1. Data Controller
The Data Controller is:
Fylle S.r.l.
Registered office: Via Bovisasca 85, 20157 Milan (MI), Italy
VAT / Tax Code: 14005600961
REA: MI-2756135
Email: contact@fylle.ai
PEC: fyllesrl@pec.it
2. Scope
This policy applies to the public Fylle website, including pages, journal content, demo request forms, newsletter subscription forms, and cookie or tracking technologies active on the site.
The policy does not govern the processing of data inside future authenticated product areas, customer workspaces, Fylle Platform features, Lehve, or third-party services reached through external links.
3. Personal Data We Process
- Contact and demo request data: name, work email, company, role, message, source page, and any information voluntarily submitted through a form.
- Newsletter data: email address and subscription status, including double opt-in information where enabled.
- Navigation and technical data: IP address, browser, device, operating system, pages visited, timestamps, referrer, and technical logs needed to deliver and secure the website.
- Cookie and tracking data: consent choices, analytics identifiers, advertising identifiers, and campaign measurement signals, where enabled by consent.
4. Purposes and Legal Bases
| Purpose | Legal basis | Provision |
|---|---|---|
| Responding to demo, contact, or information requests. | Pre-contractual measures requested by the user, Art. 6(1)(b) GDPR. | Necessary to respond to the request. |
| Managing newsletter subscriptions and commercial updates. | Consent, Art. 6(1)(a) GDPR. | Optional and revocable at any time. |
| Adding demo leads to Fylle's lead management lists. | Legitimate interest in managing B2B requests, Art. 6(1)(f) GDPR. | Necessary for follow-up on the request. |
| Website analytics, campaign measurement, and remarketing. | Consent, Art. 6(1)(a) GDPR. | Optional, controlled through the cookie banner. |
| Security, abuse prevention, diagnostics, and service continuity. | Legitimate interest, Art. 6(1)(f) GDPR. | Automatic and necessary for site security. |
| Compliance with legal, tax, accounting, or authority requests. | Legal obligation, Art. 6(1)(c) GDPR. | Mandatory where applicable. |
5. Recipients and Service Providers
Fylle may share personal data with service providers, consultants, and authorities where needed for the purposes described above. Providers may act as processors, independent controllers, or joint controllers depending on the service and applicable terms.
| Provider | Service | Data processed | Location / transfer basis |
|---|---|---|---|
| Vercel Inc. | Hosting, deployment, serverless functions, delivery logs. | Technical logs, IP address, request metadata, form submissions processed by serverless functions. | USA / international transfers under applicable safeguards. |
| Brevo | Newsletter and lead list management. | Email, subscription status, demo lead information where applicable. | EU and international transfers under applicable safeguards. |
| Resend Inc. | Email delivery for demo requests and auto-replies. | Name, email, company, role, message, email metadata. | USA / international transfers under applicable safeguards. |
| Google Ireland Ltd / Google LLC | Google Tag Manager, Google Analytics, and campaign measurement. | Consent choices, page events, device data, analytics and advertising identifiers where enabled. | EU / USA under Data Privacy Framework and contractual safeguards where applicable. |
| Meta Platforms Ireland Ltd | Meta Pixel, conversion measurement, custom audiences, and remarketing. | Page events, browser identifiers, IP address, campaign and conversion signals where enabled. | EU / USA under Data Privacy Framework and contractual safeguards where applicable. |
The updated list of processors and providers can be requested by contacting Fylle at the email address above.
6. International Transfers
Some providers may process personal data outside the European Economic Area, including in the United States. Where required, transfers are based on adequacy decisions, the EU-US Data Privacy Framework, Standard Contractual Clauses, or other safeguards provided by GDPR Articles 45 and 46.
7. Retention
| Data / purpose | Retention period |
|---|---|
| Contact and demo requests | Up to 24 months after the last meaningful interaction, unless a business relationship starts or a longer period is required. |
| Newsletter subscriptions | Until consent is withdrawn or the address is unsubscribed. |
| Technical and security logs | For the time needed to ensure security, diagnostics, and service continuity. |
| Analytics data | According to the configured analytics retention settings and cookie duration. |
| Marketing and remarketing data | Until consent is withdrawn, or according to the relevant platform's cookie and audience retention settings. |
| Legal, tax, accounting records | For the period required by applicable law. |
8. Cookies and Tracking Technologies
Fylle uses a consent banner to manage optional analytics and advertising technologies. Essential storage is used to operate the site and remember privacy choices.
Essential storage
The site stores the user's consent choices in the browser's
localStorage under the key fylle_cookie_consent_v1. This
storage is necessary to remember whether analytics and marketing tags
have been accepted, rejected, or customized.
Analytics
With consent, Fylle may load Google Tag Manager and Google Analytics to understand aggregate website usage, page performance, traffic sources, and conversion events.
Advertising and remarketing
With consent, Fylle may load advertising and remarketing technologies,
including Meta Pixel and Google advertising tags, to measure campaigns,
create audiences, and understand conversions. The Meta Pixel ID used on
the site is 709818765259679.
Users can accept all optional technologies, reject them, or customize preferences through the banner. Preferences can be reopened at any time using the privacy button on the site.
Users may also manage cookies and storage through their browser settings. Disabling all storage may affect some website functions.
9. Data Subject Rights
Under GDPR Articles 15-22, data subjects may request access, rectification, erasure, restriction, portability, objection to certain processing, and withdrawal of consent where processing is based on consent.
Requests can be sent to contact@fylle.ai. Fylle will respond within the time limits provided by applicable law. Data subjects may also lodge a complaint with the Italian Data Protection Authority: www.garanteprivacy.it.
10. Updates
Fylle may update this policy to reflect changes in the website, legal requirements, or service providers. The latest version will be published on this page with the update date above.