Filterly LogoFilterly

Privacy Policy

Last updated: June 6, 2025

Welcome to Filterly

Filterly operates the website and SaaS platform accessible via [filterly.ai] (hereinafter referred to as the "Service").

This Privacy Policy governs your use of the Service and explains how we collect, use, safeguard, and disclose information that results from your use of our platform, including data from connected Gmail accounts, X (Twitter) messages, and user preferences.

By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used herein have the same meanings as in our Terms and Conditions.

Our Terms and Conditions ("Terms") govern all use of our Service and, together with this Privacy Policy, constitute the full agreement between you and us ("agreement").

Definitions

  • Service means the SaaS product and website accessible via [filterly.ai], operated by Filterly.
  • Personal Data means data about a living individual who can be identified from that data (or from those and other information either in our possession or likely to come into our possession).
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, diagnostic logs, time spent on certain pages, or feature usage).
  • Cookies are small files stored on your device (computer or mobile device) that may be used to improve functionality, remember user settings, or for analytics.
  • Data Controller means a natural or legal person who (alone, or jointly with others) determines the purposes and means of processing personal data. For purposes of this Privacy Policy, Filterly is the Data Controller of your personal data.
  • Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller.
  • Data Subject refers to any living individual who is the subject of Personal Data.
  • User refers to the individual using our Service. The User corresponds to the Data Subject, whose personal data is processed as part of the Service.

Information Collection and Use

We collect several types of information to provide and improve the Service. This includes:

  1. Account Information: data like name, email, password (hashed), third-party OAuth details.
  2. Connected Account Data: email/X (Twitter) messages, subject lines, metadata, attachments.
  3. User Preferences and Settings: filters, language, notification preferences.
  4. Usage Data: logs, browser/device info, interaction metrics.
  5. Payment Information: processed by third parties; Filterly stores no full card data.

How We Use Your Information

We use your information to:

  • Operate and improve the Service
  • Analyze emails and messages with AI (e.g., OpenAI)
  • Communicate with you (account info, alerts, marketing)
  • Manage payments and credits
  • Provide support
  • Comply with legal requirements
  • Detect and prevent fraud and abuse

Legal Basis for Processing (GDPR)

We process your Personal Data under the following legal bases:

  • Performance of a contract: To provide you with our Service or to fulfill a contract with you.
  • Consent: Where you have given us explicit consent to process your Personal Data for a specific purpose.
  • Legitimate interests: For our legitimate interests, such as improving our Service, unless these interests are overridden by your data protection interests or fundamental rights and freedoms.
  • Legal obligation: To comply with a legal obligation to which we are subject.

Use of Google Workspace APIs and AI/ML

  • Filterly uses Gmail data under the `gmail.readonly` scope exclusively to analyze and classify user messages for personal productivity purposes.
  • We do not use any data obtained from Google Workspace APIs to develop, improve, or train generalized machine learning (ML) or artificial intelligence (AI) models.
  • Data from Gmail is processed using third-party AI services (such as OpenAI or Google Gemini) only to provide personalized results for the user. This processing is limited to message scoring and classification, and the data is not used to train or improve any generalized or non-user-specific models.
  • We do not retain Gmail data for training, and we do not contribute user data to generalized datasets.
  • Users may request deletion of their data at any time by contacting support or via their account settings.

How We Share Your Information

We may share information with:

  • Cloud providers (e.g., AWS, Google Cloud)
  • AI processing partners (e.g., OpenAI)
  • Authentication providers (e.g., Google, X)
  • Payment processors (e.g., Stripe, PayPal)
  • Other contractors (e.g., email delivery, analytics)
  • Legal authorities (if required by law)
  • Business transfers (in case of acquisition/merger)
  • With your consent

Data Storage and Security

We implement a variety of security measures to maintain the safety of your personal information. These measures include:

  • SSL/TLS encryption for data in transit.
  • Data encryption at rest.
  • Strict access controls to our databases and systems.
  • Regular security testing and vulnerability scanning.
  • Limited human access to message content, primarily for support or troubleshooting with your explicit consent or as required by law.
  • Thorough vetting of third-party vendors for their security practices.

Data Retention

We retain your data for the following periods:

  • Account data: Retained as long as your account is active and for a reasonable period thereafter in case you decide to re-activate the Service.
  • Emails/Messages: Stored temporarily for the purpose of analysis and providing the Service features. You can control the retention period within your account settings for certain data.
  • AI data: Data sent to AI partners like OpenAI is processed according to their data usage policies. Typically, this data is not stored long-term by such partners (e.g., OpenAI's policy is often around 30 days for API data, but this can change and you should refer to their specific policies).
  • Usage logs: Stored for limited periods for analytics, security, and service improvement.
  • Backups: Data may be kept in encrypted backups and will be deleted according to our backup retention policies.
  • Legal requirements: We may retain certain information for longer periods if required by law, for dispute resolution, or to enforce our agreements. This may override your deletion requests for specific data.

Your Rights and Choices

Under applicable data protection laws, such as the GDPR, you have certain rights regarding your Personal Data. These may include the right to:

  • Access and portability: Request access to your Personal Data and ask for a copy of it in a portable format.
  • Correction: Request correction of inaccurate or incomplete Personal Data.
  • Deletion: Request deletion of your Personal Data, subject to certain exceptions (e.g., legal obligations).
  • Restriction of processing: Request that we restrict the processing of your Personal Data in certain circumstances.
  • Objection to processing: Object to our processing of your Personal Data based on legitimate interests or for direct marketing purposes.
  • Withdraw consent: Withdraw your consent at any time where we rely on consent to process your Personal Data.
  • Non-discrimination: Not be discriminated against for exercising your privacy rights.
  • File complaints: Lodge a complaint with a data protection authority if you believe your rights have been violated.

To exercise these rights, please contact us at the details provided below.

International Data Transfers

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located in the European Economic Area (EEA), please note that we transfer data, including Personal Data, to countries outside the EEA, such as the United States, for processing. We take steps to ensure that your data is treated securely and in accordance with this Privacy Policy. Protections for such transfers include:

  • Relying on Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Verifying if the recipient country has an adequacy decision from the European Commission.
  • Ensuring compliance with recognized privacy frameworks where applicable.
  • Implementing robust encryption and security agreements with third-party service providers.

Children's Privacy

Our Service does not address anyone under the age of 13 (or 16 in some regions, in accordance with local laws). We do not knowingly collect personally identifiable information from children. If we become aware that we have collected Personal Data from a child without verification of parental consent, we take steps to remove that information from our servers. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You will be notified via email and/or a prominent notice on our Service, prior to the change becoming effective. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Continued use of the Service after such changes constitutes your acceptance of the new Privacy Policy.

Contact Us

If you have any questions about this Privacy Policy, please contact us: