F
Fyll
Legal

Privacy Policy

Last updated: April 2026

This Privacy Policy explains what data Fyll collects, how we use it, and the rights you have over it. We're based in Stockholm, Sweden and operate under the EU General Data Protection Regulation (GDPR).

1. What we collect

We collect only what we need to run the Service:

  • Account data — name, email, password hash, and the organization you belong to.
  • Pantry data — items, statuses, shopping lists, scenarios, and notes you add to Fyll.
  • Receipts — photos you upload and the item data we extract from them using AI.
  • Location — approximate location, only when you use the nearby-deals feature, so we can show the closest stores.
  • Usage data — basic analytics (device type, app version, crash reports) so we can fix bugs and improve the app.

2. How we use it

We use your data to:

  • Provide and operate the Service;
  • Parse receipts and generate smart suggestions (processed by trusted AI providers under strict data agreements);
  • Show nearby deals relevant to your location;
  • Send essential account and service notifications;
  • Improve the app, investigate bugs, and prevent abuse.

We do not sell your data, and we do not use your content to train third-party AI models.

3. Legal basis (GDPR)

We process your data under the following legal bases: performance of a contract (running the Service you signed up for), legitimate interest (improving the app, preventing fraud), your consent (for location and optional features), and legal obligation where required.

4. Who we share data with

We share data only with service providers that help us run Fyll, and only to the extent they need it:

  • Cloud hosting — AWS (EU region) for storing receipts and app data.
  • AI providers — OpenAI and similar, for parsing receipts and generating suggestions.
  • Payments — Stripe and Swish, only if you use optional payment features.
  • Analytics — privacy-respecting providers for crash and usage reporting.

We don't share your data with advertisers, and we don't share it for marketing purposes.

5. Retention

We keep your data for as long as your account is active. When you delete your account, we delete your personal data within 30 days, except for records we're legally required to retain (for example, accounting records). Anonymous usage statistics may be retained longer.

6. Your rights

Under GDPR, you have the right to:

  • Access the data we hold about you;
  • Correct inaccurate data;
  • Delete your data (“right to be forgotten”);
  • Export your data in a portable format;
  • Object to or restrict certain processing;
  • Withdraw consent at any time;
  • Lodge a complaint with your local supervisory authority (in Sweden, that's IMY).

You can exercise most of these rights directly from the app, or by emailing us.

7. Security

We protect your data with encryption in transit and at rest, hashed passwords, and access controls. No system is perfectly secure, but we take our responsibility seriously and will notify you promptly in the unlikely event of a breach affecting your data.

8. Children

Fyll is intended for use by adults, whether in a household or workplace setting. We do not knowingly collect data from children under 16.

9. Changes to this policy

We'll update this policy as the Service evolves. If changes are material, we'll notify you through the app or by email before they take effect.

10. Contact

For any questions about your data or this policy, email us at privacy@fyll.app.