ClickMaker IT Solutions ("we", "our", "us") operates the FlowFill AI Chrome extension and associated backend services. This Privacy Policy explains how we collect, use, and protect your information when you use our services.
FlowFill AI is a Chrome extension that uses artificial intelligence to automatically detect and fill web form fields. This policy covers all data handling associated with that functionality — including screenshots, form data, account information, and payment data.
By installing and using FlowFill AI, you agree to the practices described in this policy. If you do not agree, please uninstall the extension and discontinue use of our services.
FlowFill AI requests the following Chrome permissions. Each permission is used only for its stated purpose:
- storage — Saves your settings (country, persona, custom field rules) and credit balance locally on your device using Chrome's storage API. No data is sent to our servers from this permission alone.
- scripting — Injects a script into the active web page to detect and fill form fields. The script runs only when you trigger a fill action.
- activeTab — Grants temporary access to the currently active tab when you interact with the extension (click Fill, Capture & Fill, or Snip & Fill). The extension does not access tabs passively.
- contextMenus — Adds a "Fill Form" right-click menu option on pages so you can trigger fills without opening the popup.
- identity — Used to complete the sign-in redirect flow with Logto authentication. This generates the OAuth callback URL only — no identity data is read from your Google account.
🔒 FlowFill AI does not request broad host permissions, browsing history, cookies, bookmarks, or clipboard access beyond what is listed above.
When you use Capture & Fill or Snip & Fill, the extension captures a screenshot of the current page (or a selected region). This screenshot is:
- Compressed and resized on your device before transmission.
- Sent to our backend server over HTTPS for AI analysis only.
- Forwarded to Google Gemini AI to identify form fields and generate fill values.
- Deleted immediately after the AI response is received — we do not store, cache, or retain screenshots on our servers.
When you use Fill Form, no screenshot is taken. A text description of detected form fields on the page is sent to our backend for AI processing. This field metadata is also not retained after the response is returned.
⚠️ Important: Do not use the AI fill features on pages containing sensitive personal information such as banking credentials, medical records, passwords, or private documents. Screenshots are temporarily processed by Google Gemini AI and subject to Google's data handling policies.
We collect only the information necessary to operate the service:
- Account Information: Email address and display name provided during sign-up via Logto authentication.
- Credit & Usage Data: Number of AI fills performed, credits consumed per request (token count), credits purchased, and timestamps. No page content or form values are stored.
- Payment Information: Razorpay order IDs and transaction references only. We do not store card numbers, UPI IDs, CVVs, or bank credentials — these are processed exclusively by Razorpay.
- Extension Key: A static identifier ("form-filler-ai") sent with API requests to validate that requests originate from the FlowFill AI extension.
- Error Logs: Anonymous error messages and stack traces for debugging. These do not include page content or user data.
✅ We never sell your personal data. We never store raw payment credentials. We never retain screenshots or form page content.
- To authenticate your identity and maintain your signed-in session.
- To track and manage your AI credit balance.
- To process one-time credit purchases via Razorpay.
- To send transactional communications (e.g., payment confirmation emails).
- To bill accurately based on AI token usage from Google Gemini.
- To detect and prevent fraud, abuse, or unauthorised API access.
- To improve extension reliability and fix bugs using anonymised error data.
We share limited data with the following trusted third-party services strictly as required to operate:
- Google Gemini AI: Screenshots and form field text are temporarily sent to Gemini for analysis. Subject to Google's Privacy Policy.
- Razorpay: Handles payment processing. Subject to Razorpay's Privacy Policy.
- Logto: Provides identity and OAuth authentication. Your credentials are managed by Logto's secure infrastructure.
We do not share your data with advertisers, data brokers, or any unauthorised third parties.
We retain your account and usage data for as long as your account remains active. If you request account deletion, your personal data will be removed within 30 days, except where retention is required by law or for fraud prevention.
Payment transaction records may be retained for up to 7 years as required by Indian financial regulations (GST and IT Act).
Screenshots and AI request payloads are never stored — they exist only transiently in memory during AI processing.
You have the following rights regarding your personal data:
- Right to access the personal data we hold about you.
- Right to correct inaccurate or incomplete data.
- Right to request deletion of your account and associated data.
- Right to withdraw consent at any time by uninstalling the extension.
- Right to data portability — request an export of your account data.
To exercise any of these rights, contact us at privacy@clickmaker.in.
We implement industry-standard security measures including TLS/HTTPS encryption for all data in transit, JWT-based authentication validated against Logto's JWKS endpoint, HMAC-SHA256 payment webhook verification, atomic database operations to prevent race conditions, and strict server-side rate limiting. Our Gemini API key is stored only on the server and is never exposed to clients.
No system is 100% secure. We cannot guarantee absolute security, but we take all commercially reasonable steps to protect your data.
FlowFill AI is not directed at children under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it immediately.
We may update this Privacy Policy from time to time. Any changes will be posted at this URL with an updated "Last updated" date. Continued use of the extension after changes constitutes acceptance of the updated policy.
FlowFill AI generates random, fictitious data — including phone numbers, names, email addresses, and other personal-looking values — solely for the purpose of auto-filling web forms during testing or demonstration. This data is entirely synthetic and not based on any real individual.
With respect to phone numbers specifically:
- We do not verify, own, or claim any rights over the phone numbers generated.
- A randomly generated number may coincidentally match a real phone number belonging to a third party. We make no representation that generated numbers are safe, unassigned, or free from conflict.
- You are solely responsible for how you use any phone number inserted by the extension into a form. Do not use generated phone numbers for real registrations, OTP verification, or any purpose that may affect a real person.
⚠️ Use at your own risk. FlowFill AI and ClickMaker IT Solutions accept no liability for any consequences arising from the use of randomly generated phone numbers or other synthetic data filled into third-party forms.
If you have questions about this Privacy Policy or your personal data, please contact: