Privacy Policy
Last updated: 13 June 2026
Protecting your personal data matters to us. This policy explains how we process personal data when you use Filento. The German version is authoritative.
1. Controller
Senura AI GbR, Leitenstraße 2, 92521 Schwarzenfeld, Germany
Email: support@filento.de
2. Hosting
Our application runs in data centres within the European Union. All transmission is TLS-encrypted.
3. Server log files
When you access our website, the server automatically collects information that your browser transmits and that is technically required to display the site and ensure its stability and security. The legal basis is our legitimate interest in secure, fault-free operation (Art. 6(1)(f) GDPR). This includes in particular:
- IP address of the requesting device
- date and time of access
- name and URL of the file/page accessed
- amount of data transferred and notification of successful retrieval
- browser type and operating system used
- the previously visited page (referrer), if transmitted
4. Data we process
- Account data: email address (for registration, login and account management).
- Uploaded documents: When using the direct mode ("instant filling"), your uploaded source documents are processed only transiently (in memory) for extraction and form filling and are not stored permanently; only the paid result document you generate is stored so you can download it again. When using the automation / upload-link feature (submitting documents to an operator), the uploaded documents and the filled result are stored in our database so the operator can review them; the uploaded source documents are deleted once the operator approves the submission.
- Payment data: handled by Stripe; we do not store full payment details.
- Usage/log data: technically required (e.g. to enforce usage and request limits).
5. Purposes and legal bases
Processing is based on contract performance (Art. 6(1)(b) GDPR), legal obligations (lit. c), our legitimate interest in secure, abuse-free operation (lit. f) and, where required, consent (lit. a).
6. Recipients / processors
- Anthropic (Claude API): AI-based detection, extraction and form filling. Content may be transferred to a third country (USA), safeguarded by EU Standard Contractual Clauses (SCC). Transferred data is not used to train the models per contractual assurances.
- Supabase (Supabase Inc., USA; data hosted in an EU data centre – Frankfurt): authentication and database (account/billing data). Any access from a third country (USA) is safeguarded by EU Standard Contractual Clauses (SCC).
- Stripe (Stripe Payments Europe, Ltd., Ireland): payment processing and storage of the payment method for recurring payments/subscriptions. Stripe processes certain payment and fraud-prevention data as an independent controller; any transfers to the USA are safeguarded by the EU-US Data Privacy Framework or EU Standard Contractual Clauses (SCC).
- Google (Firebase Cloud Messaging): push notification delivery in the mobile app (only when enabled; third-country transfer USA, EU-US Data Privacy Framework or SCC).
- All-Inkl / KAS (ALL-INKL.COM – Neue Medien Münnich GmbH, Germany): transactional email delivery (e.g. notifications, confirmations) via SMTP; servers within the EU/Germany.
- Twilio (Twilio Inc., USA): sending the SMS confirmation during newsletter sign-up (only when SMS verification is enabled). Third-country transfer USA, safeguarded by the EU-US Data Privacy Framework or EU Standard Contractual Clauses (SCC).
- Google (Google Ireland Ltd.): authentication via "Sign in with Google" (OAuth), if you use this login option.
- Hostinger (Hostinger International Ltd.): application hosting on a dedicated server (VPS) in a data centre within the EU (Germany, Frankfurt).
- HighLevel (HighLevel Inc., "GoHighLevel" / "LeadConnector"): CRM and email-marketing platform for our newsletter and contact management. Only data of persons who have explicitly opted in to the newsletter (double opt-in) is transferred. In addition, we operate a LeadConnector/HighLevel support chat on our website: it is loaded only after your active consent (cookie banner); when the chat is loaded and used, data such as your IP address and the content you enter in the chat (e.g. name, email address, message) is transmitted to and processed by HighLevel. Third-country transfer USA, safeguarded by the EU-US Data Privacy Framework or EU Standard Contractual Clauses (SCC). You can withdraw your consent at any time with future effect ("Cookie settings" button).
7. Newsletter and SMS verification
If you subscribe to our newsletter, we process the data you provide (in particular your email address and, where applicable, your mobile number) solely to send the newsletter. The legal basis is your consent (Art. 6(1)(a) GDPR).
Sign-up uses a double opt-in procedure: after registering you receive a confirmation request and are only added to the list once you confirm. Where SMS verification is enabled, we additionally transmit your mobile number to our processor Twilio in order to send you a confirmation code by SMS.
You can unsubscribe and withdraw your consent at any time with future effect — e.g. via the unsubscribe link in every newsletter email or by message to support@filento.de. After you unsubscribe, the data stored for the newsletter is deleted unless statutory retention obligations apply; we retain proof of your consent to meet our accountability obligation (Art. 5(2) GDPR).
Sending and contact management are handled by our processor HighLevel (see section "6. Recipients / processors").
8. International data transfers
Where we transfer data to service providers outside the EU/EEA — in particular to the USA — we rely on one of the following mechanisms: if the recipient is certified under the EU-US Data Privacy Framework (DPF), the transfer is based on the European Commission's adequacy decision of 10 July 2023 (Art. 45 GDPR); if the recipient is not certified, the transfer is based on the EU Standard Contractual Clauses (SCC, Art. 46(2)(c) GDPR), supplemented by appropriate additional safeguards. Which mechanism applies to a given recipient follows from section "6. Recipients / processors".
9. AI transparency
Filento uses AI systems (Anthropic's Claude) to read your source documents and fill forms automatically. Generated content is AI-produced and may contain errors. Please review results for accuracy before use. No automated decision with legal effect within the meaning of Art. 22 GDPR takes place.
10. Cookies and consent
We use strictly necessary cookies required for login and session maintenance. These are essential for operating the application and do not require consent. We do not use tracking or analytics cookies.
In addition, we embed a third-party support chat (LeadConnector/HighLevel, USA). This service is only loaded after your active consent via our cookie banner (opt-in pursuant to § 25(1) TDDDG, Art. 6(1)(a) GDPR). Without your consent, no such script is loaded and no data is transmitted to the provider. We store your consent locally in your browser so the banner does not reappear on every visit. You can withdraw your consent at any time with future effect via the "Cookie settings" button.
11. Your rights
- Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), withdrawal of consent, and the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
12. Contact
For privacy enquiries: support@filento.de