1. Introduction and Scope

This Privacy Policy ("Policy") describes how JustFill ("we," "us," "our," or the "Controller") collects, uses, stores, shares, and protects personal data when you access or use the website at justfill.app and all related services, features, and applications (collectively, the "Service").

This Policy applies to all visitors, registered users, and anyone who interacts with the Service, regardless of location. Where the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK General Data Protection Regulation ("UK GDPR"), the California Consumer Privacy Act / California Privacy Rights Act ("CCPA/CPRA"), the Virginia Consumer Data Protection Act ("VCDPA"), the Colorado Privacy Act ("CPA"), the Connecticut Data Privacy Act ("CTDPA"), the Brazilian General Data Protection Law ("LGPD"), the Canadian Personal Information Protection and Electronic Documents Act ("PIPEDA"), or similar data protection legislation applies, this Policy is intended to satisfy the applicable transparency requirements, including Articles 13 and 14 GDPR. This Privacy Policy satisfies the requirements of GDPR Articles 13 and 14 with respect to data we collect directly from you and data relating to our registered users. With respect to personal data of third parties contained in documents uploaded by our users (“document subjects”), the uploading user — as data controller — bears the notification obligation under Art. 14. JustFill's role and safeguards for document content are described in Section 8.

By accessing or using the Service, you acknowledge that you have read this Policy. If you do not agree with the processing described in this Policy for which your consent is not required, your sole remedy is to discontinue use of the Service. Where processing requires your consent, we will seek it separately through explicit mechanisms (such as cookie consent or opt-in forms), and you may withdraw such consent at any time without affecting your ability to use the Service for processing that does not require consent.

Important: This Policy forms part of the Terms of Service. Capitalized terms not defined herein have the meanings given in the Terms of Service.

2. Data Controller

The data controller responsible for the processing of your personal data under this Policy is:

NeuroCodeLab Maciej Śnieżyński

ul. Franciszka Klimczaka 13 lok. 102, 02-797 Warszawa, Poland

Tax ID (NIP): 7123295462

Business Registry: CEIDG, REGON: 361253253

Email: hello@justfill.app

Legal inquiries: hello@justfill.app

The Controller determines the purposes and means of processing personal data in connection with the Service.

3. Data Protection Principles

In accordance with Article 5 GDPR, we are committed to processing your personal data in line with the following principles:

Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and in a transparent manner, as described in this Policy.
Purpose limitation: We collect personal data only for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
Data minimisation: We limit personal data collection to what is adequate, relevant, and necessary for the purposes for which it is processed.
Accuracy: We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date. You may rectify your data at any time (see Section 15.2).
Storage limitation: We retain personal data only for as long as necessary for the purposes of processing, or as required by applicable law (see Section 10).
Integrity and confidentiality: We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage (see Section 17).
Accountability: We are responsible for and able to demonstrate compliance with the above principles.

4. Data Protection Officer

Given the nature and scale of our processing activities, JustFill is not required under Article 37 GDPR to appoint a Data Protection Officer (DPO). We do not carry out large-scale systematic monitoring of individuals, nor do we engage in large-scale processing of special categories of data as a core activity.

Notwithstanding the above, all data protection inquiries, requests to exercise your rights, and privacy-related complaints should be directed to:

Privacy Team
Email: hello@justfill.app

We endeavor to respond to all privacy inquiries within one month. If we require additional time, we will notify you of the extension and the reasons for it, in accordance with Article 12(3) GDPR.

5. Information We Collect

We collect and process the following categories of personal data. The specific data collected depends on how you interact with the Service:

5.1 Account and Registration Data

Email address (required for account creation)
Hashed password (bcrypt; we never store plaintext passwords)
Account creation and verification timestamps
Subscription tier and billing plan identifiers

5.2 Billing and Payment Data

Stripe customer ID and subscription ID
Name and billing address (as provided to Stripe during payment)
Subscription status, tier, and billing cycle dates
Invoice history and payment amounts
Dispute and payment status information received via Stripe webhooks

We do not collect, store, or have access to your full credit card number, CVV, or bank account details. All payment card data is processed exclusively by Stripe in accordance with PCI DSS Level 1 standards.

5.3 Document and Content Data

PDF documents and images uploaded for AI processing
Text data, structured data (JSON), or other input provided for form filling
Generated output documents (filled PDFs) produced by the Service
Saved templates ("calibrations"): field coordinates, labels, and structural metadata
Document content hashes (SHA-256, truncated) used to match templates
Audio data provided through the speech-to-text dictation feature: audio is streamed to the server in real-time for transcription and is not stored after the transcription is complete
Draft sessions: field data, PDF filename, and content hashes saved during active editing sessions
User data snippets: reusable text fragments saved by you for repeated use across documents

5.4 Technical and Usage Data

IP address and approximate geolocation (country/region level)
Browser type, version, and operating system
Referring URL and pages visited within the Service
Timestamps of requests and API calls
AI model selection, token usage counts, and processing duration
Error logs and performance metrics
Feature usage patterns (e.g., which tools are used, frequency of exports)
Device fingerprint hash (derived from IP address and browser information) for session security and fraud prevention. As a security measure, sessions may be invalidated if your IP address or browser characteristics change significantly between requests.

5.5 Communication Data

Email correspondence with our support or privacy team
Feedback, bug reports, or feature requests you submit

5.6 Cookie and Device Data

Cookie identifiers and consent preferences
Local storage data (authentication tokens, UI preferences)

See Section 13 (Cookies and Tracking Technologies) for complete details.

6. Special Categories of Data

Warning: The Service is a general-purpose document processing tool. You are solely responsible for the content you upload and the data you provide.

JustFill does not intentionally collect or solicit special categories of personal data (also known as "sensitive data") as defined in Article 9 GDPR, including but not limited to data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning a person's sex life or sexual orientation.

If you choose to upload documents containing special categories of data, you do so at your own risk and under your own responsibility. By uploading such documents, you represent and warrant that:

You have a valid legal basis (such as explicit consent from the data subjects or a substantial public interest ground) for processing such data;
You have obtained all necessary authorizations, consents, and approvals required under applicable law;
You accept full responsibility for the lawfulness of uploading and processing such data through the Service.

JustFill shall not be liable for any claims, damages, or regulatory penalties arising from your unauthorized upload of special category data. If you are a business customer processing special category data, you must enter into a Data Processing Agreement with us before processing such data through the Service.

