Fylio
Register

Privacy Policy

Effective Date: February 8, 2026
Last Updated: February 8, 2026

This Privacy Policy explains how Individual Entrepreneur Shabashov Dmitry Viktorovich (OGRNIP: 325632700075291, INN: 632313025242) (“we,” “us,” or “Company”) collects, uses, and protects your personal information when you use Fylio at fylio.com (“Service”).

We are committed to protecting your privacy and handling your data transparently. Please read this policy carefully.

1. Who We Are

Fylio is operated by Individual Entrepreneur Shabashov Dmitry Viktorovich (OGRNIP: 325632700075291, INN: 632313025242). For the purposes of data protection laws, we are the data controller responsible for your personal information.

Contact for privacy inquiries:
Email: privacy@fylio.com
Address: Russia

2. Information We Collect

2.1. Information You Provide

  • Account information: email address, username, and password
  • Profile information: display name, avatar, and other optional details
  • Payment information: billing details processed through Stripe, YooKassa, or cryptocurrency payment providers (we do not store full payment card numbers)
  • Support communications: messages you send to our support team
  • Files you upload: stored on our servers to provide the Service

2.2. Information Collected Automatically

  • Device information: browser type, operating system, screen resolution, and device identifiers
  • Network information: IP address, approximate geolocation derived from IP
  • Usage data: pages visited, features used, download and upload activity, timestamps
  • Cookies and similar technologies: see Section 8 below

2.3. Information from Third Parties

  • Payment providers: transaction confirmation and billing status from Stripe, YooKassa
  • IP intelligence services: fraud risk data and proxy/VPN detection (e.g., MaxMind)
  • Analytics providers: aggregated usage insights

3. How We Use Your Information

We use your information for the following purposes:

  • Providing the Service: storing and delivering your files, managing your account, processing payments
  • Security and fraud prevention: detecting multi-account abuse, bot traffic, fraudulent downloads, and unauthorized access; device fingerprinting for anti-fraud purposes
  • Communication: sending service notifications, security alerts, and (with your consent) marketing updates
  • Improvement: analyzing usage patterns to improve features, performance, and user experience
  • Legal compliance: fulfilling legal obligations, responding to lawful requests, and enforcing our Terms of Service

4. Legal Basis for Processing (EEA/UK Users)

If you are in the European Economic Area or the United Kingdom, we process your data based on:

  • Contract performance: processing necessary to provide the Service you signed up for (account management, file storage, payments)
  • Legitimate interests: fraud prevention, security, service improvement, and analytics, where these interests do not override your rights
  • Legal obligation: compliance with applicable laws
  • Consent: for marketing communications and non-essential cookies — you can withdraw consent at any time

5. How We Share Your Information

We do not sell your personal information. We share data only in these situations:

  • Service providers: payment processors (Stripe, YooKassa), email delivery (Resend), customer support platform (Chatwoot), CDN providers, IP intelligence services (MaxMind) — all bound by data processing agreements
  • Legal requirements: when required by law, court order, or governmental authority
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to you
  • With your consent: when you explicitly authorize sharing

6. Where We Store Your Data

Your data is stored on servers located in Eastern Europe, with CDN nodes in Russia and CIS countries for optimized delivery. By using the Service, you consent to the transfer and processing of your data in these locations.

For users in the EEA/UK, we ensure that any data transfers outside of the EEA are protected by appropriate safeguards, such as Standard Contractual Clauses or equivalent mechanisms.

7. How Long We Keep Your Data

  • Account data: retained for as long as your account is active, plus up to 30 days after deletion for backup and recovery purposes
  • Files: removed promptly upon your deletion or account termination
  • Payment records: retained for 5 years as required for tax and accounting purposes
  • Logs and analytics: aggregated data retained for up to 24 months; raw logs deleted after 90 days
  • Support conversations: retained for 12 months after resolution

8. Cookies & Tracking Technologies

8.1. What We Use

Cookie TypePurposeDuration
EssentialAuthentication, security, preferencesSession / 1 year
AnalyticsUnderstanding usage patterns, performance monitoringUp to 24 months
FunctionalLanguage preferences, theme settings1 year

8.2. Third-Party Cookies

Our advertising partners may place cookies on file download pages to serve relevant ads. These cookies are subject to the respective partners' privacy policies.

8.3. Managing Cookies

You can manage cookie preferences through our cookie banner displayed on your first visit. You can also disable cookies in your browser settings, though this may affect Service functionality. Essential cookies cannot be disabled as they are required for the Service to function.

9. Your Rights

9.1. For All Users

  • Access: request a copy of the data we hold about you
  • Correction: update inaccurate or incomplete data
  • Deletion: request deletion of your account and associated data
  • Portability: receive your data in a machine-readable format

9.2. Additional Rights for EEA/UK Users (GDPR)

  • Restriction: request that we limit how we process your data
  • Objection: object to processing based on legitimate interests
  • Withdraw consent: where processing is based on consent, withdraw it at any time
  • Complaint: file a complaint with your local data protection authority

9.3. Additional Rights for California Users (CCPA)

  • Know: request information about the categories and specific pieces of personal data collected
  • Delete: request deletion of personal data
  • Non-discrimination: we will not discriminate against you for exercising your rights
  • Opt-out of sale: we do not sell personal information, but you may submit an opt-out request at any time

To exercise any of these rights, contact us at privacy@fylio.com. We will respond within 30 days (or within the legally required timeframe for your jurisdiction).

10. Children's Privacy

Fylio is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe a child under 16 has created an account, please contact us at privacy@fylio.com and we will promptly delete the account and associated data.

11. Security

We implement industry-standard security measures to protect your data, including encrypted connections (TLS/SSL), secure credential storage, and access controls. However, no system is completely secure, and we cannot guarantee the absolute security of your data.

If you discover a security vulnerability, please report it to security@fylio.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through the Service or by email. The “Last Updated” date at the top of this page reflects the most recent revision.

13. Contact Us

For any privacy-related questions or to exercise your data rights:

Individual Entrepreneur Shabashov Dmitry Viktorovich
OGRNIP: 325632700075291, INN: 632313025242

Email: privacy@fylio.com
General support: support@fylio.com