Privacy & Security

Complete privacy documentation and security practices for FillKit.

This page explains how FillKit handles your data, what information is sent to our servers, and how we protect your privacy.

Privacy Guarantee

FillKit never sends your HTML source code, form structure, prefilled field values, or any personally identifiable information (PII) to our servers. All form scanning and field detection happen entirely in your browser—your sensitive data stays on your machine.

Privacy-First Design

Unlike traditional form-filling tools that upload your forms to analyze them, FillKit processes everything locally. Your sensitive application code and user data never leave your machine.

Local Processing: All form scanning, field detection, and data generation happens in your browser. Zero data transmission required.
No Tracking: We don't track which forms you fill, which pages you visit, or what data you generate. Your development workflow remains completely private.

What We Don't Send to Our Servers

HTML Source Code: We never send your page HTML or DOM structure to our servers.
Form Field Values: Any data already in your forms (prefilled values) or data filled by FillKit stays on your machine. We never send field values to our servers.
User Credentials: Passwords, API keys, tokens, or any sensitive data never leave your browser.
Application Logic: Your business logic, validation rules, and application behavior stay private.

Cloud Provider Privacy

When using the Cloud Provider for AI-generated datasets, we only use semantic field types—never your actual form structure.

1. Local Detection:

FillKit scans your forms locally and identifies field types (email, phone, address, etc.).

2. Type-Only Sync:

Only the field types are sent to generate appropriate datasets. For example: "email", "phone", "company_name".

3. Data Generation:

Our AI generates realistic data for those types and sends it back to your SDK, where it's cached locally.

4. Offline Usage:

Once synced, you can use the datasets completely offline. No further server communication required.

Example: We know you have an "email" field, but we never see that it's called "user_email" or where it appears in your form.

Data Storage

Local Storage

FillKit stores minimal data in your browser's local storage:

• Configuration preferences
• Cached Cloud datasets (if using Cloud Provider)
• UI widget position preferences

All stored data can be cleared by clearing your browser's local storage or uninstalling the extension.

Server Storage

On our servers, we only store:

• Your account information (email, name)
• Project configurations and API keys
• AI-generated datasets you create
• Basic usage metrics (optional, opt-out available)

We do NOT store: Your HTML, form structures, or any filled data.

Security Measures

Encrypted Transport: All communication with our Cloud Provider uses TLS 1.3+ encryption. Your API keys are transmitted securely.
API Key Security: API keys are project-scoped and can be revoked instantly. Use separate keys for development and production environments.
No Real PII: All generated data is synthetic and intended for testing only. We never use or generate real personally identifiable information.

Local vs Cloud

How It Works