7. Legal Basis for Processing

In accordance with Articles 6 and 13(1)(c) GDPR, we process your personal data on the following legal bases:

Data Category	Legal Basis	Purpose	Retention
Account data (email, password hash)	Contract (Art. 6(1)(b))	Account creation, authentication, service delivery	Duration of account; deleted on account deletion
Uploaded documents (one-time)	Contract (Art. 6(1)(b))	AI-powered document analysis and form filling	Auto-deleted within 24 hours
Saved templates and calibrations	Contract (Art. 6(1)(b))	Reusable form layout storage per user request	Until user deletes or account deletion
Billing and subscription data	Contract (Art. 6(1)(b)) / Legal obligation (Art. 6(1)(c))	Payment processing, invoicing, tax compliance	Active subscription + 5 years from the end of the financial year in which the transaction occurred (Polish tax and accounting law)
Processing, usage, and security logs (IP, request metadata)	Legitimate interest (Art. 6(1)(f))	Security, fraud prevention, abuse detection, service reliability (see Section 9 for Art. 22 analysis of automated fraud detection)	90 days
Analytics and cookie data	Consent (Art. 6(1)(a))	Service improvement, usage analysis	Until consent withdrawn or 13 months
Marketing communications	Consent (Art. 6(1)(a))	Product updates, promotional offers	Until consent withdrawn
Email verification tokens	Contract (Art. 6(1)(b))	Account email verification	Auto-expire and delete within 24 hours
Password reset tokens	Contract (Art. 6(1)(b))	Password recovery	Auto-expire and delete within 1 hour
Speech-to-text audio data	Consent (Art. 6(1)(a)) — speech dictation is an optional convenience feature, not required for core service delivery. Consent is obtained through two complementary mechanisms: (1) the browser microphone permission (a technical prerequisite under the ePrivacy Directive), and (2) the user's affirmative activation of the dictation feature (e.g., clicking the "Dictate" button), which constitutes informed consent under Art. 6(1)(a) GDPR for server-side audio transcription via Google Cloud Speech-to-Text. Users are informed of this processing before first use of the feature. The browser microphone permission is a separate technical prerequisite and does not by itself constitute GDPR consent for server-side processing.	Real-time transcription of dictated text for form filling	Not stored; discarded immediately after transcription
Draft sessions (field data, PDF filename, content hashes)	Contract (Art. 6(1)(b))	Preserving work-in-progress editing state	Until user deletes or account deletion
User data snippets	Contract (Art. 6(1)(b))	Reusable text fragments for repeated form filling	Until user deletes or account deletion
Device identifier (`formfiller_user_id`, `formfiller_user_name`)	Strictly necessary (ePrivacy Directive Art. 5(3))	Associating saved templates and draft sessions with your device for retrieval across browser sessions. These items are set only when you explicitly use account features and are technically necessary for those specific functions. The identifier is generated only when you first save a template or calibration (not on initial page load or when merely viewing the document editor). You can clear this identifier at any time by clearing your browser's localStorage.	Persistent until user clears browser localStorage
Device fingerprint hash (derived from IP address and browser characteristics)	Legitimate interest (Art. 6(1)(f)); strictly necessary for session security under ePrivacy Directive Art. 5(3)	Session security and detection of unauthorized access. The hash is used to validate active sessions and may trigger session invalidation if your IP address or browser characteristics change significantly between requests, protecting you against session hijacking. The hash is not used for tracking or profiling.	Retained for the lifetime of the associated refresh token (7 days); deleted when the session expires or is revoked

Where we rely on legitimate interest as the legal basis for processing, we have conducted a balancing assessment and concluded that our interests do not override your fundamental rights and freedoms, taking into account the nature of the data processed, the purpose of processing, and the safeguards we have implemented. You may request details of these assessments by contacting hello@justfill.app.

Controller vs. Processor roles for user content: When you process your own personal data through the Service (e.g., filling in your own forms), JustFill acts as the data controller under Art. 6(1)(b) (performance of a contract). When you process personal data of third parties (e.g., filling in forms on behalf of clients or employees), JustFill acts as a data processor on your behalf, and the processing is governed by our Data Processing Agreement. This distinction applies to draft sessions, user data snippets, saved templates, and all uploaded document content.

7.1 Statutory or Contractual Requirement

The provision of account data (email address and password) is a contractual requirement necessary to create an account and use the Service. Billing data is required for paid subscription plans. You are not obligated to provide this data, but failure to do so will prevent you from registering for an account or subscribing to a paid plan. Document and content data is provided voluntarily by you to use the core form-filling functionality.

7.2 Legitimate Interest Assessment

Where we rely on legitimate interest (Art. 6(1)(f)), we have conducted a balancing test and determined that our interests do not override your fundamental rights and freedoms. Our legitimate interests include: protecting the security and integrity of the Service, preventing fraud and abuse, detecting and responding to unauthorized access attempts, and ensuring service reliability and performance. These interests are pursued through processing of usage and security logs, which contain only technical metadata (IP addresses, request timestamps, error data) rather than substantive user content. You may request information about the factors considered in our legitimate interest assessment at any time by contacting hello@justfill.app.

8. How We Process Your Documents

Document processing is the core function of the Service. We have implemented the following safeguards to protect your document data:

8.1 Transient (One-Time) Processing

Documents uploaded for one-time processing are transmitted over TLS 1.2+ encrypted connections.
Document images are sent to the Google Gemini AI API for analysis and are processed in volatile memory.
Temporary files created during processing are automatically deleted within 24 hours of processing completion.
Generated output (filled PDFs) is delivered to your browser and is not retained on our servers after delivery.

8.2 Saved Templates and Calibrations

When you explicitly choose to save a template ("calibration"), we store the structural metadata only: field coordinates, labels, font sizes, and document content hashes.
If you choose to store a PDF along with a calibration, the PDF file is encrypted at rest (AES-256) and associated with your account.
Saved templates persist until you delete them or delete your account.

8.3 Encryption Standards

In transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
At rest: All stored data (documents, templates, account information) is encrypted using AES-256 encryption on Google Cloud Platform infrastructure.

8.4 Processing of Third-Party Personal Data

Documents you upload may contain personal data of third parties. Where you process such third-party personal data through the Service, you act as the data controller for that data and JustFill acts as a data processor on your behalf. In such cases, our Data Processing Agreement (available at justfill.app/dpa and summarized in Section 22 of this Policy) governs the processing.

8.5 AI Training Prohibition

We do not use your documents or data to train AI models. Your uploaded documents, input data, and generated outputs are never used for AI model training, fine-tuning, or improvement by JustFill or any of our third-party processors. Google Gemini API (paid tier) does not use API inputs/outputs for model training.

9. AI Processing and Automated Decision-Making

In accordance with Article 22 GDPR, we provide the following transparency regarding AI processing within the Service:

9.1 Nature of AI Processing

The Service uses Google Gemini AI to analyze uploaded document images and determine the location, type, and content of form fields. The AI:

Receives a rendered image of your PDF document and the text data you provide;
Identifies form field locations (bounding boxes) in the document;
Maps your provided data to the detected fields;
Returns structured output (field coordinates and values) to the Service.

9.2 Human Review Guarantee

AI processing within JustFill does not constitute solely automated decision-making that produces legal effects or similarly significant effects on you within the meaning of Article 22(1) GDPR. Specifically:

All AI-generated results are presented to you in an interactive preview before any final document is produced.
You have full ability to review, edit, correct, add, remove, reposition, and override every field placement and value.
No final document is generated or downloaded without your explicit action.
The Service does not make any decisions about your legal rights, employment, credit, or any other matter of legal significance.

