1. Controller
The controller responsible for Filera’s website, account administration, and our own business operations is:
Dominik Sebald
Schellingstraße 109a
80798 München
Germany
Email: Email protected
2. Scope and roles
This policy covers the public Filera website and the invite-only Filera application. For account, security, support, and contractual data, the provider named above acts as controller.
For documents, source-system data, and recipient information uploaded or connected by a customer organization, that organization generally determines the purposes and means of processing and therefore acts as controller. Filera processes that data on its instructions as a processor under Article 28 GDPR. A separate data processing agreement applies where required. Requests concerning document content should normally be directed to the organization that provided or controls it.
3. Visiting the website
When you load a page, our hosting provider processes technical request data needed to deliver and protect the service.
- Data may include IP address, request time, requested URL, referrer, browser, operating system, response status, and security signals.
- Purpose: page delivery, abuse prevention, troubleshooting, and service security.
- Legal basis: our legitimate interest in a secure and reliable service under Article 6(1)(f) GDPR.
- Technical logs are retained only for the operational and security periods configured with the relevant provider.
Filera uses Vercel Speed Insights to measure real-world loading performance. It does not use advertising cookies, social tracking pixels, or cross-site profiling.
4. Accounts and passwordless sign-in
Filera is invite-only. To create and operate an account we process your email address, user identifier, organization membership, role, account preferences, authentication events, and—if supplied—your name and profile image. Sign-in codes are delivered by email through Resend.
A strictly necessary, HTTP-only session cookie keeps you signed in and identifies the selected organization. It is not used for advertising or analytics. The legal basis is performance of the user or customer relationship under Article 6(1)(b) GDPR and our legitimate interest in secure access control under Article 6(1)(f) GDPR.
5. Using the document platform
Depending on how your organization configures Filera, we process source files, thumbnails, full text, extracted fields, classifications, tags, filenames, counterparties, amounts, dates, deadlines, embeddings, review decisions, audit events, comments, and delivery status.
Documents can arrive through direct upload, email, submission links, Gmail, Google Drive, Telegram, cloud intake, or authenticated webhooks. Processing is performed to capture, classify, extract, review, file, search, retrieve, remind, and deliver documents according to the customer organization’s instructions.
6. AI analysis and OCR
Filera sends document content required for analysis and embeddings directly to Google Vertex AI Gemini in the EU region europe-west3. Google’s enterprise terms prohibit training the model on customer data. There is no AI Gateway intermediary in this processing path.
For poor scans, and only when configured, Filera may use Mistral OCR as an EU-hosted fallback before repeating analysis with the extracted text. AI-generated classifications and fields can be inaccurate. Filera is review-first by default, and customer organizations remain responsible for deciding when a document is approved or otherwise relied upon.
7. Storage and security
Structured data and the searchable index are stored in managed PostgreSQL. Source files and thumbnails are stored in private Vercel Blob storage. Files are delivered only through authenticated, organization-scoped or share-token-scoped application routes; stored Blob URLs are not public download links.
OAuth tokens and outbound webhook secrets are encrypted at rest with AES-256-GCM. Filera-issued access and refresh credentials are stored hash-only. Access checks use live organization memberships, scoped roles, and revocable capabilities. These measures reduce risk but cannot make any internet service absolutely secure.
8. Integrations and notifications
If your organization enables an integration, the data needed for that integration is exchanged with the selected provider:
- Resend receives email addresses, login messages, notifications, and inbound email data.
- Google receives OAuth and API requests for Gmail or Google Drive connections selected by the organization.
- Telegram receives bot messages, files, chat identifiers, and delivery metadata when Telegram is connected.
- Customer-configured webhook recipients receive the approved payload defined by that integration.
Connection credentials are retained until the integration is disconnected or the organization removes them, subject to backup and legal retention periods.
9. Service providers
Filera uses providers that process data on our instructions under appropriate contractual safeguards:
- Vercel — hosting, functions, queues, private Blob, and observability.
- Neon — managed PostgreSQL database infrastructure.
- Google Cloud — Vertex AI analysis and embeddings in the EU region.
- Mistral AI — optional EU-hosted OCR fallback for poor scans.
- Resend — transactional, inbound, and notification email.
- Upstash — short-lived rate-limit counters when configured.
- Google APIs and Telegram — only when the corresponding customer integration is enabled.
10. International transfers
AI processing is region-pinned as described above. Some service providers are headquartered outside the EEA or may process limited support, account, or telemetry data there. Where personal data is transferred outside the EEA, we rely on an adequacy decision or appropriate safeguards such as the European Commission’s Standard Contractual Clauses, together with technical and organizational measures.
11. Retention
Account and membership data is kept while the account or customer relationship is active and for any legally required follow-up period. Integration credentials are removed when disconnected, subject to backups. Security and delivery logs are retained only as long as needed for troubleshooting, abuse prevention, and legal obligations.
Customer documents follow the organization’s configured retention policies, deletion actions, contractual instructions, and any legal hold. Audit records may be retained longer where they are required to demonstrate security, approval, or compliance events.
12. Your rights
Subject to the statutory conditions, you may request access, rectification, erasure, restriction, portability, or object to processing based on legitimate interests. You may withdraw consent at any time with effect for the future. Contact Email protected to exercise rights concerning processing for which we are controller.
You also have the right to lodge a complaint with a supervisory authority. The authority responsible for the provider is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
13. Changes to this policy
We may update this policy when the service, providers, or legal requirements change. The version and date published on this page apply.