Fylio Logo

Fylio Data Policy

Effective Date: May 9, 2025
1. Introduction

We ("Fylio", "we", "us") respect your privacy and are committed to protecting your personal data. This Data Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Data We Collect
  • Account Information: name, email, password hash.
  • Organization Data: organization name, admin email, subscription status.
  • User Content: documents, files, metadata (titles, labels, descriptions).
  • Usage Data: IP address, device information, timestamps, audit logs.
3. How We Use Your Data
  • Provide & maintain the Service.
  • Authenticate and authorize users.
  • Process payments (via Gumroad) and manage subscriptions.
  • Store & serve your documents.
  • Send transactional emails (verification, password resets).
  • Monitor usage to enforce storage limits and detect abuse.
4. Legal Basis (GDPR)

If you are in the EU, we process your data under these legal bases:

  • Contract: to perform our agreement (Terms of Service).
  • Legitimate interests: to secure our Service and prevent abuse.
  • Consent: where required (e.g. marketing emails).
5. Data Sharing & Disclosure

We share data only with:

  • Service providers: Gumroad (payments), SMTP provider (emails), hosting.
  • Legal obligations: comply with law enforcement or court orders.
  • No sale of your personal data to third parties.
6. Retention

We retain account and org data as long as your account exists or as required by law. You may delete your account and data at any time; residual backups may persist for up to 30 days.

7. Security

Security Measures: We use industry-standard measures (TLS, hashed passwords) to protect your data. However, no system can be 100% secure—use strong passwords and keep them private.

8. Your Rights

You have rights under GDPR and other privacy laws:

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate data.
  • Erasure: delete your data ("right to be forgotten").
  • Restriction or Objection to processing in certain cases.
  • Data portability: receive your data in a structured format.

To exercise these rights, email us at support@diamsystems.co.uk.

9. Children's Data

Our Service is not intended for children under 18. We do not knowingly collect data from minors.

10. International Transfers

Your data may be stored or processed outside your country. We take appropriate safeguards to ensure protection.

11. Changes to This Policy

We may update this Data Policy. We'll revise the "Effective Date" and notify via email or in-app.

12. Contact

Questions or requests? Email us at support@diamsystems.co.uk.