9.3 Data Protection Impact Assessment

We have conducted a Data Protection Impact Assessment (DPIA) for our core AI document analysis functionality, assessing the risks associated with processing document content through the Google Gemini API. This DPIA was last reviewed in March 2026.

9.3.1 Article 22 Analysis — Automated Fraud Detection

In addition to AI-powered document processing, the Service performs automated analysis of usage patterns (e.g., request frequency, IP address anomalies) for fraud prevention and abuse detection purposes. In accordance with Article 22 GDPR, we confirm that this automated analysis does not result in decisions that produce legal effects or similarly significant effects on you. Specifically, automated pattern analysis may trigger rate limiting or temporary session alerts, but no account suspension or termination is enacted without human review. You have the right to object to this processing under Article 21 GDPR (see Section 15.6).

9.4 AI Accuracy Disclaimer

AI-generated results are provided on an "as-is" basis. While we strive for accuracy, AI outputs may contain errors, omissions, or inaccuracies. You are solely responsible for reviewing and verifying all AI-generated field placements and values before producing a final document. JustFill disclaims all liability for errors in AI-generated output to the maximum extent permitted by applicable law.

10. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. The following table summarizes our retention periods:

Data Category	Retention Period	Deletion Trigger
Uploaded documents (one-time processing)	Maximum 24 hours	Automatic after processing completion
Generated output documents	Not retained	Delivered to browser and discarded
Saved templates / calibrations	Until user deletes	User action or account deletion
Stored PDF files (with calibrations)	Until user deletes	User action or account deletion
Draft sessions (field data, PDF filename, content hashes)	Until user deletes	User action or account deletion
User data snippets	Until user deletes	User action or account deletion
Account data (email, password hash)	Duration of account	Initiated immediately upon request, with complete deletion within 30 calendar days
Email verification tokens	Maximum 24 hours	Automatic expiration
Password reset tokens	Maximum 1 hour	Automatic expiration
Processing, usage, and security logs	90 days (rolling)	Automatic rotation
Billing records (personal data: name, email, billing address)	Duration of account; deleted within 30 days of account deletion	Deleted upon account deletion request
Anonymized financial records (transaction amounts, dates, invoice numbers — personal identifiers removed)	5 years from the end of the financial year in which the transaction occurred	Legal retention obligation (Ordynacja podatkowa Art. 86, Ustawa o rachunkowości Art. 74)
Cookie consent preferences	13 months or until reset	Automatic expiration or user reset
Support correspondence	3 years after resolution	Automatic deletion

Upon account deletion, we initiate a cascading deletion of all associated data (account information, saved templates, stored PDFs, draft sessions, user data snippets, and usage credits). Deletion is initiated immediately upon your request, with complete removal of all personal data within 30 calendar days. When you delete your account, billing records containing personal data (your name, email, billing address) are deleted from our systems. Separately, anonymized financial records — limited to transaction amounts, dates, and invoice numbers, with all personal identifiers removed — may be retained for up to 5 years from the end of the financial year in which the transaction occurred, solely to satisfy statutory obligations under Polish law (Ordynacja podatkowa Art. 86, Ustawa o rachunkowości Art. 74). These anonymized records cannot be linked back to your identity and are kept independently of your user account. Please note that pseudonymous identifiers (such as Stripe customer IDs and subscription IDs) may persist in Stripe's systems in accordance with Stripe's own data retention policy, which is governed by Stripe's DPA and privacy policy. We request deletion from Stripe upon account deletion, but Stripe may retain certain records as required by applicable law or its own compliance obligations.

11. Third-Party Processors (Sub-Processors)

We engage the following third-party data processors to deliver the Service. Each processor is bound by a Data Processing Agreement (DPA) or equivalent contractual safeguards:

Processor	Purpose	Data Shared	Location	DPA / Privacy
Google Cloud Platform	Infrastructure hosting (compute, database, storage). Google Cloud Platform may independently retain certain infrastructure access logs and audit trails in accordance with its own data processing terms. These logs are subject to Google's retention policies, which may differ from our application-level retention periods stated in Section 10.	All service data (encrypted at rest)	EU (Frankfurt / Warsaw)	GCP Data Processing Terms
Google AI Services (Gemini AI)	AI-powered document analysis and form field detection	Document images, user-provided text data	EU (europe-west region, configured for EU data residency); US processing may occur for certain AI model features. In the event that processing outside the EEA is required, such transfers are covered by Standard Contractual Clauses (Module 2: Controller-to-Processor and Module 3: Processor-to-Sub-processor) incorporated into Google Cloud's Data Processing Terms. The applicable SCC Module depends on JustFill's role: Module 2 when JustFill acts as independent controller, Module 3 when JustFill acts as processor on behalf of a business customer under a Data Processing Agreement. We have conducted a Transfer Impact Assessment (TIA) for these transfers (last conducted in March 2026).	Gemini API Terms
Google Cloud Vision API	Document text recognition (OCR) for detecting text content in uploaded document images	Document images	EU (europe-west region); US processing may occur. Transfers outside the EEA are covered by Standard Contractual Clauses (Module 2: Controller-to-Processor and Module 3: Processor-to-Sub-processor) incorporated into Google Cloud's Data Processing Terms. The applicable SCC Module depends on JustFill's role: Module 2 when JustFill acts as independent controller, Module 3 when JustFill acts as processor on behalf of a business customer under a Data Processing Agreement.	GCP Data Processing Terms
Google Cloud Speech-to-Text API	Speech-to-text transcription for the form dictation feature. Audio is streamed in real-time and is not stored after transcription is complete.	Audio data (voice recordings for dictation)	EU (europe-west region); US processing may occur. Transfers outside the EEA are covered by Standard Contractual Clauses (Module 2: Controller-to-Processor and Module 3: Processor-to-Sub-processor) incorporated into Google Cloud's Data Processing Terms. The applicable SCC Module depends on JustFill's role: Module 2 when JustFill acts as independent controller, Module 3 when JustFill acts as processor on behalf of a business customer under a Data Processing Agreement.	GCP Data Processing Terms
Stripe, Inc.	Payment processing and subscription management	Email address, user identifier, and subscription tier (sent by JustFill); name, billing address, and payment method details (collected directly by Stripe during checkout)	US / EU	Stripe Privacy Policy \| Stripe DPA
Hostinger International Ltd	Transactional email delivery (account verification, password reset, account and billing notifications); DNS management and domain services	Email address, email content	EU (Lithuania)	Intra-EU processing. Governed by Hostinger's Data Processing Agreement and Privacy Policy. Hostinger DPA \| Hostinger Privacy Policy

We do not use OpenAI, Anthropic, or any other non-Google AI provider for document processing. Only Google AI services are used — Gemini API for document analysis, Cloud Vision API for OCR where applicable, and Cloud Speech-to-Text API for voice dictation where applicable — all via paid API tiers that do not use inputs/outputs for model training.

