Privacy Policy

Last updated: February 20, 2026  ·  Version 1.0

This Privacy Policy explains what personal data Fillr collects, why we collect it, how we use it, and what rights you have over your data. We are committed to handling your information transparently and responsibly.

1. Who We Are

Fillr is a Chrome Extension and web application that helps students and job seekers autofill placement and academic application forms. We take data privacy seriously and are committed to complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) where relevant.

For questions about this policy, please contact us through the project's official channels.

2. What Data We Collect

We collect only the data you explicitly provide when using Fillr. We do not collect data passively or from third-party sources.

2.1 Account Data

FieldPurposeRequired?
Email addressAccount identification and loginYes
Password (hashed)Authentication — stored as bcrypt hash, never plaintextYes
Terms acceptance dateLegal compliance recordAutomatic

2.2 Profile Data (PII)

CategoryFields
PersonalFull name, phone number, date of birth, gender, permanent address, age
Academic10th / 12th / diploma / graduation / PG percentages, CGPA, backlog status, gap months
EducationCollege name, program, branch/stream, graduation batch
IDsUniversity/college ID, roll number
LinksGitHub profile URL, LinkedIn URL, portfolio URL
PlacementPreferred job position

All profile data is voluntarily submitted by you for the purpose of autofilling forms. You may leave fields empty at any time.

3. How We Use Your Data

We use your data strictly for the following purposes:

  • Autofill: Populate detected form fields in your browser with your stored profile data
  • Authentication: Verify your identity when you log in or make API requests
  • Account management: Allow you to view, edit, and delete your profile
  • Security: Detect and prevent unauthorized access
  • Legal compliance: Maintain records of terms acceptance as required by law

We do not sell, lease, or share your personal data with any third parties. We do not use your data for advertising.

4. Legal Basis for Processing

Under GDPR, we rely on the following legal bases:

  • Contractual necessity: Processing your profile data is necessary to deliver the autofill service you requested
  • Consent: You explicitly consent to our Terms and Privacy Policy at registration
  • Legitimate interest: Security logging and fraud prevention

5. Data Storage & Security

5.1 Where Data is Stored

Your data is stored in a MongoDB Atlas database hosted on secure cloud infrastructure. All connections use TLS encryption in transit.

5.2 Security Measures

  • Passwords are hashed using bcrypt (rounds: 10) — never stored in plaintext
  • API access is protected by JWT tokens with a 7-day expiry
  • All API endpoints are rate-limited to prevent brute-force attacks
  • Input validation prevents injection attacks (NoSQL injection, XSS)
  • The Chrome Extension stores your JWT in chrome.storage.local, which is not accessible to web pages

5.3 Retention

Your data is retained for as long as your account is active. When you delete your account, all associated data is permanently and irreversibly deleted from our database with no backup retention.

6. Chrome Extension & Browser Data

The Fillr Chrome Extension operates as follows:

  • Form scanning: The extension reads visible form fields on the current web page to detect labels and field types. It does not capture or transmit page content to our servers.
  • Token storage: Your JWT is stored in chrome.storage.local — isolated from web page JavaScript and not accessible to websites you visit.
  • API calls: Authenticated API calls are made through the background service worker, ensuring your token is never exposed to page scripts.
  • No tracking: The extension does not track your browsing history or behaviour.

7. Your Rights

You have the following rights regarding your personal data:

RightHow to Exercise
Right of Access (Art. 15)Use the GET /api/user/me endpoint or contact us
Right to Rectification (Art. 16)Edit your profile from the dashboard at any time
Right to Erasure (Art. 17)Delete your account from the dashboard — permanently removes all data
Right to Data Portability (Art. 20)Your profile data is available via the dashboard in structured form
Right to ObjectContact us — you may object to any processing not required for the core service

To exercise any of these rights, use the dashboard controls or contact us directly. We will respond within 30 days.

8. Cookies & Tracking

Fillr does not use cookies, analytics trackers, or third-party SDKs. We do not use Google Analytics, Facebook Pixel, or any similar tracking technology.

The web dashboard uses browser localStorage solely to store your authentication token for session persistence.

9. Third Parties

We use the following third-party services to operate Fillr:

  • MongoDB Atlas — Cloud database hosting (governed by their own privacy policy and DPA)
  • Render.com — Backend hosting and deployment
  • Google Fonts — Web fonts (loaded client-side; subject to Google's privacy policy)

We do not share your personal data with any of these providers beyond what is operationally necessary.

10. Children's Privacy

Fillr is not directed at children under the age of 16. We do not knowingly collect personal data from users under 16. If you believe a minor has registered an account, please contact us so we can delete the data promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the version number and date at the top of this page. Significant changes will be communicated to registered users via email.

Continued use of the Service after updates constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, or data rights requests, please contact the Fillr team through the project's official GitHub repository or any other official communication channel listed there.