← Back to Fill.md

Privacy Policy

Last updated: March 29, 2026

1. Introduction

Fill.md ("Fill," "we," "us," or "our") operates an agent-native advertising and cross-promotion network for web applications. This Privacy Policy describes how we collect, use, disclose, and protect information in connection with the Fill platform, including our API (api.fill.md), SDK (@fill-md/sdk), MCP server (@fill-md/mcp), website (fill.md), and dashboard.

By registering an app, integrating our SDK, or using any Fill service, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, do not use the Services.

2. Information We Collect

2.1 Publisher Account Information

When you register an app with Fill (via API or MCP tool), we collect:

• App name and URL
• Platform type (web, iOS, Android, React Native, Flutter)
• Email address (if provided, used for API key recovery)
• API key (generated by Fill, stored securely)

2.2 Ad Serving and Measurement Data

When ads are served through the Fill SDK, we collect:

• IP address (via Cloudflare CF-Connecting-IP header) for fraud detection and geographic targeting
• User-Agent string for bot detection and device classification
• HTTP Origin and Referer headers for domain verification
• Sec-Fetch-* headers for prefetch/prerender detection
• Impression events: timestamp, app ID, campaign ID, impression ID
• Click events: timestamp, app ID, campaign ID, impression ID
• Render events: timestamp, app ID, impression ID
• Light/dark mode preference (via CSS media query, client-side only)

2.3 What We Do NOT Collect

Fill does not collect:

• Personal data of end users (no names, emails, phone numbers, or account data from app visitors)
• Cookies or persistent identifiers (no cross-site tracking)
• Browser fingerprints
• Device advertising identifiers (IDFA, GAID)
• Location data beyond country-level (inferred from IP)
• Browsing history or activity outside the ad interaction
• Any data from users who do not interact with a Fill ad unit

3. How We Use Information

• Ad serving: Match ads to publisher apps, select campaigns, render creatives
• Measurement: Count impressions, clicks, and render events per IAB/MRC guidelines
• Fraud detection: Identify and filter invalid traffic (bots, data center IPs, click flooding) per IAB GIVT standards
• Credit accounting: Track earned and spent credits for publisher accounts
• Service improvement: Monitor network health, fill rates, and system performance
• Communications: Send API key recovery emails and service-critical notifications

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom:

• Legitimate interest (Article 6(1)(f)): Ad serving, measurement, and fraud detection are necessary for the legitimate operation of the advertising network. We have conducted a balancing test and determined that these interests do not override the privacy rights of data subjects, particularly because we do not engage in behavioral targeting, cross-site tracking, or profiling.
• Contract performance (Article 6(1)(b)): Processing publisher account data is necessary to perform the Fill service agreement.

5. Data Sharing

We do not sell, rent, or share personal data with third parties for their own marketing purposes.

We may share data with:

• Cloudflare: Our infrastructure provider. Cloudflare processes requests and provides security, CDN, and edge computing services. See Cloudflare's Privacy Policy.
• Resend: Our email delivery provider, used solely for API key recovery emails. See Resend's Privacy Policy.
• Law enforcement: If required by law, subpoena, or court order.

6. Data Retention

• Publisher account data: Retained for the life of the account plus 90 days after deletion request.
• Impression/click/render event logs: Retained in aggregated form (daily_stats) indefinitely for reporting. Individual credit_log entries retained for 12 months for audit and reconciliation.
• IP addresses: Retained in raw form for up to 30 days for fraud detection, then discarded or aggregated.

7. Data Security

All data is stored on Cloudflare's global network using D1 (SQLite at the edge). Data is encrypted in transit (TLS 1.3) and at rest. API keys are generated using cryptographically secure random number generation (128-bit entropy). Impression tokens are HMAC-SHA256 signed with a server-side secret.

8. Your Rights

8.1 All Users

• Access: Request a copy of data we hold about your app via hello@fill.md
• Deletion: Request deletion of your account and associated data
• Correction: Update your app information via the PATCH /apps/:appId API endpoint

8.2 EEA/UK Residents (GDPR)

In addition to the above, you have the right to:

• Object to processing based on legitimate interest
• Restrict processing
• Data portability
• Lodge a complaint with your local data protection authority

8.3 California Residents (CCPA/CPRA)

• We do not sell or share personal information as defined under CCPA/CPRA
• We do not use personal information for behavioral cross-context advertising
• We honor Global Privacy Control (GPC) signals
• You may request disclosure of the categories of information collected by contacting hello@fill.md

9. Children's Privacy

Fill is not directed to children under 13. We do not knowingly collect personal information from children. Publishers are solely responsible for COPPA compliance on their properties. If you believe we have collected data from a child, contact us immediately at hello@fill.md.

10. International Data Transfers

Fill is operated from the United States. Data processed through Cloudflare's edge network may be processed in multiple jurisdictions. For EEA/UK data, we rely on Cloudflare's Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework.

11. SDK Data Practices

The Fill SDK (@fill-md/sdk) embedded in publisher apps:

• Makes HTTP requests to api.fill.md to fetch ads and report events
• Uses IntersectionObserver API to measure viewability (client-side, no data sent until threshold met)
• Does not set cookies, localStorage, or any persistent client-side storage
• Does not access or read any data from the host application
• Does not communicate with any third-party servers other than api.fill.md
• Displays a "Privacy" link in the ad attribution leading to this policy

12. Changes to This Policy

We may update this policy. Material changes will be communicated via the email associated with your app registration (if provided) and posted on this page with an updated "Last updated" date. Continued use of the Services after changes constitutes acceptance.

13. Contact

For privacy inquiries, data requests, or complaints:

• Email: hello@fill.md
• Website: fill.md