We will notify you of any material changes to our sub-processors by updating this Policy and, where required, by email notification. We will provide at least 14 calendar days' notice before a new sub-processor begins processing your data. In cases of critical security incidents requiring emergency sub-processor engagement, notice will be given as soon as practicable, in accordance with the Data Processing Agreement. If you object to a new sub-processor, you may terminate your account without penalty.

11.1 Independent Controllers

The following third-party service operates as an independent data controller for the data it processes and is not a sub-processor under our Data Processing Agreement. This means the third party determines its own purposes and means of processing for the data it receives:

Service Provider	Purpose	Data Shared	Location	Transfer Mechanism / Privacy
Google LLC (Google Analytics)	Web analytics (activated by default; you may opt out via Cookie Settings). Google Analytics operates as an independent controller for the analytics data it processes.	Anonymized usage data, truncated IP address, device/browser information, page views	United States and EU	EU-US Data Privacy Framework, Standard Contractual Clauses (Module 1: Controller-to-Controller). Google Privacy Policy
Meta Platforms, Inc. (Meta Pixel)	Advertising measurement and retargeting (activated on page load). Meta operates as an independent controller for the data it receives via the Meta Pixel.	Page views, browser/device information, IP address, cookie identifiers (_fbp, _fbc), referral URL	United States and EU	EU-US Data Privacy Framework, Standard Contractual Clauses (Module 1: Controller-to-Controller). Meta Privacy Policy

12. International Data Transfers

Our primary infrastructure is hosted on Google Cloud Platform in the European Union (Frankfurt, Germany and Warsaw, Poland). However, certain processing activities may involve transfers of personal data outside the European Economic Area (EEA):

12.1 Transfers to the United States

Google Gemini AI, Cloud Vision API, and Cloud Speech-to-Text: Document images, text data, and audio data may be processed by Google's infrastructure, which may include servers in the United States. These transfers are governed by the EU-US Data Privacy Framework (DPF) and Google's Standard Contractual Clauses (SCCs) as approved by the European Commission. Module 2 (Controller-to-Processor) applies for transfers where Google acts as our processor, and Module 3 (Processor-to-Sub-processor) applies for any onward sub-processor transfers.
Stripe: Payment data may be processed in the United States. Stripe is certified under the EU-US Data Privacy Framework and utilizes SCCs (Module 2: Controller-to-Processor) for international transfers.

If the EU-US Data Privacy Framework is invalidated, we will rely solely on Standard Contractual Clauses and supplementary technical measures.

SCC Module selection: The applicable SCC module for Google transfers depends on the role JustFill plays in a given processing activity. Module 2 (Controller-to-Processor) applies when JustFill acts as a Controller for individual users processing their own data. Module 3 (Processor-to-Sub-processor) applies when JustFill acts as a Processor on behalf of a business customer (Controller) under our Data Processing Agreement, and Google acts as a sub-processor. Both modules are incorporated into Google Cloud's Data Processing Terms.

12.2 Safeguards

For all international data transfers, we ensure that at least one of the following safeguards is in place, in accordance with Chapter V GDPR:

An adequacy decision by the European Commission (Art. 45 GDPR);
Standard Contractual Clauses (SCCs) adopted by the European Commission (Art. 46(2)(c) GDPR) — specifically Module 2 (Controller-to-Processor) for transfers to our processors, and Module 3 (Processor-to-Sub-processor) for onward sub-processor transfers;
The EU-US Data Privacy Framework (DPF), which constitutes an adequacy decision by the European Commission under Art. 45 GDPR. Standard Contractual Clauses (SCCs) are maintained as a fallback mechanism and will be relied upon in the event that the DPF is invalidated;
Your explicit consent, where applicable and after informing you of the risks (Art. 49(1)(a) GDPR). Art. 49 derogations are used only as a last resort when none of the above safeguards (adequacy decisions, SCCs, or certification mechanisms) are available, and are not relied upon for routine or systematic transfers.

You may request a copy of the applicable safeguards by contacting hello@justfill.app.

13. Cookies and Tracking Technologies

The Service uses cookies and similar browser storage technologies. Browser localStorage is subject to the same rules as cookies under the ePrivacy Directive (2002/58/EC) and Art. 173 of the Polish Telecommunications Law (Prawo telekomunikacyjne), as it constitutes information stored on and accessed from a user's terminal equipment. We categorize these as follows:

13.1 Essential Cookies (Always Active)

These cookies are strictly necessary for the operation of the Service. They do not require your consent under the ePrivacy Directive.

Name / Key	Purpose	Duration	Type
access_token	JWT authentication token for session management	30 minutes	First-party httpOnly, Secure, SameSite=Strict HTTP cookie
refresh_token	Maintains authenticated session across page reloads	7 days	First-party httpOnly, Secure, SameSite=Strict HTTP cookie
cookie_consent	Records your cookie consent preferences	13 months (auto-expires)	First-party localStorage
calibration_*	Offline fallback storage for saved templates (used only when API is unavailable). These entries persist in browser storage until you clear your browser's local storage or uninstall the application. They are not automatically deleted upon account deletion from the server.	Persistent	First-party localStorage
__stripe_mid	Stripe fraud prevention identifier. Set only when you interact with payment functionality.	1 year	Third-party cookie (Stripe, strictly necessary for payment processing; set only in connection with payment-related functionality explicitly initiated by the user)
__stripe_sid	Stripe session management identifier. Set only when you interact with payment functionality.	30 minutes	Third-party cookie (Stripe, strictly necessary for payment processing; set only in connection with payment-related functionality explicitly initiated by the user)

When you access billing-related pages, your browser loads JavaScript from js.stripe.com, which transmits your IP address to Stripe, Inc. This is required for the payment interface to function and occurs only on billing-related pages.

13.1.1 Functional Cookies (Always Active)

These cookies support specific features of the Service such as calibration ownership, user preferences, and UI state. They do not require consent under the ePrivacy Directive as they are necessary for functionality explicitly requested by the user, but they are distinct from the authentication cookies above.

Name / Key	Purpose	Duration	Type
formfiller_user_id	Persistent user identifier (UUID) for calibration ownership. This identifier is generated only when you first save a template or calibration (not on initial page load or when merely viewing the document editor).	Persistent	First-party localStorage
formfiller_user_name	User display name preference. Set only upon explicit user interaction.	Persistent	First-party localStorage
dictation-lang	Speech recognition language preference	Persistent	First-party localStorage
onboarding_completed	Onboarding tour completion state. Set only upon explicit user interaction (completing the onboarding tour).	Persistent	First-party localStorage
rightPanelWidth	UI panel width preference. Set only upon explicit user interaction (resizing the panel).	Persistent	First-party localStorage

Legacy tokens: Previous versions of the Service used localStorage-based authentication tokens. These legacy tokens are automatically detected and removed by the application when encountered, and are replaced with the secure httpOnly cookie-based authentication described above.

13.2 Analytics

We use Google Analytics 4 (GA4), a web analytics service provided by Google LLC. Google Analytics uses cookies to help us understand how visitors use the Service. The information generated by the cookie about your use of the website is transmitted to and stored by Google on servers in the United States.

We use Google Analytics 4, which automatically truncates IP addresses before storage. We have configured our Google Analytics property to restrict data sharing with Google and have disabled Google Signals cross-device tracking.

Google Analytics is activated by default when you visit the Service. You can opt out at any time by clicking “Cookie Settings” in the page footer or application sidebar and disabling the Analytics toggle. When you opt out, analytics cookies are immediately deleted and no further data is collected. As a fallback safeguard, in rare cases where browser storage restrictions prevent instant removal, any residual cookies are cleared automatically on your next visit to the Service.

Cookie Name	Purpose	Duration	Provider
_ga	Distinguishes unique visitors. Note: While the _ga cookie has a technical lifespan of 2 years as set by Google, our consent mechanism expires after 13 months. We cannot technically shorten the browser-level lifespan of cookies set by Google Analytics. However, upon consent expiry, the analytics script is not loaded and the cookies serve no purpose until new consent is obtained. When consent expires, analytics cookies are cleared on your next visit. Between consent expiry and your next visit, no analytics scripts are active on the Service, so the cookie is not read by the Service's tracking code.	2 years	First-party cookie (set by Google Analytics code on justfill.app domain)
_ga_M9G27XDDWN	Used by GA4 for cross-session tracking: maintains a session counter and identifies returning visitors across browsing sessions	2 years	First-party cookie (set by Google Analytics code on justfill.app domain)
_gid	Distinguishes visitors within a 24-hour period	24 hours	First-party cookie (set by Google Analytics code on justfill.app domain)
_gat	Rate-limiting cookie used by Google Analytics to throttle the rate of requests sent to Google's collection servers. Note: This cookie may not always be set, depending on the version and configuration of Google Analytics in use.	1 minute	First-party cookie (set by Google Analytics)

For more information, visit Google Privacy Policy.

13.3 Marketing Cookies

The Service uses the Meta Pixel (formerly Facebook Pixel), provided by Meta Platforms, Inc., for advertising measurement, conversion tracking, and building audiences for ad retargeting. The Meta Pixel loads on every page and sends page-view events to Meta. Meta operates as an independent data controller for the data it receives.

You can manage your marketing cookie preferences via the "Cookie Settings" link in the page footer or application sidebar. When you withdraw marketing consent, the _fbp and _fbc cookies are immediately deleted. You can also opt out of Meta's interest-based advertising at Meta Ad Preferences.

Cookie Name	Purpose	Retention	Type
_fbp	Identifies the browser for ad delivery and measurement across visits. Used by Meta to deliver targeted advertisements on Facebook and other Meta platforms.	90 days	First-party cookie (set by Meta Pixel code on justfill.app domain)
_fbc	Stores the last Facebook click identifier (fbclid) when a user arrives at the Service from a Facebook ad. Used for conversion attribution.	90 days	First-party cookie (set by Meta Pixel code on justfill.app domain)

For more information, visit Meta Privacy Policy.

13.4 Managing Cookies

You can manage your cookie preferences in the following ways:

Cookie banner: When you first visit the Service, a cookie consent banner allows you to accept or reject non-essential cookies. You can change your cookie preferences at any time using the "Cookie Settings" link available in the page footer or application sidebar. This will re-display the consent banner, allowing you to modify your choices. You may also clear your browser's local storage for justfill.app to reset all preferences.
Browser settings: Most browsers allow you to block or delete cookies through their settings. Note that blocking essential cookies may prevent the Service from functioning correctly.

Rejecting non-essential cookies will not affect the core functionality of JustFill. You will still be able to use all document processing features.

13.5 Do Not Track and Global Privacy Control Signals

Some browsers transmit a "Do Not Track" (DNT) signal to websites. There is currently no universally accepted standard for how websites should respond to DNT signals. JustFill does not currently respond to DNT signals. However, you can control tracking through our cookie consent mechanism as described above: if you reject analytics and marketing cookies, no optional tracking technologies will be activated regardless of your browser's DNT setting.

JustFill is designed to respect Global Privacy Control (GPC) signals. When supported by our implementation, a detected GPC signal is treated as an opt-out of analytics cookies. We recommend also using the cookie consent controls described above to manage your preferences directly.

14. Data Sharing

We do not sell, rent, lease, or trade your personal data to any third party for their own marketing or commercial purposes.

We may share your personal data only in the following limited circumstances:

Third-party processors: As described in Section 11, with processors who assist in delivering the Service, under appropriate contractual safeguards.
Legal requirements: Where we are required to disclose data by applicable law, regulation, legal process, or enforceable governmental request.
Protection of rights: Where disclosure is necessary to protect the rights, property, or safety of JustFill, our users, or the public, including to enforce our Terms of Service, prevent fraud, or respond to an emergency.
Business transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the successor entity. We will notify you promptly, and in any event within 30 days, of any such transfer taking effect. You may delete your account at any time following such notification.
With your consent: In any other circumstance, we will share your data only with your explicit prior consent.

We do not engage in profiling for advertising purposes or share data with data brokers.

15. Your Rights Under GDPR

If the GDPR or UK GDPR applies to you, you have the following rights with respect to your personal data. These rights are not absolute and may be subject to legal limitations:

15.1 Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data along with information about the processing. Obtaining your complete data requires two separate actions through the Data Export feature in your account settings: (1) a JSON export containing your account data, calibrations, draft sessions, user data snippets, and usage logs; and (2) a ZIP archive download containing your stored PDF documents. Together, these two exports include all personal data associated with your account. As a technical safeguard against abuse, each endpoint is independently rate-limited to 3 requests per day. If you need additional exports beyond these limits, contact hello@justfill.app and we will provide them without undue delay.

15.2 Right to Rectification (Art. 16 GDPR)

You have the right to request correction of inaccurate personal data. You can update your account information directly through the Service. For data that cannot be self-corrected, contact hello@justfill.app.

15.3 Right to Erasure (Art. 17 GDPR)

You have the right to request deletion of your personal data ("Right to be Forgotten"). You can delete your account through your account settings, which initiates a cascading deletion of all associated data (account information, saved templates, stored PDFs, draft sessions, user data snippets, and usage credits). Deletion is initiated immediately upon your request, with complete removal of all personal data within 30 calendar days. Separate accounting records required by tax law are maintained independently of your user account (see Section 10).

15.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request restriction of processing in certain circumstances, including: (a) when you contest the accuracy of your data, for a period enabling us to verify accuracy; (b) when the processing is unlawful and you oppose erasure; (c) when we no longer need the data but you require it for legal claims; or (d) when you have objected to processing under Article 21(1) pending verification of our legitimate grounds. While processing is restricted, we will only store the data and will not process it further without your consent, except for legal claims or the protection of rights of others. Contact hello@justfill.app to exercise this right.

15.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller. Use the Data Export feature in your account settings to download your data. Complete portability requires two separate actions: (1) a JSON export of your account data, calibrations, draft sessions, user data snippets, and usage information; and (2) a ZIP archive download of your stored PDF documents. Each endpoint is independently rate-limited to 3 requests per day. If you require a different machine-readable format, please contact hello@justfill.app. Where technically feasible, you may also request that we transmit your data directly to another controller.

15.6 Right to Object (Art. 21 GDPR)

General objection (Art. 21(1)): You have the right to object to processing of your personal data based on legitimate interest (Art. 6(1)(f)). Upon receiving your objection, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

Direct marketing objection (Art. 21(2)): Where your personal data is processed for direct marketing purposes, you have the absolute right to object at any time, without needing to demonstrate any grounds. Upon receiving such an objection, we will immediately cease all processing of your personal data for direct marketing purposes.

15.7 Right Not to Be Subject to Automated Decision-Making (Art. 22 GDPR)

As described in Section 9, the Service does not engage in solely automated decision-making that produces legal effects or similarly significant effects. All AI outputs are subject to your review and approval.

15.8 Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on your consent (e.g., analytics cookies, marketing communications), you have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

Please note that withdrawal of analytics consent stops future data collection but does not automatically delete data already transmitted to Google Analytics. To request deletion of previously collected analytics data, you should exercise your rights directly with Google (as an independent data controller for analytics data) using the tools described in Google's Privacy Policy, including the Google Account data and privacy controls. Upon request, JustFill will delete any analytics records it directly holds.

15.9 Right to Lodge a Complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. In Poland, the competent supervisory authority is UODO (Urząd Ochrony Danych Osobowych). See Section 2 for JustFill contact details and Section 21 for supervisory authority contact details.

15.10 How to Exercise Your Rights

To exercise any of the above rights:

Self-service: Data Export and Account Deletion are available directly in your account settings.
Email: Send a request to hello@justfill.app.

We will respond to your request within one month of receipt. If the request is complex or we receive a large number of requests, we may extend this period by a further two months, in which case we will inform you of the extension within the initial one-month period (Art. 12(3) GDPR). We may request identity verification before processing your request. For self-service data export and account deletion, identity is verified through your authenticated session (requiring your current password). For requests submitted by email, we verify identity by confirming the email address associated with the account and may request additional information where the request circumstances raise doubts about the identity of the requester.

If we decline your request in whole or in part, we will inform you of the reasons and of your right to lodge a complaint with the supervisory authority (see Section 21) and to seek a judicial remedy.

Exercising your rights is free of charge. However, if requests are manifestly unfounded or excessive (particularly if repetitive), we may charge a reasonable fee or refuse to act on the request, in accordance with Article 12(5) GDPR.

16. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under the age of 16. Eligibility requirements for using the Service are set out in Terms of Service Section 2. Age verification at registration relies on self-declaration: by creating an account, you represent that you meet the minimum age requirement. We do not independently verify age at the point of registration.

If we become aware that we have inadvertently collected personal data from an individual under the age of 16, we will take immediate steps to delete that data. If you believe that a child has provided us with personal data, please contact us at hello@justfill.app so we can take appropriate action.

17. Data Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, in accordance with Article 32 GDPR. These measures include, but are not limited to:

17.1 Technical Measures

Encryption in transit: TLS 1.2+ for all data transmissions between clients and servers
Encryption at rest: AES-256 encryption for all stored data on Google Cloud Platform
Password hashing: bcrypt with salt for all user passwords (plaintext never stored)
Token-based authentication: JWT tokens with expiration for session management
Rate limiting: API rate limits to prevent brute-force attacks and abuse
Input sanitization: Server-side validation and sanitization of all user inputs
Secure headers: CORS restrictions, content security policies, and other HTTP security headers
Automatic data deletion: Scheduled cleanup of temporary files and expired tokens
Log sanitization: Sensitive data (passwords, tokens, personal data) is redacted from application logs

17.2 Organizational Measures

Principle of least privilege for infrastructure access
Regular review of access controls and permissions
Secure development practices and code review
Use of managed cloud infrastructure with vendor security certifications (Google Cloud: ISO 27001, SOC 2, SOC 3)

While we take extensive precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly addressing any security incidents in accordance with our breach notification procedures (Section 18).

18. Data Breach Notification

In accordance with Articles 33 and 34 GDPR, we have established the following data breach notification procedures:

18.1 Notification to Supervisory Authority

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the competent supervisory authority (UODO) within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk. If notification is not made within 72 hours, we will provide reasons for the delay.

18.2 Notification to Affected Individuals

Where a data breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. Notification will be made via email to the address associated with your account and, where appropriate, via a prominent notice on the Service.

Breach notifications will include:

The nature of the personal data breach;
The likely consequences of the breach;
The measures taken or proposed to address the breach;
Contact details for our privacy team for further information.

18.3 DPA Breach Notification

Where you have executed a Data Processing Agreement with JustFill, we commit to notifying you of breaches affecting your data within 48 hours of becoming aware, in accordance with the DPA.

18.4 Exceptions

Notification to individuals is not required if: (a) we have implemented appropriate technical protection measures (such as encryption) that render the data unintelligible to unauthorized persons; (b) we have taken subsequent measures that ensure the high risk is no longer likely to materialize; or (c) notification would involve disproportionate effort, in which case a public communication will be made instead (Art. 34(3) GDPR).

19. Marketing Communications

No marketing communications are currently sent. If we introduce marketing emails in the future, we will obtain your explicit opt-in consent before sending any such communications. You may withdraw your consent and unsubscribe from marketing communications at any time by:

Clicking the "unsubscribe" link at the bottom of any marketing email;
Contacting us at hello@justfill.app.

Transactional communications (e.g., account verification, password reset, subscription confirmations, billing notices, and security alerts) are not considered marketing and will be sent regardless of your marketing preferences, as they are necessary for the performance of our contract with you.

20. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes:

Non-material changes: We will update the "Last Updated" date at the top of this Policy. We encourage you to review this Policy periodically.
Material changes: We will provide prominent notice via email to the address associated with your account and via an in-app notification at least 30 calendar days before the changes take effect. Material changes include, but are not limited to: changes to the categories of data collected, new purposes of processing, changes to data sharing practices, or changes to your rights.

Where material changes affect processing based on your consent (such as analytics or marketing), we will always seek your re-consent through an affirmative action (e.g., re-displaying the consent banner or requiring an explicit opt-in) before applying such changes. “Continued use” cannot and does not constitute consent for these processing activities. Your continued use of the Service after the effective date of any updated Policy constitutes acceptance only of changes to processing activities that are not based on consent (e.g., processing based on contract performance or legitimate interest).

21. Complaints and Supervisory Authority

If you believe that our processing of your personal data infringes the GDPR or applicable data protection laws, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR).

The supervisory authority for JustFill is:

UODO -- Urząd Ochrony Danych Osobowych

(Office for Personal Data Protection)

ul. Stawki 2, 00-193 Warszawa, Poland

Phone: +48 22 531 03 00

Website: https://uodo.gov.pl

Email: kancelaria@uodo.gov.pl

We kindly ask that you contact us at hello@justfill.app before lodging a complaint with the supervisory authority, so that we have the opportunity to address your concerns directly. However, this is a request and does not affect your right to lodge a complaint at any time.

22. Data Processing Agreement

If you are a business customer or organization that uses JustFill to process personal data on behalf of your own data subjects (i.e., you act as a data controller and JustFill acts as your data processor), you may be required to enter into a Data Processing Agreement (DPA) under Article 28 GDPR.

Our standard DPA is available at justfill.app/dpa. For questions about the DPA or to request a signed copy, contact hello@justfill.app.

The DPA supplements this Privacy Policy and sets out the specific terms governing JustFill's processing of personal data on your behalf, including technical and organizational measures, sub-processor obligations, and audit rights.

Note: The DPA applies only where you, as a business customer, process third-party personal data through the Service (i.e., you act as data controller and JustFill acts as data processor). For individual consumers processing their own personal data, JustFill acts as the data controller under this Privacy Policy, and the DPA does not apply.

23. User Responsibilities and Disclaimers

23.1 User Responsibility for Uploaded Data

You are solely responsible for the accuracy, legality, and appropriateness of all data and documents you upload to or input into the Service. JustFill processes data strictly as instructed by you and does not independently verify the accuracy, completeness, or lawfulness of the content you provide.

Where you upload documents containing personal data of third parties, you represent and warrant that you have a valid legal basis for processing such data and that your use of the Service complies with all applicable data protection laws. Your responsibilities regarding the lawful processing of third-party personal data, including any applicable user obligations and remedies, are governed by the Terms of Service.

23.2 AI Output Disclaimer

JustFill is not liable for any consequences arising from the use of AI-processed documents, including but not limited to errors in field placement, incorrect data mapping, or omissions. AI-generated output is provided as a draft for your review and does not constitute legal, financial, tax, or professional advice. You must independently verify the accuracy of all AI-generated output before using or submitting any document produced by the Service.

23.3 Limitation on Scope of Processing

JustFill processes personal data only as described in this Policy and as necessary to provide the Service. We do not use personal data for purposes beyond those disclosed herein without your prior consent or another valid legal basis.

23.4 Liability

Liability limitations and disclaimers applicable to the Service, including with respect to data accuracy, AI-generated output, and use of documents produced by the Service, are set forth in our Terms of Service.

23.5 Force Majeure

JustFill shall not be liable for any failure or delay in the performance of its obligations under this Policy to the extent such failure or delay results from circumstances beyond our reasonable control, including but not limited to natural disasters, acts of government, internet or infrastructure failures, cyberattacks, pandemics, or actions of third-party service providers. We will make reasonable efforts to mitigate the effects of any such event and to resume normal operations as soon as practicable. This provision does not affect our mandatory obligations under applicable data protection law, including breach notification requirements (Arts. 33-34 GDPR) and data subject rights response timelines (Art. 12(3) GDPR).

24. Data Protection by Design and by Default

In accordance with Article 25 GDPR, JustFill implements data protection by design and by default. This means:

We design our systems and processes to minimize data collection and processing from the outset, collecting only the data necessary for each specific purpose.
Default settings prioritize privacy — for example, uploaded documents are processed transiently and deleted within 24 hours unless you explicitly choose to save them.
Non-essential cookies and tracking technologies are disabled by default and only activated upon your explicit consent.
We conduct Data Protection Impact Assessments (DPIAs) where processing is likely to result in a high risk to the rights and freedoms of individuals, as required by Article 35 GDPR. In particular, we have completed a DPIA for our core AI document analysis functionality (see Section 9.3), last reviewed in March 2026.
We maintain records of processing activities as required by Article 30 GDPR, which are available to the supervisory authority upon request.

25. Information for California Residents (CCPA/CPRA)

If you are a resident of California, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information. This section supplements the information in this Policy.

25.1 Categories of Personal Information

In the preceding 12 months, we have collected the categories of personal information described in Section 5 of this Policy, including identifiers (email address), commercial information (subscription and billing data), internet activity (usage logs, cookies), and content you provide (uploaded documents and form data).

25.2 Your California Privacy Rights

As a California resident, you have the right to:

Know and Access: Request disclosure of the categories and specific pieces of personal information we have collected about you.
Delete: Request deletion of your personal information, subject to certain legal exceptions.
Correct: Request correction of inaccurate personal information.
Non-discrimination: You will not receive discriminatory treatment for exercising your privacy rights.
Opt-Out of Automated Decision-Making: You have the right to opt out of automated decision-making technology. JustFill does not engage in automated decision-making that produces legal or similarly significant effects.

25.3 No Sale or Sharing of Personal Information

JustFill does not sell or share your personal information as defined under the CCPA/CPRA. We have not sold personal information in the preceding 12 months. We do not share your personal information for cross-context behavioral advertising purposes.

25.4 Exercising Your Rights

To exercise your California privacy rights, contact us at hello@justfill.app. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

26. Information for United Kingdom Residents

If you are located in the United Kingdom, the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018 apply to our processing of your personal data. The rights and protections described in this Policy (including the rights in Section 15) apply equally under the UK GDPR.

For international data transfers from the UK, we rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, as applicable. References to "GDPR" in this Policy include the UK GDPR where the context requires.

If you wish to lodge a complaint, you may contact the UK Information Commissioner's Office (ICO):

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

Website: https://ico.org.uk

27. Information for Residents of Virginia, Colorado, Connecticut, and Other US States

If you are a resident of a US state with comprehensive privacy legislation — including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), or other states with similar laws — you may have additional rights regarding your personal data. This section supplements the information in this Policy.

27.1 Your Rights Under State Privacy Laws

Depending on your state, you may have the right to:

Access: Confirm whether we are processing your personal data and obtain a copy of that data.
Correction: Request correction of inaccurate personal data.
Deletion: Request deletion of your personal data, subject to certain legal exceptions (e.g., legal obligations, fraud prevention).
Data Portability: Obtain your personal data in a portable, readily usable format (JSON export and ZIP archive available in your account settings).
Opt-Out of Sale / Targeted Advertising: JustFill does not sell your personal data or use it for targeted advertising as defined under any state privacy law. Therefore, there is no need to opt out.
Opt-Out of Profiling: JustFill does not engage in profiling that produces legal or similarly significant effects on consumers.
Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights.

27.2 Appeal Process

If we decline to take action on your request, you have the right to appeal our decision. To appeal, contact us at hello@justfill.app with the subject line "Privacy Rights Appeal." We will respond to your appeal within 45 days (or the period required by your state law). If your appeal is denied, you may contact your state's Attorney General to submit a complaint.

27.3 Sensitive Data

Under several US state privacy laws, certain categories of data are considered "sensitive" (e.g., racial or ethnic origin, religious beliefs, health data, precise geolocation, biometric data). JustFill does not intentionally collect sensitive data. If you upload documents containing sensitive data, you do so at your own risk and assume full responsibility for compliance with applicable laws (see Section 6 of this Policy).

27.4 Data Protection Assessments

Where required by applicable state law (e.g., VCDPA Section 59.1-584, CPA Section 6-1-1309), JustFill conducts and documents data protection assessments for processing activities that present a heightened risk of harm to consumers, including processing for targeted advertising, sale of personal data, profiling, processing of sensitive data, and any processing that presents a reasonably foreseeable risk of unfair or deceptive treatment, financial injury, physical injury, or intrusion on solitude or seclusion.

28. Information for Brazilian Residents (LGPD)

If you are located in Brazil, the Lei Geral de Proteção de Dados ("LGPD," Law No. 13.709/2018) provides you with specific rights regarding your personal data. This section supplements the information in this Policy.

28.1 Legal Basis for Processing

Under the LGPD, we process your personal data based on the following legal grounds (Article 7):

Performance of a contract (Art. 7, V): Processing your documents and providing the form-filling service as part of our contractual obligations.
Legitimate interest (Art. 7, IX) / Consent (Art. 7, I): Analytics and marketing cookies are activated by default. You may opt out at any time via Cookie Settings without affecting the lawfulness of prior processing.
Legitimate interest (Art. 7, IX): For security monitoring, fraud prevention, and service improvement, provided these interests do not override your fundamental rights and freedoms.
Compliance with legal or regulatory obligation (Art. 7, II): For retention of billing records as required by applicable tax and financial regulations.

28.2 Your Rights Under the LGPD

As a data subject under the LGPD (Article 18), you have the right to:

Confirmation and Access (Art. 18, I-II): Confirm the existence of processing and access your personal data.
Correction (Art. 18, III): Request correction of incomplete, inaccurate, or outdated data.
Anonymization, Blocking, or Deletion (Art. 18, IV): Request anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in non-compliance with the LGPD.
Portability (Art. 18, V): Request portability of your data to another service provider. Data export is available in your account settings (JSON and ZIP formats).
Deletion (Art. 18, VI): Request deletion of personal data processed with your consent.
Information on Sharing (Art. 18, VII): Obtain information about public and private entities with which we share your data (see Section 14 of this Policy).
Information on Consent (Art. 18, VIII): Obtain information about the possibility of denying consent and the consequences thereof.
Revocation of Consent (Art. 18, IX): Revoke your consent at any time via account settings or by contacting us.

28.3 International Data Transfers

Your personal data may be transferred to countries outside Brazil for processing (see Section 12). Such transfers are conducted in accordance with LGPD Article 33, relying on one or more of the following mechanisms: (a) countries or international organizations providing an adequate level of protection (Art. 33, I); (b) standard contractual clauses (Art. 33, II); (c) specific contractual clauses for a given transfer (Art. 33, III); or (d) your specific and prominent consent to the transfer (Art. 33, VIII).

28.4 Encarregado de Dados Pessoais

In accordance with Article 41 of the LGPD, we designate the following contact point as our Encarregado de Dados Pessoais for LGPD purposes. Note: this is distinct from the GDPR Data Protection Officer role referenced in Section 4; JustFill is not required to appoint a DPO under the GDPR.

Encarregado de Dados Pessoais Contact: hello@justfill.app

We will respond to your request within 15 business days, as required by LGPD regulations.

28.5 Supervisory Authority

You have the right to file a complaint with the Brazilian National Data Protection Authority (ANPD):

Autoridade Nacional de Proteção de Dados (ANPD)

Website: https://www.gov.br/anpd

29. Information for Canadian Residents (PIPEDA)

If you are located in Canada, the Personal Information Protection and Electronic Documents Act ("PIPEDA") and applicable provincial privacy legislation (such as Quebec's Act respecting the protection of personal information in the private sector, "Law 25") govern our collection, use, and disclosure of your personal information. This section supplements the information in this Policy.

29.1 Consent

Under PIPEDA, we collect, use, and disclose your personal information with your knowledge and consent, except where permitted or required by law. By using JustFill, you provide implied consent to the collection, use, and disclosure of your personal information for purposes that are essential to providing the Service (such as account management, document processing, payment processing, and security). For non-essential processing activities (such as optional features like speech dictation), we obtain your express consent through separate affirmative opt-in mechanisms before any such processing occurs. Analytics and marketing cookies are activated by default under implied consent; you may opt out at any time via Cookie Settings. You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice, by contacting us at hello@justfill.app. We will inform you of the implications of withdrawing consent.

29.2 Your Rights Under PIPEDA

JustFill is accountable for the personal information under its control (PIPEDA Principle 4.1). As a Canadian resident, you have the right to:

Access: Request access to the personal information we hold about you and information about how it has been used and disclosed. We will respond within 30 calendar days.
Correction: Request correction of inaccurate or incomplete personal information.
Challenge accuracy: Challenge the accuracy and completeness of your personal information and have it amended as appropriate.
Withdrawal of Consent: Withdraw consent to the collection, use, or disclosure of your personal information, subject to legal or contractual obligations. We will inform you of the implications of withdrawing consent.
Complaint: File a complaint with JustFill or with the Office of the Privacy Commissioner of Canada. To file a complaint with the Privacy Commissioner, visit https://www.priv.gc.ca/en/report-a-concern/.

29.3 Cross-Border Transfers

Your personal information may be transferred to, stored, and processed in countries outside Canada, including within the European Union and the United States (see Section 12). In accordance with PIPEDA Principle 4.1.3, we use contractual and other means to ensure that your personal information receives a comparable level of protection while being processed outside Canada. By using our Service, you acknowledge that your personal information may be processed in jurisdictions with different privacy laws than Canada.

29.4 Quebec Residents (Law 25)

If you are a resident of Quebec, you have additional rights under the Act respecting the protection of personal information in the private sector (as amended by Law 25), including:

Right to data portability: You may request that your personal information be communicated to you or to another organization in a structured, commonly used technological format (JSON and ZIP exports available in account settings).
Right to de-indexing: You may request that links to your personal information be de-indexed where dissemination contravenes the law or a court order.
Automated decision-making: You have the right to be informed when your personal information is used to render a decision based exclusively on automated processing and to submit observations (see Section 9 of this Policy).

Before transferring personal information outside Quebec, we conduct a privacy impact assessment to ensure adequate protection, as required by Law 25.

29.5 Supervisory Authority

You have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC):

Office of the Privacy Commissioner of Canada (OPC)

30 Victoria Street, Gatineau, Quebec K1A 1H3, Canada

Toll-free: 1-800-282-1376

Website: https://www.priv.gc.ca

For Quebec residents, you may also contact the Commission d'accès à l'information du Québec (CAI) at https://www.cai.gouv.qc.ca.

30. Severability

If any provision of this Policy is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect.

31. Language

This Privacy Policy is provided in English. If required by applicable law, a translation may be made available upon request to hello@justfill.app.

32. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

NeuroCodeLab Maciej Śnieżyński

ul. Franciszka Klimczaka 13 lok. 102, 02-797 Warszawa, Poland

NIP: 7123295462 | CEIDG, REGON: 361253253

General privacy inquiries: hello@justfill.app

Legal and DPA inquiries: hello@justfill.app

We aim to respond to all inquiries within 30 calendar days. For urgent data protection matters (e.g., suspected data breaches), please include "URGENT" in your email subject line.